Member Avatar for Gtrtech

I got the same virus on one of the workstations. I did the antivirus thing got rid of what I thought was all but now the only problem is right after you log in (I tried safe mode too) it logs you off. tried doing a windows repair but no luck. any one have a clue what to do now?
Thanks

  • 4 Contributors
  • 10 Replies
  • 219 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by Gtrtech

Recommended Answers

All 10 Replies

Member Avatar for jholland1964

I got the same virus on one of the workstations. I did the antivirus thing got rid of what I thought was all but now the only problem is right after you log in (I tried safe mode too) it logs you off. tried doing a windows repair but no luck. any one have a clue what to do now?
Thanks

What "same virus"? Are you referring to another thread or something? We have no way of knowing what you are talking about unless you explain it a little better.
What virus, what "antivirus thing" did you do?
Can we see some logs and get more info?

Member Avatar for Gtrtech

What "same virus"? Are you referring to another thread or something? We have no way of knowing what you are talking about unless you explain it a little better.
What virus, what "antivirus thing" did you do?
Can we see some logs and get more info?

Ya, I was moved. It made cense before that.
http://www.daniweb.com/forums/showthread.php?t=166767&highlight=ntdll64.dll

Sorry about that. My problem is one of my workstations picked up the fake antivirus trojan. got rid of most of it with bitdefender all except 1 file.
Here is the scan report

BitDefender Online Scanner

Scan report generated at: Fri, Jan 16, 2009 - 08:49:22


Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
01:05:10

Files
135084

Folders
3254

Boot Sectors
0

Archives
5201

Packed Files
8097


Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4


Engines Info

Virus Definitions
2464262

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
Status

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Infected with: Gen:Trojan.Heur.564E44

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Disinfection failed

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Deleted

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Infected with: Gen:Trojan.Heur.564E44

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Disinfection failed

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Delete failed

C:\System Volume Information\_restore{013AE10D-5266-4DF2-A47A-7139BD847D60}\RP255\A0191809.exe
Infected with: Trojan.Generic.1320876

C:\System Volume Information\_restore{013AE10D-5266-4DF2-A47A-7139BD847D60}\RP255\A0191809.exe
Deleted

C:\WINDOWS\system32\config\systemprofile\.exe
Infected with: Trojan.Generic.1320876

C:\WINDOWS\system32\config\systemprofile\.exe
Deleted

C:\WINDOWS\Temp\BN11F.tmp
Infected with: Trojan.Dropper.Kobcka.Gen.1

C:\WINDOWS\Temp\BN11F.tmp
Deleted

Couln't git rid of the ntdll64.dll so I then ran Malwarebytes' Anti-Malware. it found 20 Infected Files. after getting rid of them it had to reboot to finish and thats when I started having the log problems.
Thanks

Member Avatar for crunchie

Can you boot into safe mode and do a system restore?

Member Avatar for Gtrtech

Tried That. still keeps logging me off.

Member Avatar for crunchie

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

Member Avatar for Gtrtech

Thanks crunchie, Problem is I can't even get into it to run a scan. it kept logging me off. I think one of the files that was infected was a sys file so I started a wipe of the OS and will be doing a clean install. Luckely one of my policies is that everyone do a backup of thier workstaion weekly and all job related files are saved on the server so I'm not losing to much by this.
Thanks for your help.

Member Avatar for Comodore

If you couldn't get in, how did you manage the bitdefender scan in the first place?

One thing you might try is removing the hard drive from your computer (if its a desktop?), hooking it up to another computer, and scanning it from there.

You can also try the UBCD (www.ubcd4win.com), boot your computer from the special CD you create, and run scans from it instead. It has helped me in the past a lot.

Cheers!

--The Comodore

Member Avatar for Gtrtech

I ran the scan prior to it getiing the issues of logging out. I had the log saved. Thanks for the link. It'll come in handy when this comes up again.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.