0

I got the same virus on one of the workstations. I did the antivirus thing got rid of what I thought was all but now the only problem is right after you log in (I tried safe mode too) it logs you off. tried doing a windows repair but no luck. any one have a clue what to do now?
Thanks

4
Contributors
10
Replies
11
Views
8 Years
Discussion Span
Last Post by Gtrtech
0

I got the same virus on one of the workstations. I did the antivirus thing got rid of what I thought was all but now the only problem is right after you log in (I tried safe mode too) it logs you off. tried doing a windows repair but no luck. any one have a clue what to do now?
Thanks

What "same virus"? Are you referring to another thread or something? We have no way of knowing what you are talking about unless you explain it a little better.
What virus, what "antivirus thing" did you do?
Can we see some logs and get more info?

0

What "same virus"? Are you referring to another thread or something? We have no way of knowing what you are talking about unless you explain it a little better.
What virus, what "antivirus thing" did you do?
Can we see some logs and get more info?

Ya, I was moved. It made cense before that.
http://www.daniweb.com/forums/showthread.php?t=166767&highlight=ntdll64.dll

Sorry about that. My problem is one of my workstations picked up the fake antivirus trojan. got rid of most of it with bitdefender all except 1 file.
Here is the scan report

BitDefender Online Scanner

Scan report generated at: Fri, Jan 16, 2009 - 08:49:22


Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
01:05:10

Files
135084

Folders
3254

Boot Sectors
0

Archives
5201

Packed Files
8097


Results

Identified Viruses
3

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4


Engines Info

Virus Definitions
2464262

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
Status

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Infected with: Gen:Trojan.Heur.564E44

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Disinfection failed

C:\Documents and Settings\cchildress\Local Settings\Temp\mousehook.dll
Deleted

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Infected with: Gen:Trojan.Heur.564E44

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Disinfection failed

C:\Documents and Settings\cchildress\Local Settings\Temp\ntdll64.dll
Delete failed

C:\System Volume Information\_restore{013AE10D-5266-4DF2-A47A-7139BD847D60}\RP255\A0191809.exe
Infected with: Trojan.Generic.1320876

C:\System Volume Information\_restore{013AE10D-5266-4DF2-A47A-7139BD847D60}\RP255\A0191809.exe
Deleted

C:\WINDOWS\system32\config\systemprofile\.exe
Infected with: Trojan.Generic.1320876

C:\WINDOWS\system32\config\systemprofile\.exe
Deleted

C:\WINDOWS\Temp\BN11F.tmp
Infected with: Trojan.Dropper.Kobcka.Gen.1

C:\WINDOWS\Temp\BN11F.tmp
Deleted

Couln't git rid of the ntdll64.dll so I then ran Malwarebytes' Anti-Malware. it found 20 Infected Files. after getting rid of them it had to reboot to finish and thats when I started having the log problems.
Thanks

0

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

Thanks crunchie, Problem is I can't even get into it to run a scan. it kept logging me off. I think one of the files that was infected was a sys file so I started a wipe of the OS and will be doing a clean install. Luckely one of my policies is that everyone do a backup of thier workstaion weekly and all job related files are saved on the server so I'm not losing to much by this.
Thanks for your help.

0

If you couldn't get in, how did you manage the bitdefender scan in the first place?

One thing you might try is removing the hard drive from your computer (if its a desktop?), hooking it up to another computer, and scanning it from there.

You can also try the UBCD (www.ubcd4win.com), boot your computer from the special CD you create, and run scans from it instead. It has helped me in the past a lot.

Cheers!

--The Comodore

0

I ran the scan prior to it getiing the issues of logging out. I had the log saved. Thanks for the link. It'll come in handy when this comes up again.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.