Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Extremely complex spyware, infects everything


(!)

Phae's Avatar
Phae Phae is offline
Member with 3 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
23-Jul-2012, 02:45 PM #1
Extremely complex spyware, infects everything
I've become extremely frustrated with what seems to be the mother of all malware.

This particular malware has infected every computer at my home. It infects all anti-virus programs. It has even infected Comodo Firewall on other computers in my home. The virus on this computer has survived dban wipes, CMOS resets and many clean reformats.

It apparently is using svchost.exe to manipulate my network traffic, and allowing something/someone to edit registry keys on my computer. I'm afraid to install anything, because as soon as a program is run on my computer, it tries to access protected COMs.

I'll post a few screenshots, and a few logs from when it didn't get out of control as badly.

To give you an idea of how bad this is, I tried running your Sysinfo, and it was immediately infected.

*Just to clear up something, i'm afraid of running any further programs that require elevated permissions. I can't even run snipping tool without it trying to access Comodo Firewall and a dozen other COM Interfaces.
Attached Thumbnails
Extremely complex spyware, infects everything-imp1.png  
Attached Files
File Type: txt RKreport[1].txt (1.2 KB, 53 views)
File Type: txt TDSSKiller.2.7.45.0_17.07.2012_00.03.04_log.txt (115.7 KB, 41 views)
File Type: txt OTL.Txt (71.9 KB, 47 views)

Last edited by Phae; 23-Jul-2012 at 02:56 PM..
Phae's Avatar
Phae Phae is offline
Member with 3 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
26-Jul-2012, 12:26 AM #2
Since I couldn't edit my first post.. I managed to run HijackThis very well, without any obvious issues.

I really hope someone can at least give me some insight as to what is going on with my computer.. This issue is really backing things up for me.

Any help is appreciated!
Attached Files
File Type: log hijackthis.log (3.5 KB, 32 views)
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
26-Jul-2012, 03:07 AM #3
none of your logs are showing any i nfection
what they are showing is Comdo being a pain as usual & give erroneus readings

Nothing survives dban wipes & multiple reformats so to solve your problem get rid of Comoddo & use an alternative antivirus/security suite
Phae's Avatar
Phae Phae is offline
Member with 3 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
26-Jul-2012, 01:53 PM #4
So.. There's no issue?

There's no problem with dllhost.exe trying to acces the COM interface of explorer.exe? Or anything of the like?
dvk01's Avatar
dvk01   (Derek) dvk01 is online now dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
26-Jul-2012, 02:50 PM #5
no problem

that is just comodo being silly and alarming unneccesarily
Yes there can be odd occasions when malware can piggyback on dllhost & use it, but 99.9999% of the time it is perfectly legitimate & normal

get rid of comodo & use sensible protection programs that don't give stupid alarms about nothing

if you really want to use comodo & the defence+ hips protection element do a lot of reading here http://help.comodo.com/topic-72-1-14...-Settings.html and follow all the links & get it set up properly so it doesn't block or alert you to legitimate windows processes and programs

Hips are very complicated to set up correctly & work in a domestic environment. My opinion is that they should be left to the corporate environment where there are full time, experienced IT staff to set them up & maintain them. A hips protection program coupled with a tight permissions set up is probably the best protection that you can get. Hips onl;y work well or properly when set up correctly & teh user has no permissions to install programs or addons etc . That way any hips alert is more likely to be genuine & deserving on being blocked
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue

Last edited by dvk01; 26-Jul-2012 at 03:01 PM..
valis's Avatar
Moderator with 63,647 posts.
 
Join Date: Sep 2004
Location: as above
26-Jul-2012, 02:58 PM #6
I agree with dvk01 on the comodo thing; on the malware issue, he has forgotten more than most will learn......but I ran into problems like yours with comodo several years ago, switched to AVG, and now have moved on to MSE.

Give MSE a shot; I think you will be pleasantly surprised.
__________________
Microsoft M.V.P. - Windows IT Professional | M.C.S.A. | M.C.P. - MS Server 2k3 | blog | rate me

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that". - Gary Kildall
lunarlander's Avatar
Computer Specs
Member with 5,627 posts.
 
Join Date: Sep 2007
27-Jul-2012, 06:12 PM #7
I'd like to add one point. Nothing can survive dban wipes. But if you keep re-installing some infected program after a clean windows install, then you're going to get that virus back. If you are unsure of a program's origins, then don't install it.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑