1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Extremely complex spyware, infects everything

Discussion in 'General Security' started by Phae, Jul 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Phae

    Phae Thread Starter

    Joined:
    Jul 23, 2012
    Messages:
    3
    I've become extremely frustrated with what seems to be the mother of all malware.

    This particular malware has infected every computer at my home. It infects all anti-virus programs. It has even infected Comodo Firewall on other computers in my home. The virus on this computer has survived dban wipes, CMOS resets and many clean reformats.

    It apparently is using svchost.exe to manipulate my network traffic, and allowing something/someone to edit registry keys on my computer. I'm afraid to install anything, because as soon as a program is run on my computer, it tries to access protected COMs.

    I'll post a few screenshots, and a few logs from when it didn't get out of control as badly.

    To give you an idea of how bad this is, I tried running your Sysinfo, and it was immediately infected.

    *Just to clear up something, i'm afraid of running any further programs that require elevated permissions. I can't even run snipping tool without it trying to access Comodo Firewall and a dozen other COM Interfaces.
     

    Attached Files:

  2. Phae

    Phae Thread Starter

    Joined:
    Jul 23, 2012
    Messages:
    3
    Since I couldn't edit my first post.. I managed to run HijackThis very well, without any obvious issues.

    I really hope someone can at least give me some insight as to what is going on with my computer.. This issue is really backing things up for me.

    Any help is appreciated!
     

    Attached Files:

  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    none of your logs are showing any i nfection
    what they are showing is Comdo being a pain as usual & give erroneus readings

    Nothing survives dban wipes & multiple reformats so to solve your problem get rid of Comoddo & use an alternative antivirus/security suite
     
  4. Phae

    Phae Thread Starter

    Joined:
    Jul 23, 2012
    Messages:
    3
    So.. There's no issue?

    There's no problem with dllhost.exe trying to acces the COM interface of explorer.exe? Or anything of the like?
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    no problem

    that is just comodo being silly and alarming unneccesarily
    Yes there can be odd occasions when malware can piggyback on dllhost & use it, but 99.9999% of the time it is perfectly legitimate & normal

    get rid of comodo & use sensible protection programs that don't give stupid alarms about nothing

    if you really want to use comodo & the defence+ hips protection element do a lot of reading here http://help.comodo.com/topic-72-1-142-391-Defense+-Settings.html and follow all the links & get it set up properly so it doesn't block or alert you to legitimate windows processes and programs

    Hips are very complicated to set up correctly & work in a domestic environment. My opinion is that they should be left to the corporate environment where there are full time, experienced IT staff to set them up & maintain them. A hips protection program coupled with a tight permissions set up is probably the best protection that you can get. Hips onl;y work well or properly when set up correctly & teh user has no permissions to install programs or addons etc . That way any hips alert is more likely to be genuine & deserving on being blocked
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,467
    I agree with dvk01 on the comodo thing; on the malware issue, he has forgotten more than most will learn......but I ran into problems like yours with comodo several years ago, switched to AVG, and now have moved on to MSE.

    Give MSE a shot; I think you will be pleasantly surprised.
     
  7. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    6,201
    I'd like to add one point. Nothing can survive dban wipes. But if you keep re-installing some infected program after a clean windows install, then you're going to get that virus back. If you are unsure of a program's origins, then don't install it.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062295