Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blaster/Sasser.variant: crippling system

Status
Not open for further replies.

KornFuse

MIS
Sep 27, 2006
26
IN
Hi

My IBM thinkpad (T40) running WinXP Pro SP2 has gotten infected by Blaster/Sasser.variant.

Symptoms: When logging into Windows wall paper is different, Vista Antivirus 2008 scans start automaticaly, unknown desktop icons, multiple system32/netsh.exe cmd prompts, cannot locate C:\ drive, auto-shutdowns initiated by NT Authority\System.

Steps I've taken to fix issue:

1. Scanned with Spybot - unsuccessful

2. Tried returnig Windows to previously known good condition - unsuccessful.

Can someone please give me pointers to fix this problem?

Thank you.
 
Do you have hijackthis if so run a scan then post the log here.

The worm may have found its way into your system restore files

Check out answers to posts by pechenegs, many are related to the Blaster worm, be warned that cleaning is not easy and will involve running several 'deep' cleaners in safe mode, but it should be fixable.



Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
Thank you, sggaunt.

I fixed the issue. It turned out to be a rogue anti virus software, which posed as though it had found several critical errors on my machine. It wanted me to goto their website to buy a s/w from them.

I removed it with Malwarebyte's Anti-malware.

Thanks for your help.
 
KornFuse,

Read my post about Antivirus 2009, which is also a malware that wants you to go to their website to buy the software.

Here is a great question -- has anyone ever gone to the website, paid for the software fix, AND gotten rid of the malware?

I got rid of mine with A-Squared Free.

Hmmm.
 
A friend of had antivirus 2008 malware "infection" that wouldn't go away. He rang them up and complained, they gave him an uninstall code and instructions - it's gone!
 
Well, no...Wasn't much interested in talking to them after I'd cleaned up about a dozen users' workstations. In addition to creating its own app directory, XP 2008 Antivirus drops an .exe into \SYSTEM32 which loads and locks on startup. It also hides the Display Properties>Desktop and >Screensaver tabs and loads that delightful electric-blue-and-gold wallpaper, I've caught the source executable seeding the local machine with Vundo variants, generic downloaders, and the ever-popular JokeBluescreen screensaver. So I'm guessing these folks aren't real big on business ethics, either.....

The Bug Guy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top