Author Topic: Ongoing suspected "activate" bot virus infection. All anti-virus tools defeated.  (Read 648 times)

Offline Joseph99

  • Newbie
  • *
  • Posts: 4
I'm needing help, if any can be given but I think I've been defeated for the first time in decades tbh.

Something big happened yesterday. A virus I didn't even know I had, that appears to have been lying dormant in my system for at least 2 months (going by date created/modified signatures), This thing has "activated" and all hells broke loose. I'm currently fighting to get rid of a collection of viruses being used as hacking tools by a hidden, as of yet unmasked, virus that seems to render comodo and any other anti virus/malware tools, blind. They can't see whats going on and can't even detect the most simple of malware in my system. They are being blocked. I can't get to the root of the infection either and I'm fighting a loosing battle against something that keeps changing it's mo and is always 2 steps ahead of me, all the while it's doing something pretty heavy online, leading me to suspect I actually have a bot virus. I believe my computer is being used as a pawn as we speak in some sort of ddos some ware. Meanwhile, this thing is actually trying to lock me out. I'm engaged in a power struggle with it atm for control of my pc.

Look I have been fighting viruses for about 3 decades. Sometimes as a hobby. Always to help people out. Ever since I first figured out how to recover my disks from the bsg9 file parasite on my old amiga decades ago. I'm seriously savvy. I've picked apart some amount of viruses of the past 30 years but this thing is by far the most impressive and advanced virus I've personally ever had the privilege of seeing. And yes. Watching this thing at work is a privilege. I'm seriously impressed by just how complex the ai in it is and how advanced it really is. I've never seen anything like it.

I'm sorta guessing i'm wasting my time asking for help. I should just re-install windows and have done with it but Ive not had to resort to that in over a decade, i'm stubborn as heck and it's sheer determination that's got me on here asking if there's anything that can be done. Id rather beat this thing than give in to it.




-I'm currently having trouble doing anything. I'm struggling to get on the net or download tools or study up on it because my up bandwith is running flat out and I'm being blocked from tracing back to whats doing it. I can only trace it back to "system and compressed memory"/ntoskrnl.exe which is the system kernel.
-I found and killed a process called b2e.exe. Acording to comodo this is a virus called win32.killav. When I did comodo went nuts detecting viruses left and right. Its logged all this but hasn't removed them and has went back to being silent/blind
-I had permissions changed on me and found I couldn't use most anything installed on my system. Acess denied. I have since restored permissions.
-Task manager, reg edit and even the reboot options for safe mode are missing. At first it said I didn't have permisions so I fixed that and now its telling me they don't exist :/
-The counter for network intrusions on comodo is currently at 67 for a 2 hour session but when I open the log it is empty/blank


I can't find whats doing all this. I can find the old malware its using to exploit my system and peel its security back but I can't find whats actually doing all this and there is no startup tasks. Nothing is scheduled to trigger all this. So the processes behind it all are hidden. They seem to be integrated/tied into the windows system.
« Last Edit: July 20, 2016, 06:22:57 PM by Joseph99 »

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11198
    • Comodo Help
Hi Joseph99,
With all that going on, I would suggest a clean re-install of the operating system.

The articles in the external links below may help.
https://www.techsupportalert.com/content/how-clean-infected-computer.htm
https://www.techsupportalert.com/content/how-fix-malware-infected-computer.htm

https://www.comodo.com/business-security/network-protection/cleaning_essentials.php

Force Windows into safe mode using msconfig.
Force Windows to Boot into Safe Mode-howtogeek

Good luck.
« Last Edit: July 20, 2016, 06:45:26 PM by captainsticks »

Offline Joseph99

  • Newbie
  • *
  • Posts: 4
Hi Joseph99,
With all that going on, I would suggest a clean re-install of the operating system.

The articles in the external links below may help.
https://www.techsupportalert.com/content/how-clean-infected-computer.htm
https://www.techsupportalert.com/content/how-fix-malware-infected-computer.htm

https://www.comodo.com/business-security/network-protection/cleaning_essentials.php

Force Windows into safe mode using msconfig.

Force Windows to Boot into Safe Mode-howtogeek

Good luck.


Hmmm kinda figured that's what it would come to. Just didn't want to take that route before asking about. Tbh this things just uninstalled firefox, malware bytes and a few other things. It's constantly doing something new. I'm constantly on the back foot just trying to fix the damage it does.

Btw, that link for forcing safe mode. Tried that. The problem is that and even the trick where you hold the cntrl key in and reboot from the start menu. None of that is working. It just keeps booting straight onto the desktop like normal, ignoring whats in there. No safe mode. No blue screen with the boot options.

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11198
    • Comodo Help
Have you tried or able to try a system restore point prior to this occurring?
It might help make the system usable again.

Better still would be if you had a system image back-up.

I hope all your personal data is backed-up, if you go ahead with a clean re-install.

Kind regards.

Offline Joseph99

  • Newbie
  • *
  • Posts: 4
Have you tried or able to try a system restore point prior to this occurring?
It might help make the system usable again.

Better still would be if you had a system image back-up.

I hope all your personal data is backed-up, if you go ahead with a clean re-install.

Kind regards.

I tried system restore points. It was the first thing I tried. My system restore points have been deleted and i'm having a hard time accessing system restore. I also can't get system reset to work either so I can't get windows to reinstall itself.

Look I've got some ware, to a degree, with this. There is a rootkit in there and I def need to wipe my hdd and reinstall windows now cause it's on the mbr. Sector 0 has been replaced. The rootkit tool I used found references that points to the tdl family. Aleurion. But it declares it as an unknown variant and cant remove it.
So my hunch was correct. This is a bot virus. But I would sudgest it's a little to blatant and obvious to be, for example, a new generation. Aleurion relies on obfuscation to last long term but this is in your face. I would sugest its more a case of someone playing with the source code for generation 4 or something like that.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23710
Try booting into safe mode by starting to tap the F8 button as soon as your computer boots into BIOS.

Other than that you can try scanning from a rescue CD from various makers: Avira, Kaspersky and others... Or when being able to boot into Safe Mode you can try Emsisoft Emergency Kit. Or boot from a Windows installation DVD and fix the masterboot record from the command prompt using the fixmbr command.

Keep us posted on how things go.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek