General discussion


Desperate Call before format

By wtkaic ·
Hi out there
It started with some heavy attacks, then the Internet became a little bit slower and at a point it started looping restarting the computer giving me very little time but good enough to allow me burn a cd and to dig in the registry (that was on installments)cut sths. Apparently I cut some good one because it is not looping anymore,But it is very slow in general -let alone if you are trying to write sth in Word. In case you want to save a Word document it shows no response and then comes back to normal. It also freezes if you are trying to go to Accesories\System tools and although you get the Task Manager you cannot even shutdown.
Before all my Browsers have been hijacked it would let me connect but it would cut the connection between my PC and the remote Antivirus server to get the update and by now I cannot even connect(I now use another PC).
(I once managed to get only the IE running-dont ask me how-I dont know- but once I tried to reconnect after installing the Kaspersky Antivirus to get the update I could not connect anymore.)
I used Adware, Spybot S&D, I had the ZoneAlarm Firewall Pro Trial, I have F-Secure Antivirus
all the Microsoft patches. I downloaded all possible tools Sentinel Kaspersky Antilove fun, WinPatrol, Spywareguard included but no trace of anything.
I uninstalled reinstalled the antispyware and ISP programmes but no chance. I looked again in the registry ust in case I could trace anything like Bofra,etc. but no luck.

I seriously dont know what it is infected with.

All I know that this is my last call before formating it(which I hate since I have all my accounting and the YearEnd Closing is approaching and IRS is waiting).

I would appreciate any help.




This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by m0le In reply to Desperate Call before for ...

If you can read this, you can google your way to a download of McAfee's stinger product. Small app, local scan, great results. Good luck.

Collapse -


by wtkaic In reply to Alternative

I will try it now and let you know
by the way, I just read in
about lsass.exe

Digging now in my registry I deleted two instances
two files
one lsass and some other dubious one
and also
in ControlSet003

the very same files.

But it's still runs very slowly.

I see it running in the Task Manager but it doesnt let it me close it and if go from the Windows Explorer to Windows\System32 I see it as an application but it doesnt let me delete it.
Some say its sasserb some its a system application
Any idea?

Collapse -

Sasser B

by trockii In reply to thanx
Collapse -

Try this Callie...

by wjr777 In reply to Desperate Call before for ...

Do a Reg find for "MediaTicket". Also, what OS and have you attempted all the fixes available on-line? This baby has to be down deep in the registry, sounds like. I can be reached at WJR777@ either CWNET or Yahoo.

Collapse -

re: call before format

by afram In reply to Desperate Call before for ...

I like SunbeltSoftware's "counter spy" software. There is a free 15 day trial on their website that removes all sorts of spyware that adware and spybot miss. It also has a checkup feature that will secure some browser settings. Using this software has always restored some speed to compromised computers.

Collapse -

is format that bad

by In reply to re: call before format

it sounds like you put up a good fight. if it were me (and has been me) i would bring out the nuke and call it good. grab a usb pendrive and get your stuff off you need to keep then clean that puppy. its usually quicker and it will bring new life into your pc.

Collapse -

Back to square 1

by wtkaic In reply to is format that bad

I used the Stinger and the FSecure tool for Sasser Removal yesterday night. The F-Secure had no result but the Stinger had tracing and deleting 2 Files infected with SDBot in System 3. After that I thought I could connect and update my antivirus, etc.
Tough luck! I got connected yes, but the browsers were all hijacked and it ofcourse would let me get the connection to get the virus updates.
And here comes the best. After I rebooted it cause it would look like it has the cd in but you would see no content and it would let me refresh the driver,I got the good bye loads xp loading screen and when you expected to see the color screen you just see your white cursor on a black screen
:S To make it better, you have to cycle the power from the switch at the back of the tower :S
And so I cannot use any of the extra tools I got yesterday.

Any idea how to get it back from the dos mode?
(the only dos command that accepts is tree and nothing else )

I think that 2005 will start for me with linux or mac
Guys thanx for all the help


Collapse -

This should help.

by mrafrohead In reply to Desperate Call before for ...

To get backups of your data, boot into SafeMode...

To do that, RIGHT after POST, hit F8. Then select safemode. You can copy your stuff that you need.

Personally, with as messed up as your box sounds, you will be better off with a format and clean OS install.

If that won't work though, you will want to start with these few things. They will help, but probably won't fix the whole problem:

1. Boot into Windoze and disable SystemRestore if you are using XP.

2. Download a program called Stinger, you can get it if you google "Avert Stinger". It's free. Run it, record whatever it finds. If it finds anything, write down what it is, then go to the Norton site and download their repair tools. Stinger will remove the infection, and the Norton repair tools will fix the registry entries.

3. Google "CWShredder". Download it and run it.

4. Get Spybot, update it to current and run it, Check everything.

5. Do the same thing with Ad-Aware.

Reboot with each step, and go back into safemode. Remember, that you will want to run these things until your computer reports no errors. After that, you should be able to boot into Windoze and be okay to finish your backups to then format.

With what you are stating with how bad your system is, I honestly don't think that you will be able to clean everything. Seriously consider a format.


Collapse -

by wtkaic In reply to This should help.

the major thing is that I couldnot get any free browser when I would connect and that it would cut the connection between my station and the antivirus server whatever the antivirus would be.
if you read my previous msg you now my current status:used Stinger and fsecure sasser tool, traced and deleted SdBot, could not update antivirus, no cd reading, black screen & white cursor.
Even when I get it to safe mode I get the same black meadow :s

Collapse -

You're online now though...

by mrafrohead In reply to

Therefore you have a connection. All AV companies supply definitions that are available offline.

What you do, is go to the manufacturer's site. Download the definitions, burn them to CD, put them on a thumbdrive, something. Then update manually...

I understand what you have tried previously, but if you really follow what I stated originally, to the "T", it WILL help you. I'm telling you this out of experience.

From the box you're reading this one, snag all of the things, current versions only, and run those scans again. You'll find it will help you. Really important is the CWShredder/stinger and then the norton disks...


Related Discussions

Related Forums