Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Weird malware problem that prevent reformat

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Weird malware problem that prevent reformat

Unread postby demonicslayer » October 12th, 2009, 1:06 am

Hi. Currently, i am using a Window XP prof edition. I encountered a problem which might involved a unknown kind of virus/ malware.

If you need my pc spec:
Pentium D 2.8GHz
1.5 GB RAM
80GB hard disk

This unknown virus/ malware/ worm basically stop all my reformatting functions (only removable hard disk such as pen drive and floppy disc can be reformat), commands, task manager, services program (especially related to antivirus and anything under administrative tools). Besides, it manages to corrupt my safe mode.
Reinstalling windows do not work as old files from previous are left untouch leaving the virus loafting around. Reboot menu always freezes when I tried reboot from there, the "thing" also prevent my usb mouse and keyboard to work rendering me helplessly hanging in the reboot menu.

Therefore, I would like advise and help to restore my pc.

Here is the log from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:36 PM, on 10/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\l\LOCALS~1\Temp\svchost.com
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\fdisk.com
F3 - REG:win.ini: load=C:\DOCUME~1\l\LOCALS~1\Temp\svchost.com
F3 - REG:win.ini: run=C:\DOCUME~1\l\LOCALS~1\Temp\svchost.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\fdisk.com
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKey] C:\Documents and Settings\l\Templates\cache\SFCsrvc.pif
O4 - HKLM\..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com
O4 - HKCU\..\Run: [HotKey] C:\Documents and Settings\l\Templates\cache\SFCsrvc.pif
O4 - HKCU\..\Run: [User Agent] C:\DOCUME~1\l\LOCALS~1\Temp\svchost.com
O4 - Startup: sndvol32.exe
O4 - Global Startup: sndvol32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96534A61-D8BE-479F-B0BA-4A368C86F8E5}: NameServer = 202.188.0.133 202.188.1.5

--
End of file - 2162 bytes
demonicslayer
Active Member
 
Posts: 1
Joined: October 12th, 2009, 12:32 am
Advertisement
Register to Remove

Re: Weird malware problem that prevent reformat

Unread postby peku006 » October 13th, 2009, 2:25 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Weird malware problem that prevent reformat

Unread postby NonSuch » October 17th, 2009, 12:58 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware