Help removing malware

By Angel Blue01
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

Angel Blue01

Posted
Posted

I need help removing malware from my XP Pro machine.

I first noticed something was wrong when Web browsing was unuusally slow on that machine and sometimes wouldn't work at all. Windows Task manager showed a process called ns233.tmp running. Killing it would just restart itself.

Google results would point to go.google.com rather than the result when clicked.

Also when Windows loads NOD32 would display a message that it had blocked access to the URL in the attachment.

First thing I did was to run a virus scan. Although when I came back to check on it, the machine had locked up, NOD32's reports didn't seem to have anything.

Then I ran PC Tools Spyware Doctor, which removed some tracking cookiees and spyware that didn't match the symptoms at all.

I Googled ns233.tmp and found that it seems to be caused by known malware. Unlike that user however, I never installed "XP antivirus". I went to all the computer's user temp folders and cleared them out, deleting an instance of ns233.tmp in a Temp folder would create another instance with another random name xxx.tmp. On restarting however the xxxx.tmp files were back, suggesting rootkit-like activity.

I then Googled "tdss/crcmds/main" and found what seems like another threat. I searched my Windows\SYSTEM32 folder and the registry but found no traces of anything that matched TDSS.

I tried running Spybot but its process just sits there.

I tried installing Malwarebytes Anti-Malware, but it won't install. The installer process sits there but nothing appears.

I even tried booting into safe mode. However it locks up when getting to the logon screen, leaving me a black screen. The words "safe mode" appear in the corners with the build number but otherwise nothing works besides the mouse.

I really don't want to have to reformat. Can someone please help?

post-1865-1228077883.jpg

Link to comment
https://www.neowin.net/forum/topic/704300-help-removing-malware/
Share on other sites
Grand Master

episode

Posted
Posted

Do you have another machine you can put the drive in and run scans on?

That would be my first suggestion.

I've seen that problem in safe mode occur before. If you want to try it again, when it gets to the point where you think its locked up, try CAD. Then go to file -> new task and run c:\windows\explorer.exe

Another thing you can try is to go to c:\windows\system32\drivers\etc\hosts\ and add an entry to the hosts file of 72.233.114.123 to 127.0.0.1 so that your computer no longer tries to get out to the net and access that site.

Mentor

simsie

Posted
Posted
Another thing you can try is to go to c:\windows\system32\drivers\etc\hosts\ and add an entry to the hosts file of 72.233.114.123 to 127.0.0.1 so that your computer no longer tries to get out to the net and access that site.

Won't work as the hosts file is only used to resolve domains to IPs, not IPs to IPs. You can check for go.google.com in there though.

Grand Master

Angel Blue01

Posted
  • Author
Posted

What seems to be happening now is that sometimes some Web sites will be accessible and then randomly stop working in all browsers.

Thanks, but Malwarebytes Anti-Malware won't install

Grand Master

Sikh

Posted
Posted

Wow. Ironic. I just had this happen to me last week. Althou it was my fault opening a file i didnt trust. I got something like this that would stop browsing, avoided my antivirus(ZoneAlarm, then Kasper. Used a friends PC to use NOD all passed).

Funny thing is, I installed PC Tools and it found it, couldnt remove it. What I had was like this, but it masked as autorun. So all my autorun inf's were now being deleted and recreated with malcious code.

Dumb this is, I didnt notice until i turned on my 1st External, thats when zonealarm passed a popup saying autorun.inf on "drives a b c d" were infected.

I tried my best to remove it. I suceeded somewhat,t hen i got this EXACT tdss and main crap and tried my best and then reformated.

So my advice is, if you cnat get by it, backup stuff, DO NOT IMAGE, and reformat.

I was almost going to Ghost my drive when my friend went "em your gonna be carrying it again after you reformat" to which i facepalmed myself and backed up my stuff and reformatted.

Its been lovely since and I needed a reformat.

Veteran

sweetsam

Posted
Posted

I hope you imaged your clean install. If not this would be a good time to do it.

Wow. Ironic. I just had this happen to me last week. Althou it was my fault opening a file i didnt trust. I got something like this that would stop browsing, avoided my antivirus(ZoneAlarm, then Kasper. Used a friends PC to use NOD all passed).

Funny thing is, I installed PC Tools and it found it, couldnt remove it. What I had was like this, but it masked as autorun. So all my autorun inf's were now being deleted and recreated with malcious code.

Dumb this is, I didnt notice until i turned on my 1st External, thats when zonealarm passed a popup saying autorun.inf on "drives a b c d" were infected.

I tried my best to remove it. I suceeded somewhat,t hen i got this EXACT tdss and main crap and tried my best and then reformated.

So my advice is, if you cnat get by it, backup stuff, DO NOT IMAGE, and reformat.

I was almost going to Ghost my drive when my friend went "em your gonna be carrying it again after you reformat" to which i facepalmed myself and backed up my stuff and reformatted.

Its been lovely since and I needed a reformat.

Rising Star

VPuccetti

Posted
Posted

Angel,

PM me. I have a private FTP server with malware removing programs. I can either remote into your computer and help you out, or I can give you specific access to certain files I have for cleaning stuff up.

TDSS is normally followed by karna.dat and some other bad virus' pretending to be a real antivirus program, and other junk. Trojan Remover has almost ALWAYS fixed these problems (On 1 machine the registry become corrupt because of the removal of these files and I had to completely reformat (destructive))

  • 7 months later...
Neowinian

pradit

Posted
Posted

I hope this will solve your problem !!

http://pcrevolutions.blogspot.com/2009/05/...ayed-error.html

What seems to be happening now is that sometimes some Web sites will be accessible and then randomly stop working in all browsers.

Thanks, but Malwarebytes Anti-Malware won't install

Try renaming the file nd then try to execute it

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Waymo recalls self-driving software after cars enter closed freeway work zones

      By ExecutiveFunction404 · Posted

      This got me thinking, would you rather a self driving car prioritise protecting its passengers or everyone else? I'd choose the one that keeps me and my kids safest. At some point, these cars have to make those choices already, don't they? Wonder if we have a way to find out what way they lean.
    • Google is opening the world's first AI museum in Los Angeles

      By excalpius · Posted

      The proportion (or number of iterations) has nothing to with this aspect of Copyright I am describing. In short, it doesn't matter how many times the manager tells you to change something or how. Your work product is always YOURS until and unless you then assign that to the person representing the client/company, usually for financial compensation -- either in salary or as a subcontract work for hire payment. if iterations determined copyright, then businesses would have learned to just keep making changes until they could claim they owned the copyright, without having to compensate the artist for their work. And that would be BAD. The only place where the amount of changes does have a role is in how much does a human modify a previous public domain work (from any source) before it is considered fair use or their own work, etc. For example, if a human makes substantial changes to a public domain (re: AI, by definition) work, then they can then claim that derivative work as their own...but NEVER the original version, of course. That's why anyone can make a movie about Dracula, for example, as long as it is based on the public domain novel, but not if they take new ideas from copyrighted movies made afterwards. As one of the people who personally advised the US Copyright Office on their recent ruling on these very issues, be assured that I specifically used the terminology precisely -- though I made it simple enough for laymen to understand it. If I made this confusing by doing so, I apologize. But, to be clear regarding your assumption that I would agree to your second statement that I quoted above -- the answer is NO. If AI does the work, no matter how much "direction" you give it, it cannot be copyrighted. All AI generated content is in the Public Domain and therefore the copyright cannot be assigned to ANYONE, even you -- until and unless substantial modifications are made to it BY A HUMAN BEING (yourself or a contracted artist/writer/etc.) and then that copyright on the derivative work is legally (in writing) transferred to you. This is a critical distinction. And it is important that people, especially AI sloppers, understand this. For example, YouTube is not paying AI slop generators for the copyright, etc. of their AI slop. What YouTube is doing is sharing AD REVENUE for permission to publish your AI slop. Copyright/ownership/rights never come into it. Importantly, that means that anyone can copy any AI slopware on YouTube, etc. and rehost it anywhere they want, even back on YouTube, and there is nothing legal that YouTube can do about it with regards to copyright protections, ownership, DMCA, etc. Anyone is legally free to use any AI slopware in any way they want. When this ruling was pending, I warned Disney legal of all of this before they did their OpenAI deal -- that it would literally dilute their entire IP portfolio forever. They ignored that warning for the PR and stock bump. But that is why, when the ruling came down last year, Disney quickly extricated themselves from that OpenAI deal, even eating the initial upfront fees -- followed closely by OpenAI ending their entire AI video generating business model. They adjusted their PR release dates to make this less obvious to shareholders, of course. Phew. I hope that this clears up the key distinctions for you and anyone reading. If you have any additional questions or even hypotheticals about AI and Copyright, please feel free to ask.
    • Windows 11 gets new audio improvements in the latest builds

      By wingliston · Posted

      Each of the devices displayed on this page now has a little volume meter next to it to show if there is audio actively playing. About time.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By LiLmEgZ · Posted

      Owing to the nature of Windows feature enablement updates, it was distributed over Windows Update services as a complete system upgrade rather than as an ordinary cumulative update
    • Politically funny images of the World

      By +primortal · Posted

  • Recent Achievements

    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • One Year In
      Skeet Campbell earned a badge
      One Year In
    • One Month Later
      Sharbel earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      561
    2. 2
      +Edouard
      188
    3. 3
      Michael Scrip
      78
    4. 4
      PsYcHoKiLLa
      74
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!