"Security Center Alert" attack

View previous topic View next topic Go down

"Security Center Alert" attack

Post by Persistent on Tue Dec 22, 2009 1:25 am

A fully updated Norton Internet Secuity allowed in this malware. I didn't click to install this "Malware Defense", but still, now NIS won't load, internet's down, and MBAM won't run either in Safe Mode or Normal Mode. System Restore just hangs either in Safe Mode or Normal Mode. NIS will do a virus scan in Safe Mode but detects nothing wrong. Yet in Normal Mode the system hangs in about 5 minutes.

From reading the very very patient DragonMaster Jay in this forum, he seems to have helped invisible016 with the same bug -- H8SRTd -- I seem to have. I ranSysProtLog and here's a snippet:

Kernel Modules:
Module Name: \systemroot\system32\drivers\H8SRTpuxjrudujx.sys
Service Name: H8SRTd.sys
Module Base: ---
Module End: ---
hȋdden: Yes

Here is my question: I have a clean Norton Ghost image backup and I want to minimize chance of this virus surviving the Ghost Recovery.
Drive is bootable Primary "C" Drive, 55 GB, with a small 212 MB "Unknown Partition" for HP recovery files.
I'm restoring the bootable "C" Drive, and want to keep the Unknown Partition alone. I'll use the "Restore MBR" (Master Boot Record).

Can this malware survive the normal Ghost Recovery if I also restore the MBR?
Or, should I try and delete the malware, with your help, before using my Ghost image?
Or, is there a way to scrub the hard drive (while leaving alone the small Unknown Partition) to disinfect the drive before running Ghost?

Thanks

Persistent
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2009-12-22
OS : Windows XP

View user profile

Back to top Go down

Re: "Security Center Alert" attack

Post by Dr Jay on Tue Dec 22, 2009 3:49 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13711
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum