Possible Virus Issue - win32Purity?

View previous topic View next topic Go down

Possible Virus Issue - win32Purity?

Post by jbehnken on Wed 01 Sep 2010, 6:57 am

Hi Folks -

I'm running an old PC that I basically use for old games and some email.
I'm using Avast! for virus and trying to install Ad-Aware currently.
When I got to many websites (including Avast and Ad-Aware) I get a flag from Avast! that says it's scanning for Win32Purity.
Exact Message:
"Avast On-access scanner message c:\windows\application data/lmuo\ainaylrx.exe\pecompact contains sampleof win32:purityscan-bd [trj]!"

When I try to install Ad-Aware - I get the following error:
c:\program files\adware Pro\Adware_Pro.exe A device attached to the system is not functioning.

I'm not sure if the two are related, but suspect they are since they started happening around the same time.

Any help would be appreciated. If there is additional data needed, please let me know. I'll be happy to gather it for you.

Thanks!

John


Last edited by jbehnken on Wed 01 Sep 2010, 7:01 am; edited 1 time in total

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Wed 01 Sep 2010, 6:59 am

Oh - after I click 'ok' on that message I get an additional error:

The Adware_pro.exe file is linked to missing export WS2_32.DLL:getaddrinfo.

Thanks again.

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Wed 01 Sep 2010, 11:40 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Thu 02 Sep 2010, 12:23 am

Wow. This must be really bad.
When I run OTL.exe I get the following error:

This program has performed an illegal operation and will be shut down.
If the problem persists, blah blah blah...

In the details:

OTL caused an exception eedfadeH in module at 0000:00000000.

Registers:
EAX=00000000 CS=0000 EIP=00000000 EFLGS=00000000
EBX=00000000 SS=0000 ESP=00000000 EBP=00000000
ECX=00000000 DS=0000 ESI=00000000 FS=00000000
EDX=00000000 ES=0000 EDI=00000000 GS=00000000
Bytes at CS:EIP:

Stack dump:

Thanks,

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Thu 02 Sep 2010, 12:25 am

And then:

Exception EOLeSysError in module OTL.EXE at 000571A5.
Class not registered.

Thanks,

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Thu 02 Sep 2010, 10:42 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Sat 04 Sep 2010, 2:44 am

The saga continues:

I run combo-fix.exe and get the following message:

iexplore.exe

Setup has detected that you are running a version of windows that already includes the updated files or enhancements you are attempting to install.
For more information, click Details. Click Cancel to return to windows 98.

I have 3 buttons - Run Program (which is greyed out), Cancel or Details.
Details brings me to the Windows Help screen that says:

Important
Do not install previous versions of IE on Win98. Older versions of IE will not permit IE 4.0 to function properly. If you accidentally install an older version of IE over IE 4.0, uninstall the older version of IE and then reinstall IE 4.0.

When I click Cancel, it repeats the first message several times (14 to be exact) and I get another error:

32788R22FWJFW\nircmd.cfxxe
This file does not have a program associated with it for performing this action. Create an association in My Computer by clicking View and then clicking Folder Options.

I click OK and get the same message 3 more times before it finally quits.

Thanks,

John

PS -What a mess! My apologies. FYI - I did exactly as instructed, renaming combofix.exe to combo-fix.exe on download. Though I did not download it directly to my infected computer. It was necessary to download it to a different computer that is working properly, then port it over via CD. I haven't been able to successfuly download anything from GeekPolice from the infected computer.



jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Sun 05 Sep 2010, 10:12 am

Hello.
Can you boot to safe mode with networking and try using the internet from there?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Sun 05 Sep 2010, 1:18 pm

How do I get networking while in Safemode?
I don't have the option to boot into Safemode with networking.
I only get Safemode or "Step by Step".

Unfortunately, I don't have the knowledge to do the step by step login properly.

john

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Mon 06 Sep 2010, 7:41 am

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the second option, to run Windows in Safe Mode with Networking, then press Enter.
  • Choose your usual account.

Try now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Tue 07 Sep 2010, 3:54 am

I did so. Here are my options:

1. Normal
2. Logged (\Bootlog.txt)
3. Safe Mode
4. Step-by-step confirmation
5. Command prompt only
6. Safe mode command prompt only

I don't get the option to boot to safemode with networking (unless that's what option 2 means, but I doubt it).

Thanks!

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Tue 07 Sep 2010, 4:09 am

Okay do normal Safe Mode (option 3) and see if OTL will run now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Wed 08 Sep 2010, 12:26 am

I ran it from Safe Mode. Got:

Otl: " illegal operation and will be shut down"

Details are the same as last time.
Also got the same exception error - EOLeSysError in Module OTL.exe, etc...

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Wed 08 Sep 2010, 12:49 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Wed 08 Sep 2010, 2:10 am

So. Downloaded RKill on my clean computer and moved it to CD. Then the CD drive stopped working on the infected computer. ugh!!!
Tried to login to GeekPolice again from the infected computer. No luck.
Went to Google. Found an RKill download site and downloaded it in 3 forms. Rkill.com, Rkill.scr and Rkill.exe. Disabled Avast and tried RKill.com. None of them worked. Tried the rest - nada.
In all cases got the error:
Error! This program is not supported on this operating system.
Went to safe mode and tried again.
Same error.

Sorry!

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Wed 08 Sep 2010, 2:12 am

So. Downloaded RKill on my clean computer and moved it to CD. Then the CD drive stopped working on the infected computer. ugh!!!
Tried to login to GeekPolice again from the infected computer. No luck.
Went to Google. Found an RKill download site and downloaded it in 3 forms. Rkill.com, Rkill.scr and Rkill.exe. Disabled Avast and tried RKill.com. None of them worked. Tried the rest - nada.
In all cases got the error:

Error! This program is not supported on this operating system.

I also tried to run Rkill while leaving the message on the screen. I just continued to stack new dos windows with the same error message.

Tried the same thing in Safe Mode with no luck.

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Belahzur on Thu 09 Sep 2010, 4:13 am

Hmm.
Guess we can try a boot disc.

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from Antivir.de.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by jbehnken on Thu 09 Sep 2010, 4:20 am

That would be fabulous if my CD Drive was working. It failed yesterday (as per my last post). I'll see what I can do to get it running again.
Ugh..what a frustrating mess.

John

jbehnken

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-09-01
Operating System : Windows 98

View user profile

Back to top Go down

Re: Possible Virus Issue - win32Purity?

Post by Sponsored content Today at 1:04 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum