CLS

Virus "ZX Games" ?

Recommended Posts

I'm afraid to have a virus / rootkit problem: Using Win 7 / 64 in the taskmanager apear after logon several processes with the description "ZX Games - The old ZX Spectrum Games" (32 bit process). The process names are random (looking like hex numbers). In the application list there are no additional entries. The main problem is that permanently more and more of this processes are started, causing the system to page to disk. After about 700 to 800 processes Windows gets stuck completely. Starting Windows in secure mode (boot to commandline) this does --NOT-- happen. It looks like the processes are started from %user%\AppData\Local\Temp, because the corresponding *.exe files (several hundred) can be found here, some of them having 0 size, what indicates they are written by an other process (I removed the power supply to stop the machine). Corresponding *.tmp files (same names, all of them zero size) are found in the same directory.

Since I can use the commandline only I tried a2cmd and stinger as commanline virus scanners, but nothing has been found.

What to do ???

Share this post


Link to post
Share on other sites

Here is a link to instructions on how to start Windows in Safe Mode. Please try to start your computer in Safe Mode With Networking, and then follow the instructions below as best you can:

Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thanks for your quick reply. I've done as advised, however ComboFix insisted on MS Security Essentials have been running, despite I've switched it off.

Please find attached ComboFix.txt. ComboFix restarted the computer. After that the original problem seemed to be gone, but my system looked destroyed !!

I couldn't start programs anymore (error message: "acces to a registry entry which is marked for deletion"). After a further manual reboot the system looked o.k.,

I could start programs. I'l have a closer look tomorow. Thanks for now.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites

Topic reopened. ;)

OK, your ComboFix log looks pretty good. Lets get a third-party opinion just to make sure that I'm not missing anything. Please run an online virus scan through ESET by following the steps below:

  1. Turn off your anti-virus software.
  2. Click on this link.
  3. Click on the ESET Online Scanner button.
  4. Put a check in the box that says YES, I accept the Terms of Use.
  5. Click the 'Start' button just to the right of the checkbox.
  6. Uncheck the box that says Remove found threats (this is very important).
  7. Click on Advanced settings.
  8. Put a check in the box that says Scan for potentially unsafe applications.
  9. Verify that Scan for potentially unwanted applications is also checked.
  10. Verify that Enable Anti-Stealth technology is also checked.
  11. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  12. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
  13. Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
  14. Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.

Share this post


Link to post
Share on other sites

Please find attached what ESET online scan found. You said that the ComboFix log looks pretty good. Do you have any hint what caused the original problem ?

Share this post


Link to post
Share on other sites

I assume that the following file is something that you downloaded?

C:\Clemens\18_Vorlesung_MSM_2010\Diplomarbeit\LVK\pdfcracker.exe

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.