Annoying Virus, not sure what it is though

Status
Not open for further replies.
M

mariokiller64

Posts: 13   +0
Annoying Virus, not sure what it is though *Did the 8 Steps*

I removed about almost half of it yet there are still many problems going on with my PC.

Firefox getting an error on startup forcing me to use Iexplore.exe
2 iexplore.exe opening up when opening Internet explorers
Google searches being redirected
Many Many runtime errors with programs such as Notepad++,internet Explorer, some other browsers that happen randomly, when being used, when opening, when closing.
Lag when minimizing programs
Internet lag
Program installations freezing during installation.

It was much much worse at the beginning.....
The virus disabled my system restore, when I re-enabled it, all restore points were gone so System restore is out of the question.

I'll provide a hijackthis Log, if you need any other kinds of log, just ask.

Hope you can help me.

As I said, there were 2 Iexplore.exe opening up, you will see 3 here because of 2 Internet explorer tabs, I'm guessing the 3rd one is caused by the virus.....

I already ran
Spyware Doctor Pro
and
Avast.

They got most of them but there are still others, I can easily tell...

EDIT:
I will upload the other logs as soon as I download them, it is hard for me to find them VIA google because of the redirects I keep having.
EDIT2:
More Info, My WAMP PHP Service stopped working, I'm guessing I have to reinstall it, errors are increasing throughout random programs. I had errors from Winamp and TVSNCache.exe*TortoiseSVN* as well as explorer.exe, and filezilla *FTP Server*, the termination errors wouldn't stop coming so I had to end the process explorer.exe.

I am currently scanning with SuperAntiSpy, I had some problems with it, apparently there was some restrictions put on it, I couldn't reinstall it, and I couldn't open it. I couldn't even install it in the same folder so I had just change the installation folder. Also, the program shutdown in the middle of the scan.

Here is the other log file.
 
That HJT log looks clean to me, however, please perform the actions listed here so we can have the information we need to help further. :)

Thanks.
 
You have been directed to UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

When you are through, attach the three logs. The HijackThis scan comes after the other 2 programs, not before, so do a new scan and attach a new log.

You have multiple iexplore.exe entries because you have IE8. This is normal.

There are numerous entries in the HijackThis log to be removed, but I will wait until the other programs are run and then have a new HJ log. But I have a couple of things to bring to your attention:

have you set this restriction or are you aware of it?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Remove these form the Trusted Zone:
O15 - Trusted Zone: http://www.mapleworld.info
O15 - Trusted Zone: http://www.mapleworld.us.to

Control Panel> Internet options> Security tab> Trusted Zone> Sites> delete each of the above> unless> you have an Intranet set up and trust it completely. the Trusted Zone has a lower security setting.

I notice you are using multiple servers. Are they all set up correctly?
 
Bobbye said:
You have been directed to UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

When you are through, attach the three logs. The HijackThis scan comes after the other 2 programs, not before, so do a new scan and attach a new log.

You have multiple iexplore.exe entries because you have IE8. This is normal.

There are numerous entries in the HijackThis log to be removed, but I will wait until the other programs are run and then have a new HJ log. But I have a couple of things to bring to your attention:

have you set this restriction or are you aware of it?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Remove these form the Trusted Zone

Control Panel> Internet options> Security tab> Trusted Zone> Sites> delete each of the above> unless> you have an Intranet set up and trust it completely. the Trusted Zone has a lower security setting.

I notice you are using multiple servers. Are they all set up correctly?
Click to expand...
I am aware of the restrictions present, the current value is set to 0.
I have removed the Trusted Zone sites, I do trust those completely yet I no longer need them.
My wamp has been acting up ever since I ran avast to do a full system scan.
I was able to get the Malware log yet the superAntiSpy might take a while.

Thank you for your support.

A new HijackThis log has been uploaded.
The Adware log has been added to.

EDIT:
Apparently SuperAntiSpyware gets shutdown after a while during the scanning...I can not provide much of a log

EDIT2:
Got the log. When I remove the infections, they just come back.
 
basically, with , virus or worms, or rootkits, the best way of removal is thru a avast and malwarebytes, first, make sure avast is updated, then go into settings, to enable boot time scan, once the boot time scan, is in process, with system volume files and system 32 files, if you dont know much about computers, try to do repair on these, and if cannot repair, move to chest, most other files can be deleted if cannot be repair.. once you do this scan , run malwarebytes, sometimes you might need to boot up in safe mode..

after malwarebytes, or if you can not get malwarebytes to run, boot up in safe mode, and run combo fix and smithfraud, then back to malwarebytes
 
cardman927 said:
basically, with , virus or worms, or rootkits, the best way of removal is thru a avast and malwarebytes, first, make sure avast is updated, then go into settings, to enable boot time scan, once the boot time scan, is in process, with system volume files and system 32 files, if you dont know much about computers, try to do repair on these, and if cannot repair, move to chest, most other files can be deleted if cannot be repair.. once you do this scan , run malwarebytes, sometimes you might need to boot up in safe mode..

after malwarebytes, or if you can not get malwarebytes to run, boot up in safe mode, and run combo fix and smithfraud, then back to malwarebytes
Click to expand...
Already Ran an Avast boot scan in the beginning.
The malwarebytes didn't help either.
 
I started this last night but had to shut down due to a storm.

I do not see any antivirus program running. You mentioned Avast, but there is nothing running for it. So the first order of business is to get an AV on the system. You will find link for both Avira and Avast in Step 1. Choose either one, download and install. Then run a full system scan and save the log. Attach it with next reply.
Okay, taking it from the top:
  • 1. Firefox getting an error on startup. What is the Error?
    2. 2 iexplore.exe opening up when opening Internet explorers. Explained
    3. Google searches being redirected. Working on that with logs
    4. Many Many runtime errors with programs such as Notepad++,internet Explorer, some other browsers that happen randomly, when being used, when opening, when closing. The most common cause of the runtime errorts are add-ons. Remove the add-on in IE, then add them back one at a time until you identify the offender.
    [5]Lag when minimizing programs- Explain
    [6]Internet lag: Explain
    NOTE about this per HJ log: C:\Program Files\TortoiseSVN\bin\TSVNCache.exe> TortoiseSVN Uses a Lot of System Resources ...
    [7]Program installations freezing during installation. How much RAM is installed?
    [8]More Info, My WAMP PHP Service stopped working, I'm guessing I have to reinstall it, errors are increasing throughout random programs. I had errors from Winamp and TVSNCache.exe*TortoiseSVN* as well as explorer.exe, and filezilla *FTP Server*, the termination errors wouldn't stop coming so I had to end the process explorer.exe. Use the Event Viewer to find the Error that correspond to freezes/error messages. Let me know if you need help using it.
    .
Click to expand...

  • Malwarebytes shows No Action Taken. That means the malware was found but you didn't check the line to remove it- it didn't come back- it never left! UPDATE and run Mbam again being sure to check this:
    * Make sure that everything is checked, and click Remove Selected.

    SAS has a similar line for removal. If you did not check it also, update and rescan, same as above.

    P2P Warning: I see you are using BearShare File Sharing Client. File sharing and malware go together. I advise you to uninstall it. If you choose not to, please don't user while cleaning.

    NOTE: if Bearshare is used and malware continues, support may be lost.

    I also note the multiple servers and download managers. Please tell me how much RAM you have. All of this taken together would indicate you have a very busy system multi-tasking.

    I'd like you to try this please:
    Start> Run> type in msconfig> enter> Selective Startup> Startup tab> UNCHECK everything on Startup EXCEPT the antivirus, third party firewall.(if there is one)

    When finished: Apply> OK> Reboot> NOTE: close the nag message that comes up after checking 'don't show this message again.' Stay in Selective Startup.

    The multiple download managers and multiple servers are a potential for conflict. Try it without all of them starting up and see what difference it makes.Programs can be started manually when needed.

    Attach AV log and new Mbam log in next reply.
 
Bobbye said:
I started this last night but had to shut down due to a storm.

I do not see any antivirus program running. You mentioned Avast, but there is nothing running for it. So the first order of business is to get an AV on the system. You will find link for both Avira and Avast in Step 1. Choose either one, download and install. Then run a full system scan and save the log. Attach it with next reply.
Okay, taking it from the top:

Malwarebytes shows No Action Taken. That means the malware was found but you didn't check the line to remove it- it didn't come back- it never left! UPDATE and run Mbam again being sure to check this:
* Make sure that everything is checked, and click Remove Selected.

SAS has a similar line for removal. If you did not check it also, update and rescan, same as above.

P2P Warning: I see you are using BearShare File Sharing Client. File sharing and malware go together. I advise you to uninstall it. If you choose not to, please don't user while cleaning.

NOTE: if Bearshare is used and malware continues, support may be lost.

I also note the multiple servers and download managers. Please tell me how much RAM you have. All of this taken together would indicate you have a very busy system multi-tasking.

I'd like you to try this please:
Start> Run> type in msconfig> enter> Selective Startup> Startup tab> UNCHECK everything on Startup EXCEPT the antivirus, third party firewall.(if there is one)

When finished: Apply> OK> Reboot> NOTE: close the nag message that comes up after checking 'don't show this message again.' Stay in Selective Startup.

The multiple download managers and multiple servers are a potential for conflict. Try it without all of them starting up and see what difference it makes.Programs can be started manually when needed.

Attach AV log and new Mbam log in next reply.
Click to expand...

Firefox is fixed
Google is still redirecting
Runtime Errors stopped
The lag disappeared
My internet is fast again
I removed the TSVNCache thing because I didn't need it anymore.
Installations are moving again without a problem *I have 3GB of ram*
WAMP started working again

My PC is going a lot slower though, it takes a while for it to start up....

I took a scan, sorry it took me a while. More and more viruses come up on my computer. I recently removed 2 different ones that probably came from the same thing that infected me with the Websearch thing. Just a heads up, I do not have any toolbars of MyWebsearch nor have I installed any of there products. The virus came from some other thing....

Heres the logs.

PS:
I also have other problem.

System restore stopped working. It's not making any more restore points and I can't make them either
"System restore is not able to create a restore point.
Please restart the computer and run system restore again."
I obviously tried restarting.

*The registry items keep coming back, the other things still haven't came back*
 
For you convenience, you don't have to include my entire post in your reply.

We'll address the System Restore issue later. Restore points can have malware and I don't advise either setting them now or doing a System Restore now.

You need to remove the temp files:

TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Now we'll check out the rootkit:

Please download GMER HERE and save it to your desktop.

  • 1. Run gmer.exe
    2. Select Rootkit tab and click the "Scan" button.
    3. If GMER detects hidden service click "Delete the service" and answer YES to all questions.

    The screenshot HERE will show you how the display will come up.
    4.Please copy the scan result using Copy button> paste to Notepad and attach here.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Reboot after the above have been completed.
Then run a new AV scan, followed by a new HijackThis scan. Attach all logs.
 
Bobbye said:
For you convenience, you don't have to include my entire post in your reply.

We'll address the System Restore issue later. Restore points can have malware and I don't advise either setting them now or doing a System Restore now.

You need to remove the temp files:

TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Now we'll check out the rootkit:

Please download GMER HERE and save it to your desktop.

  • 1. Run gmer.exe
    2. Select Rootkit tab and click the "Scan" button.
    3. If GMER detects hidden service click "Delete the service" and answer YES to all questions.

    The screenshot HERE will show you how the display will come up.
    4.Please copy the scan result using Copy button> paste to Notepad and attach here.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Reboot after the above have been completed.
Then run a new AV scan, followed by a new HijackThis scan. Attach all logs.
Click to expand...
Sorry for the extremely long time it took.
I tried to use the Gmer.exe but it gave me a BSOD a couple times so I decided to try to take care of this virus later lol.

Here are some logs.


From first to last, when the logs were taken.

Avast Antivirus
SuperAntiSpyware
RootKit Logs
HijackThis
MalwareBytes
 
So you fixed now?
You manually toast entries in registry?
You double check the dllcache within windows dir (\windows\system32\dllcache (hidden dir) to see if the bad .dll's are in there?
If they are, they will keep coming back until you toast them from there, ALSO.
Sorry if covered, I haven't the time to read the whole thread, just fresh on my mind, after just toasting rude one off my wife's PC within the last hour.
----
Also, I run boostspeed by auslogics and winpatrol, highly rec. both!
My wife's PC is wireless connection, and she complained about slow websites, I ran boostspeed's optimizer again and rebooted, and sites were fast again.
I think boostspeed gives a trial period, I bought it, and it's OK to use on ALL YOUR PC's.
 
Badfinger said:
So you fixed now?
You manually toast entries in registry?
You double check the dllcache within windows dir (\windows\system32\dllcache (hidden dir) to see if the bad .dll's are in there?
If they are, they will keep coming back until you toast them from there, ALSO.
Sorry if covered, I haven't the time to read the whole thread, just fresh on my mind, after just toasting rude one off my wife's PC within the last hour.
----
Also, I run boostspeed by auslogics and winpatrol, highly rec. both!
My wife's PC is wireless connection, and she complained about slow websites, I ran boostspeed's optimizer again and rebooted, and sites were fast again.
I think boostspeed gives a trial period, I bought it, and it's OK to use on ALL YOUR PC's.
Click to expand...
I didn't fix it yet.
The registry entries keep coming back and they can't be manually deleted, there protected....I try to access it and it gives me an error.
It doesn't seem to be going away. Also, more and more viruses come on my computer after a while.

Keylogger
Trojans
Etc

Something on my computer is downloading these :\.

The only thing that doesn't go away complete is the websearch registry entries.
Everything else comes back within the month but not instantly.

Also, my explorer.exe freezes every once in a while now.
 
Add Winpatrol immediately and check all the appropriate tabs, see if anything WEIRD is listed, and delete/disable them if it will let you.
It has the ability to delete some AFTER a reboot, that will rid you of SOME sly ones.
It does it before windows gets fully loaded during the reboot so it CAN get rid of the files.
After that spybot too, see if finds anything.

If all else fails, I hook the HD up to another system, and delete all the junk that you find that keeps coming back, don't forget that \windows\system32\dllcache dir (hidden), that could be housing the evildoers and they will just reappear pronto if in there and you delete them somewhere else.

Write down every single file name that you see involved with these viruses/malware and give us the list.

From a command prompt box, you can: dir /? to see how you can use that to search for specific files, even hidden.
Command prompt should be under Accessories/Programs from Start.
 
Badfinger said:
Add Winpatrol immediately and check all the appropriate tabs, see if anything WEIRD is listed, and delete/disable them if it will let you.
It has the ability to delete some AFTER a reboot, that will rid you of SOME sly ones.
It does it before windows gets fully loaded during the reboot so it CAN get rid of the files.
After that spybot too, see if finds anything.

If all else fails, I hook the HD up to another system, and delete all the junk that you find that keeps coming back, don't forget that \windows\system32\dllcache dir (hidden), that could be housing the evildoers and they will just reappear pronto if in there and you delete them somewhere else.
Click to expand...
DllCache has nothing in it that could be infecting my computer.
But, I'll check out the tabs in WinPatrol.

EDIT:
Nothing :\
I'll wait for Bobbye.
 
Suggestion. When I run into being unable to remove items with scans, I remove the hard drive and scan it externally from another computer entirely. With windows running and doing certain scans, the programs or viruses cannot be deleted due to their running at that particular time. I am a computer tech and do a lot of onsite jobs. External removal is sometimes the best option.
 
You're welcome. Please don't hesitate to use the reference I left to finish you up.
 
Status
Not open for further replies.

Similar threads

E
Maker builds device to hack neighbor's Bluetooth speakers that were streaming annoying...
Replies
9
Views
214
RaXelliX
R
midian182
Google confirms it is definitely not killing off Gmail after hoax goes viral
Replies
4
Views
171
sdms96825
S
J
What if Nvidia had acquired Arm?
Replies
12
Views
252
Disiw
D

Latest posts

Back