TechSpot

another case of virus of mass destruction

By apaullo
Dec 3, 2006
  1. hi there

    i need help from u peeps about my computer, it has lods of virus/malware craps on it and i cant seem to get it out...

    i have an adaware professional installed and mcafee 7 with updated dats but it seems that they cant detect those craps. my mouse cant be controlled. it circles around the screen and pressing any icon it can get! plus when i try to click on icons it wont follow..even the shutdown command wont work! so i have to manually shutthe pc down...by long pressing the power button

    i read on a previous posts on how to deal with it and i have this HJT log...hope anyone can solve this...thanks!!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You have some real nasty infections on your system.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hey howard

    thanks for the time in looking at my problem, you see i already read and did what was instructed in ur thread about removing malwares BEFORE posting my HJT log. and after scanning thats what the info in my HJT log. i also downloaded and ran the tool1 to tool4 in ur thread in normal mode before doing what was instructed like running the antivirus first then the CCleaner, the spybot, adaware, then the AVG antispyware..then lastly the HJT...one more thing about the adaware personal, im using the professional version.is it ok? or do i have to download the personal version?

    but i will scan it again for u...just wait for my logs
    thanks!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem mate.

    You don`t need to use Ad-aware se personal if you already have the pro version.

    Just make sure to rename HijackThis.exe and post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hey again howard..

    i did wat was in the instructions again and this is my report...
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Registry Search Tool from HERE. It`s near the bottom of the page. Extract it, then double click on RegSrch.vbs file and copy and paste the following into the command line and click ok. Altnet

    Copy and paste the results into your next post.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Altnet

    Close control panel.
    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Print Spooler Service<Not to be confused with Print Spooler.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    mlsdf8h5824819.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O20 - Winlogon Notify: McafeeToDel - C:\WINDOWS\

    O23 - Service: Print Spooler Service (wiu94uk766) - Unknown owner - C:\WINDOWS\System32\mlsdf8h5824819.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\System32\mlsdf8h5824819.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log as well as the output from the Registry search tool.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    ok..will do that mate!

    thanks again!
     
  8. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hi..sorry i was not able to post nor did what u told me to do on my PC becoz there seems to be a problem opening techspot on it...i checked with other sites and my internet works fine but when i try searching techspot it cant get inside...it is just loading and loading...
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You should follow the instructions in my above post, just as soon as you can.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hi howard...i was just browsing about other's net problems and i read that of browser hijacker of SMELL THE GLOVE, and i realized i also have that same problem. i cant seem to access techspot but other sites are no problem...it just keeps on loading and loading till it says techspot took too long to respond...its been two days now since i access techspot from my pc...now i have to wait in the office just to access techspot...which could really delay my progress in scanning my pc...hope i dont have to reformat like Glove did
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s weird, not being able to access Techspot.

    Have you been able to follow the instructions I gave you? Maybe you could copy and paste the instructions into a notpad file and take it home with you.

    Run the Ccleaner programme as per the instructions in this thread HERE. That should clear your cookies and hopefully, you`ll be able to access Techspot again.

    I don`t think you have the same problem as SMELL THE GLOVE.

    If you still can`t access Techspot, I suggest you post your problem at the Bleeping Computer forums and see if they can help.

    Obviously I can`t help you if you can`t access our site.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. focus_water

    focus_water TS Rookie Posts: 168

    that exact same problem happened to me aswell then i found out it was a corrupt bios.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    How the hell is a corrupted bios going to stop someone from accessing Techspot, or placing malware on a computer?

    There`s no doubt that apaullo`s computer is infected, hence my instructions.

    To suggest a corrupted bios is resposible is just plain wrong.

    Regards Howard :rolleyes:

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. focus_water

    focus_water TS Rookie Posts: 168

    well the bit where he said that the mouse was going all over the screen clicking on everything. thats what happened to mine and i had a corrupt bios.
     
  15. Dr. Seuss

    Dr. Seuss TS Rookie

    Sorry do disagree with you TS Special Forces but in my opinion that Registry Search Tool does more harm than good. I realise I'm a new member & you probably wont pay much attention to what I say but I am a top member on other forums & I joined this forum just for all of you who are having trouble with Desktop Hijack malware.

    The easiest way to get rid of it is to download SmitFraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Once downloaded a new folder (SmitFraudFix) will appear on the desktop, open it and double-click SmitfraudFix.exe
    Select 1 and press Enter, a notepad report file will open up, close it and reboot your computer in Safe Mode (before the Windows icon appears, tap the F2,F8 etc. continually) & select the first option, ignore the bottom two.
    Log in as the same person you where when you downloaded the program & not the administrator.

    Open the same file on your desktop & select SmitfraudFix.exe this time Press 2 and Enter.
    You will be prompted Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive.

    It's really that simple!
    HOPE THIS HELPS
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That might be an outside possibility, However, until all the nasties have been cleaned, it`s a waste of time trying to find any other reason for the mouse problem. I`m still of the opinion this is all malware related.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hmm howard..im confused..after i extract the reg tool in my pc and double click it...there were commands from the notepad that appeared, and you siad to copy and paste the following on the command line..you mean in in dos mode? and what will i copy paste? sorry if im a little confused here :)
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    When you extract the Registry Search Tool zip file, you should get the following file. RegSrch.vbs Double clicking on that file should open a small window.

    Copy and paste the following name into the window. Altnet and click the ok button. If anything is found a notepad file will open with the results. Copy and paste the contents of the .txt file into your next post.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    yep i got it...but theres a problem though, when i run the regsearch in cmd, and pressed ok, it says runtime error: permission denied, so i was not able to log it..but i followed ur next instructions and heres my HJT log
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Now run the Registry Search Tool again as per the instructions.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Let me know the results please.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    im sorry howard but i was not able to log the regsearch like u asked me too becoz wen i did it on safe mode, opened it on cmd prompt, and it asked me of what to find, i typed "altnet" then after 30 sec a widget appeared telling me there was no altnet inside..and i pressed ok..that was it..no logs or any kind of commads whatsoever...i hope i didnt screw this up
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s absolutely fine. All that means is you don`t have Altnet on your system.

    How`s your system running at the moment?

    Please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I`m sorry, but I`ve only just noticed your post. I have no problem whatsoever, if you disagree. At least your post was constructive.

    apaullo has already run SmitFraudfix as in these instructions HERE.

    Regards Howard :wave: :wave:

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. apaullo

    apaullo TS Rookie Topic Starter Posts: 80

    hmm it definitely turned out fine from before..even though sometimes spybot catches some annoying medium threats, but nothing to worry about :)

    i changed my antivirus from mcafee 7 to mcafee enterprise...i always run spybot every reboot of my pc..but its ok now i think

    thanks a bunch howard!

    lucky for me, i bumped into this site :)

    ill just post my HJT log later when i get home
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s good to hear.

    However, can you please give me details of what SS&D finds?

    Regards Howard :)

    This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...