TechSpot

Beyond repair...?

By Nekurahn
Oct 3, 2006
  1. I'm being harassed by pop-ups, something is eating my computer's ressources like crazy since they started a few hours ago making it very difficult to accomplish anything, and Limewire starts on it's own and again indefinitly when I close it myself.

    I rebooted my computer is safe mode with networking to uninstall Limewire but my ressources are still being eaten up by something.

    Also, I am going through the rules of posting and such, but I find that I get stuck at step 1. I have ran both F-Secure and BitDefender of both crashed on me one way or the other.

    Please help me, I don't wantto format again! :(

    Thank you ^^;;
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow as many of the instructions as you can.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. nickslick74

    nickslick74 TS Rookie Posts: 575

    Hi and welcome to TechSpot!

    Follow all of the instructions in this post and create a new thread with your HJT log attached. http://www.techspot.com/vb/topic58138.html

    EDIT: Never mind, Howard beat me to it! :)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s no need to create a new thread, as Nekurahn already has this thread here.

    Also due to the symptoms he`s told us about, I suggest he follows the instructions in the link I gave him, rather than in the trojan pakes thread.

    Regards Howard :)
     
  5. Nekurahn

    Nekurahn TS Rookie Topic Starter

    I remember installing Ewido from the last time I almost made my PC explode so it should still be in there somewhere lol...

    I'm at school right now, but I will get right on it when I get back home in a few hours.

    Thank you for the quick response! :D
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ewido has recently been updated. Therefore I suggest you uninstall your current version and download and install the new version from the link within the instructions.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Nekurahn

    Nekurahn TS Rookie Topic Starter

    r

    Wow ok...Ewido killed my computer when I hit "delete" for all malware and such it had found. Just finished repairing Windows XP ; ;

    I did manage to save the report though. Here it is.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s fine mate, Ewido has killed some nasties.

    Now go and follow the rest of the instructions in THIS thread.

    Post a fresh renamed HJT log as an attachment, only after doing the above.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Nekurahn

    Nekurahn TS Rookie Topic Starter

    I think I fixed it! :D

    Look2me-Destroyer got rid of alot, and then I installed Prevx1 and it cleaned the stragglers.

    Few more problems now.

    1) When I minimize windows, they align to the right instead of to the left? (?? lol)

    2) I have a Dell computer and when boot or reboot, it stays on the Dell logo screen for like 5 minutes untill moving on to leading windows. Then windows loads pretty fast, and then it takes another 4ever to load after I pick my user and it hangs on the "Welcome" screen for another 5min...

    how do I fix that? lol
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Untill you`ve completed the instructions and posted a fresh HJT log, I can`t say with any degree of certainty whether your system is clean.

    Once I`ve seen you HT log, I`ll have a better idea.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Nekurahn

    Nekurahn TS Rookie Topic Starter

    Here's what I got.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please rename HijackThis.exe as instructed and post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Nekurahn

    Nekurahn TS Rookie Topic Starter

    Here we go.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    outlook

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Command Service
    winlog

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    command.exe
    wuauclt.exe
    outlook.exe
    winlog.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - _{8E8A9A89-093F-0AEB-4100-28F07DBD6CB5} - (no file)

    O2 - BHO: (no name) - {09E82B40-5E92-4A55-B84F-8470753B330E} - C:\WINDOWS\system32\mljjj.dll (file missing)

    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

    O4 - HKLM\..\Run: [winlog] winlog.exe

    O4 - HKLM\..\RunServices: [winlog] winlog.exe

    O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\FNTS~1\wuauclt.exe" -vt yazb

    O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll (file missing)

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2lsbGlhbQ\command.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\V2lsbGlhbQ
    C:\WINDOWS\system32\FNTS~1
    C:\Program Files\outlook

    winlog.exe Search your system for this file and delete all instances of it.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. Nekurahn

    Nekurahn TS Rookie Topic Starter

    There we go.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Get some antivirus and firewall software installed asap, before you become reinfected.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Nekurahn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...