TechSpot

Bugged Out Virus Issue

By P3ANUT
Jun 17, 2009
  1. Hi,
    I Currently have a computer that is Infected by Spyware or Virus (am not sure). I can´t run any of my Security Tools like, (Spybot,Malwarebytes Anti-Malware,Registry Clean Expert) Etc. I was able to install (Malwarebytes,Spybot,Spyware Terminator,Symantec Endpoint Protection) but its not letting me use the program it self xcept for Spyware Terminator.
    Ive also try to boot in safemode but i get the same results. So am assuming The (Virus) has disabled all (Antivirus/Spyware Softwares), Another thing that i just notice while typing is that when i type While holding Shift (Symbols,quotes or dashes) Etc, It totally inserts something different other than the original symbol. Ive Try to get help at the Spybot forum
    but i haven´t got a response yet,

    Ive Upload a HJT LOG , am unable to get the other two logs cause both programs won´t start up for me
    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go back to your original post here: http://www.techspot.com/vb/topic129480.html

    Follow what I left for you. Then come back to this post and hopefully you will be able to run the programs.

    Edit: you did the right thing coming here- you were just too fast for me! When I looked at the HijackThis log, I worked through some things that will hopefully allow you to run the programs. So do that, then try to run the other programs and attach logs here.
     
  3. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    Thanks Bobbye for the Help.
    Ive did what you say in the other post, When i try to run Superantispyware
    i get this probelm, Superantispyware application has encountered
    a problem and needs to close, etc

    Spybot,Spyhunter,Malware still don´t open
    Ive upload a new HJTL
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The HijackTjis log looks much better!

    You can open HijackThis first to Do System Scan Only and check the following:
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154027607\ee\AOLSoftware.exe
    Close all Windows except HijackThis and click on Fix Checked.
    This can be:
    Then run full system scan with the Symantec AV. You probably won't be able to update, but run the scan anyway- attach the log.

    Then run the Symantec AV scan. Attach log.

    Errors in Event Viewer: Look for any Errors in the Event Log that correspond to:
    Also look for corresponding Errors to time when you attempt to run Mbam and either you get a message, or nothing happens.. Here's how:

    Start> Run> type in eventvwr
    Do this on each the System and the Applications logs:

    • [1]. Click to open the log>
      [2]. Look for the Error>
      [3] .Right click on the Error> Properties>
      [4]. Click on Copy button, top right, below the down arrow >
      [5]. Paste here (Ctrl V)
      [6].NOTES
      • You can ignore Warnings and Information Events.
      • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
      • You don't need to include the lines of code in the box below the Description, if any.
      • Please do not copy the entire Event log.
      Errors are time coded.

      Don't worry about the anti-malware programs not starting now- such as Spybot, Spyware Hunter, Spyware Terminator

      Please download ComboFix HERE:
      With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Please disable all security programs, such as antiviruses, antispywares, and firewalls.
      Also disable your internet connection.

      • Run Combo-Fix.exe and follow the prompts.
      **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
      • Wait for the scan to be completed.
      • If it requires a reboot, please do it.
      • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

      Do not click on the ComoboFix window, as it may cause it to stall.

      CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

      Attach AV scan, Errors, ComboFix report.

      It's better if you don't type in the BOLD print. Sometimes we copy and paste part of a reply, and if I want to use BOLD to empathizes a point, the contrast won't show.
     
  5. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    Thank you Bobbye for you time and help, ill check this in a bit ill come back with results
     
  6. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    I found the maleware its called Packed.Generic.200
    Its not letting me upload the log.csv file, ill try to continue this later on when i have time
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix report is at C:\ComboFix(.txt)

    Did you rename it before installing?
     
  8. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    Thanks Bobbye for the help, i think am almost out of the jungle
    Heres a new Hijack list and the rest of them. My system running pretty good so far
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do NOT use System Restore. Malware is in the restore points. I'll have you remove them when system is clean.

    You show heavy use of uTorrent and it appears you have pirated software:
    Microsoft.Windows.XP.Professional.SP3.Integrated.April.2009.Corporate.Unattended-UP2DATE.torrent
    c:\documents and settings\Owner\Application Data\uTorrent\

    First.Aid.Platinum.v7.0.0.1648.Multilingual.Incl.Keymaker.torrent
    SpyHunter Security Suite 3.5.11+Crack-HeartBug.torrent

    Since you are getting help and acting on it in the Spybot forum, I will turn you over to them.
    http://forums.spybot.info/showthread.php?t=49406&page=2
     
  10. P3ANUT

    P3ANUT TS Rookie Topic Starter Posts: 30

    Thanks Bobbye's for you help,
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...