TechSpot

Bugged Out

By Marvin
Aug 14, 2006
  1. My computer after an upgrade into a new box has picked up some nasty little bots and I really ought to do a full reinstall, but i'm very nervous about it and would like a step by step talk through.

    I don't want to loose all my software, email and bookmarks.

    How should I go about it?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Let`s see if we can get rid of the viruses/spyware. If we can, you might not need to reformat etc.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log as an attachment into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of Marvin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Thanks Howard, working on it ....

    Switching to IE ... :eek!:
     
  4. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Update on scans ...

    Update so far ....
    In sequence :
    1) Kaspersky gave a report highlighting 21 items but seemingly did nothing about what it found. (?)
    2) support.f-secure scrubbed 8 items
    3) Bitdefender ran all night and scrubbed a ton of junk out. But admitted my computer was still infected.
    and ....
    Housecall.trendmicro does not want to work on either IE or Firefox. The applet (hc.applet.implementation) cannot or will not load.
     
  5. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Ewido Scan Log

    Attached log file from scan
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    D:\Programmes\downloads\Paint_Shop_Pro_7.02_and_Animation_Shop_Pro_3.02_by_Morglum.zip/Psp 7.02 & Asp 3.02 Crack.exe

    Uninstall/Delete the above it`s infected.

    Then follow the rest of the instructions and post a fresh HJT log.

    Regards Howard :)
     
  7. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Done that.

    Ran all the bug fix programmes and a HJT + fixed the requisite files.

    Slowly getting there. A number of programmes are not installing on bootup anymore - Avast! and the Sound Manager Programme (currently running in silent mode) and for some reason my internet connection keeps dropping out.

    Restarting to run another HJT programme, that should be that.
     
  8. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    HJT logfile

    At last one log file ....
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Microsoft Telecoms Center

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    nrcs.exe
    xpfilesys.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\userinit.exe,F:\WINDOWS\NT\nrcs.exe

    O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F179D96D-1760-4427-830F-46FB5CB62A6A}: NameServer = 194.72.0.114 194.74.65.69<Only fix this, if it doesn`t belong to your ISP.

    O20 - Winlogon Notify: rqrsqpp - F:\WINDOWS\

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    F:\WINDOWS\NT\nrcs.exe

    xpfilesys.exe Search your system for this file and delete all instances of it.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Marvin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Done all that, got the sounds driver reinstalled, still dropping the internet connection and I think I need to reinstall Avast (or leave Ewido in it's place?)

    New HJT log ....
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You shouldn`t replace Avast with Ewido. Ewido is not an antivirus programme. It is mainly an anti trojan programme.

    As for you connection dropping out, I suggest you contact your isp and see if they are having any problems in your area.

    Regards Howard :)
     
  12. Marvin

    Marvin TS Rookie Topic Starter Posts: 52

    Thanks!

    Thank you very much Howard, you are a star!

    I have a feeling it's something my son did when he reconfigured everything, sadly he's out of the country right now.

    The connection has been behaving for the last couple of hours .... (famous last words ....)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...