Computer always restarting!?

Status
Not open for further replies.
K

kerespup

Posts: 51   +0
Well you guys know me from before, I had that one problem. But now I have a new problem, which happened after I copied some files from my cousin's computer into my flash drive. When I put the flash drive into my computer, I couldn't remove it right away so I tried shutting it down. While shutting it down I saw that lsass was still in process and I had to wait for it to finish.

I checked out a lot of guides and such. I used the FxSasser tool yet it said there was no trace of the Sasser virus then I used the Hoster tool, but each time my comp reboots those random host things appear again. I always have this eksplorasi.exe on the top of my HijackThis log. I checked out the Scheduled Tasks and there was a task named At1, I removed it but when the comp rebooted it's there again. I noticed that if I try searching for a "cure" the computer restarts itself.

Please anyone, help me, I have a term paper due this Saturday and I really need to finish it here in my computer fast.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ZSSnp211.exe
eksplorasi.exe
bronstab.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"

O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\FlyFF\Local Settings\Application Data\smss.exe"

O4 - Startup: Empty.pif = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)

O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\FlyFF\Local Settings\Application Data\smss.exe
C:\WINDOWS\ShellNew\bronstab.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\eksplorasi.exe
C:\Documents and Settings\FlyFF\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\FlyFF\Local Settings\Application Data\services.exe
C:\Documents and Settings\FlyFF\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\FlyFF\Local Settings\Application Data\csrss.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as an AVG Antispyware log. Instructions for downloading, installing and running AVG Antispyware can be found in this thread HERE.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Th..Th...There is one pro...problem *twitch*

I don't know why b..but the *twitch* Folder Options under the tool menu are missing.
 
Are you saying you can`t show Show all files and folders, including hidden and system? If not, just follow the instructions without doing that at this stage.

Here are some instructions. If you can`t follow them don`t worry.

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yessss... I can't show that thing... the only things under my..yy Tools th..thing is .... Map Network Drive, Disconnect Network Drive and Synchronizzzzzzzzeee....

T...Tried doing what you sssaid but... wh..when I press fix checked, many popups of "Administrator disabled editing registry things" I don't know why that haappeenzzz...



My Psychiatrist toldz me not to be in 10 meters range of PC if it were brokenz... He says it makes me crack up...
 
Open Notepad and copy and paste the following:

On Error Resume Next
Set shl = CreateObject("WScript.Shell")
Set fso = CreateObject("scripting.FileSystemObject")
shl.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
shl.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr"


Save this file with .VBS extension.
While saving enter the name in double quotes and select all files from the save as type in notepad.
For the ease of use, save the file on desktop.
for example "regtool.vbs"
When the file is saved as a vbs file then the file icon changes as a VBScript script file.
Double click on the file name to execute it.

It will enable the registry Tools.

Then, try to follow the instructions I gave you.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okiez, I did as what you said.

The file turned into a VBS filez and I pressed it but nothing happens.

Before that I deleted the files listed above manually.

Also, when I went to the Application Data folder I found some bizzare stuff likez:

Loc.Mail.Bron.Tok
Ok-SendMail-Bron-tok
Bron.tok.A10.em
Bron.tok-10-1

Are they viruses too?

Here is latest HJT log.

Thankies for helping me, I hopes everything go fine soon.
 
You have not posted an AVG Antispyware log as requested. Please do so in your next reply.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

Fix all O1 - Hosts: entries.

Close HJT and reboot your system.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks for the help howard. My computer is doing fine now.d

I'm still downloading and updating AVG.

And... :( How can I bring my Folder Options back?

How'd it disappear in the first place? Is that even possible?
 
Once I`ve seen your fresh HJT and AVG Antispyware logs, I`ll try and deal with your folder options.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Argh! Everything was fixed and went fine yesterday until today when I accidentally double clicked on a file instead of deleting it, the whole eksplorasi files and the like are back, and now I can't delete them because when I delete them they just come back. I deleted them before and everything went fine, but it doesn't seem to work now.

Here are my latest HJT and AVG logs (Had to put the AVG log in a zip file since the size was over the limit):
 
Nearly all of the nasty entries are still on your system. Also, the AVG Antispyware log says all the items it`s found have no action taken. This is due to you not telling AVG Antispyware how to deal with the results properly.

See this pictorial guide to AVG Antispyware. Pay particular attention on how to deal with the results. Then, run a fresh AVG Antispyware scan in safe mode, change the action of the results to quarantine and click the Apply all actions button. Reboot into normal mode and run a HJT scan.

Post both the HJT and AVG Antispyware logs as attachments.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I don't know why, I have set it to Quarantine but it didn't do anything.
Well, I did everything manually, deleted the virus files and so everything's going fine now.

And... YAY! Folder Options is back! WEEEEE!!!
 
Please post fresh HJT and AVG Antispyware logs, so I can check to make sure your system is clean.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I had to clean up my computer and my dad's laptop from this whole brontok virus mess.

It actually wasn't from my cousin but actually from my dad's laptop, he had like 3 types of Brontok, A C and H.

By the way Mr. Hopkins, our Flash drives seem to have been infected, any way of cleaning them up? Coz if we'd use our Flash drives it can't be unplugged properly anymore since it says there's a task running from it even though it's empty. Also, I have 5 accounts on my computer, this one and my dad's account were infected. Before, if I'd log in to my dad's account my account gets infected and vice versa. Any way of fixing that?

Really getting tired of cleaning up the brontok mess over and over.

Here are my latest HJT and AVG logs. I have two AVG logs since I'm not sure which one is the latest.
 
Your HJT log is clean.

You`ll need to format your flash drives to be certain of getting rid of any virus they contain, otherwise, you`re just going to keep getting reinfected. Once you`ve done that, remove the flashdrives from the computers and do a full system scan with AVG Antispyware and your antivirus programme. Let me know the results please.

Regards Howard :)

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
530
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E
L
HP Class Action Lawsuit in 2023
Replies
0
Views
292
lsmartin
L

Latest posts

Back