TechSpot

Computer infected after Windows reinstall

By PF_PLAYER
Mar 31, 2007
  1. Hi.
    some days ago, i decide to format my pc, and when the windows starts the first time, i installed the internet modem and some drivers, and de avg antispyware and avast, and other anti spyware, and i do the updates.
    So, some minutes later, appear some virus like a message box saying that my computer is infected, and say to click in the icon to instal a program... and if i rebot the pc and do a scan i can see that my pc is infected with a lot of virus (http://xs313.xs.to/xs313/07136/help.PNG), so i do a lot of scans in safe mode with adware se, avast, and avg antispyware, and they detect the virus, and they remove them, but when i start the pc again i can see that i have the virus again.

    some problems: sometimes i can not open the task manager, regedit...
    make my internet conection crazy,
    message saying that my pc is infected with a icon in windows bar

    I have formated my pc a lot of times but is not working.

    today i formated my pc again and i do this steps: http://www.techspot.com/vb/topic58138.html
    now the pc looks good, but i still have some problems, like the internet conection that some times is good but other times is slow.
    and avast sometimes say that have stopped a trojan, and if i do a scan, he detect some trojans...



    sorry for my bad english
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    It appears you`re not running any firewall software. This is a huge security risk and may well be why your system keeps getting infected.

    Download and install one of the free firewall programmes below.

    Zonealarm or Kerio free firewall programmes.

    Your AVG Antispyware log says no action has been taken for any of the results. This is because you didn`t tell AVG Antispyware to quarantine the results. See HERE for instructions.

    Now do the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Live Messanger
    MSN Live Messanger

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    livemsgr.exe
    msnlivexp.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O4 - HKLM\..\Run: [Live Messanger] livemsgr.exe

    O4 - HKLM\..\Run: [MSN Live Messanger] msnlivexp.exe

    O4 - HKLM\..\RunServices: [Live Messanger] livemsgr.exe

    O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlivexp.exe

    O4 - HKCU\..\Run: [Live Messanger] livemsgr.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{E0AEB2DF-4BD9-4061-B577-D7E9628A6956}: NameServer = 212.55.154.174<Only fix this if it doesn`t belong to your ISP.

    O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    livemsgr.exe
    msnlivexp.exe
    <Search your system for these files and delete all instances found.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as well as another AVG Antispyware log.

    Regards Howard :wave: :wave:

    This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Never mind this post, go ahead Howard. :)
     
  4. PF_PLAYER

    PF_PLAYER TS Rookie Topic Starter

    i try to download the firewall but, the mozilla closes every time i open the kerio site, so i formated the pc again today, and i do that you say me to do.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Please post a fresh HJT log from normal mode.

    Regards Howard :)

    This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. PF_PLAYER

    PF_PLAYER TS Rookie Topic Starter

    hijackthis.log
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    It appears you`re running a completely unpatched version of windows. This is a huge security risk.

    Run Windows updates and install at least service pack 1 and preferably service pack 2.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.