TechSpot

Computer infected with virus.

By sedarati
May 1, 2006
Topic Status:
Not open for further replies.
  1. Computer infected with virus. :(

    I have contracted this stupid viruses which is locking various windows explore features like right click and also getting pop ups and tray icons etc the usual crap

    Beneath is my hijackthis log hope someone can help really need to fix as my deadlines are soon and im ****ed otherwise so if theres any body who can help be blow this virus up please help :)
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
  3. sedarati

    sedarati TS Rookie Topic Starter

    sorry

    sorry my bad
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    No problem.

    I`ve also changed your thread title, to something more appropriate.

    Regards Howard :)
  5. sedarati

    sedarati TS Rookie Topic Starter

    Computer still infected with a virus. :(

    Have spent all night doing all the stuff recomended before posting these logs which i hope someone can help me with i have got rid of some parts of the virus but defintly sum still remain. the tray icons have gone but still sum dodgy proceesses running and still getting pop ups Please Help:(

    Im using windows Xp sp2
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Click start/run and type regsvr32 /u C:\Program Files\Intel\medonuga.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    POlNT32.EXE
    taskdir.exe
    keyboard16.exe
    mousepad16.exe
    newname16.exe
    susp.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

    O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
    O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: clsemixer.MyBHO - {898827FA-0AE9-4F7A-ADD9-1E7CE37CF4B0} - C:\WINDOWS\system32\clsemixer.dll (file missing)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard16.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad16.exe
    O4 - HKLM\..\Run: [newname] C:\windows\newname16.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [POlNTER] POlNT32.EXE
    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107963243203
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\taskdir.exe
    C:\WINDOWS\system32\susp.exe
    C:\windows\newname16.exe
    C:\windows\mousepad16.exe
    C:\windows\keyboard16.exe
    C:\Program Files\Intel\medonuga.dll
    POlNT32.EXE You will need to search your computer for this file. Probably it is in the Windows or system or system32. folders.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
  7. sedarati

    sedarati TS Rookie Topic Starter

    Fixed

    Thanks for the fast and effective help :)

    attached a little picture for u :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.