Computer infected with virus.

Status
Not open for further replies.

sedarati

Posts: 11   +0
Computer infected with virus. :(

I have contracted this stupid viruses which is locking various windows explore features like right click and also getting pop ups and tray icons etc the usual crap

Beneath is my hijackthis log hope someone can help really need to fix as my deadlines are soon and im ****ed otherwise so if theres any body who can help be blow this virus up please help :)
 
Hello and welcome to Techspot.

Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log as an attachment, only after doing the above.

Regards Howard :wave: :wave:
 
Computer still infected with a virus. :(

Have spent all night doing all the stuff recomended before posting these logs which i hope someone can help me with i have got rid of some parts of the virus but defintly sum still remain. the tray icons have gone but still sum dodgy proceesses running and still getting pop ups Please Help:(

Im using windows Xp sp2
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Click start/run and type regsvr32 /u C:\Program Files\Intel\medonuga.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

POlNT32.EXE
taskdir.exe
keyboard16.exe
mousepad16.exe
newname16.exe
susp.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: clsemixer.MyBHO - {898827FA-0AE9-4F7A-ADD9-1E7CE37CF4B0} - C:\WINDOWS\system32\clsemixer.dll (file missing)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard16.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad16.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname16.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [POlNTER] POlNT32.EXE
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107963243203
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\susp.exe
C:\windows\newname16.exe
C:\windows\mousepad16.exe
C:\windows\keyboard16.exe
C:\Program Files\Intel\medonuga.dll
POlNT32.EXE You will need to search your computer for this file. Probably it is in the Windows or system or system32. folders.

Reboot into normal mode and turn system restore back on.

Regards Howard :)
 
Status
Not open for further replies.
Back