TechSpot

Extreme virus troubles

By neongen
Oct 3, 2009
  1. Hello. This is my first time posting, I made this account because I'm literally at ropes end and I'm hoping you all can offer me an alternative that doesn't involve reformatting my computer, so here goes =(

    I recently aquired a virus. I can't confirm what exactly it is (or they are) but I have a general idea.

    I believe I have Virut, along with Win32 Heur. Avg found 82 infected files of Win32 Heur, and I think it found a couple other viruses along with it, one of which were Virut. Here are my symptoms

    • IE Webpage hijacking, and shutdown of browser whenever an antivirus site is accessed.
    • My Desktop is nonexistent (no start menu, icons, no click and drag either)
    • Explorer.EXE can't be started from task manager (I don't have the proper permission blah blah blah)
    • And the above mentioned also happens for several other EXE files I try to run
    • MalwareBytes gets closed after 6 seconds of scanning
    • and AVG will no longer scan.
    • SuperAntiSpyware gets closed as soon as I try to scan
    I think thats about it

    I've manually deleted a handful of files that seemed suspicious in the System32 folder that were made around the time when I got the virus (I remember the date and roughly the time) as well as some files in my Temp Folder, but they don't seem to help the matter at all

    I ran rootrepeal, and it will terminate as well when I search files, but I used it to search stealth processes and svchost.exe came up, so I'm assuming I have an Infected svchost.exe running which is causing these problems ? On average, 7 should be running I believe, and I have 8 of these processes. I found one in my system32 folder running with a tdlcmd.dll driver, which was installed around when I got the virus, Deleted it, and it didn't help.

    One more thing
    Once a process gets terminated, like malwarebytes or rootrepeal did, I can no longer use it. It says I dont have permission to access it. And then from then on, it'll lose its icon and if i try to delete it, it'll tell me its in use. *Sigh*

    I pray you all can help me. Thank you for your time.
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    What are your computer specs, including the operating system? Can you post a Hijackthis log?
     
  3. neongen

    neongen TS Rookie Topic Starter

    thank you for quick reply, and I apologize for the missing information.
    Windows Xp Home Edition (SP3)
    2.93 GHz
    2gb of Ram
    I juss updated to the newest version of java moments ago and I am downloading hijackthis atm. Should I run HJT in safemode or should i execute it immediately ?
     
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You can download HiJackthis to your desktop and run it from there
     
  5. neongen

    neongen TS Rookie Topic Starter

    "This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem"

    *Sigh*
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    "EXTREME virus troubles- "...

    Reinstall Windows fresh... I know you didn't want to hear this :blush:
     
  7. neongen

    neongen TS Rookie Topic Starter

    I had a brilliant idea. I disconnected my harddrive and attaced it to another pc and am now running mbam and Avira on that drive. 404 viruses (& counting) found on avira, and 154 malware count for mbam. I'm gonna let it scan all night cus it's only 3 hrs in (lol!) but I'll post a report sometime tmrw.
     
  8. momok

    momok TS Rookie Posts: 2,265

    In light of the extreme infection, I would strongly suggest a reformat of your drive, especially if you conduct internet banking or other processes on your system that handles sensitive information.

    Keep important documents and files before you format. Before you transfer your files back, scan them thoroughly with a clean computer.
     
  9. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Good luck, but keep in mind what momok and I have mentioned here :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...