Help! Isnotify

Status
Not open for further replies.
flamingdragon

flamingdragon

Posts: 12   +0
I downloaded something that was fake and it put this virus on my computer that has stopped the internet, a million ads come up and malware/virus notifications which im sure its making, and its made it almost impossible to do anything on my computer. It restarts randomly, and programs randomly close. Spyware doctor, zone alarm, and NOD32 anti-virus have failed to stop it. It's infected multiple files that start in is such as isnotify, issearch, ect. It has also locked me out of task manager, saying the pc administrator has locked me out while im the only one. I cannot use my computer. Help!
 
Hello and welcome to Techspot.

Download and run these four tools. Follow the instructions for using each tool.

Tool1 Tool2 Tool3 Tool4

Then go and read this thread HERE. Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of flamingdragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks, I have used the tools and my pc is better, yet it still is crashing a little. Also when I run spyware doctor when it gets to about 30% it just exits so i cannot use it. Here is my logfile:
 
I can honestly say, I`ve never seen a system so badly infected. You`ve got two choices as far as I can see. Either reformat and reinstall, or follow the instructions below.

If you choose the latter, I can`t guarantee 100% we`ll be able to clear all this mess up, but we`ll certainly try.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard :)
 
I really dont know why my computer is so badly infected, i just did a clean restart of my c drive about a week ago trying to get rid of the isnotify, however it was still on there (probably stored on my other drive). I will try to follow all the instructions, thanks for the help
 
Here is my HJT log, i didnt do all the stuff it said to, yet my older brother came and cleared a lot of it up. Tell me if i need to do more. Thanks again.
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Windows Smrss Service

Close the services window.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: Shell=Explorer.exe,

O2 - BHO: (no name) - {211F749C-4A04-97A3-5BF0-01BDC28A039A} - C:\WINDOWS\system32\mnduwvi.dll

O2 - BHO: (no name) - {3262D1C6-3C83-B1F1-2AD4-0551031DB224} - C:\WINDOWS\system32\vpiqywd.dll

O2 - BHO: (no name) - {8162A973-4FE8-614F-B58E-615391F132E0} - C:\WINDOWS\system32\a*s*s.dll

O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll

O2 - BHO: (no name) - {EEAC7FE6-D0CD-4010-9907-AAC3E679B520} - C:\Program Files\MSN Gaming Zone\ryfy.dll (file missing)

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006Free Install.cab

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O23 - Service: Windows Smrss Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\svchost.exe

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

C:\WINDOWS\system32\mnduwvi.dll

C:\WINDOWS\system32\vpiqywd.dll

C:\WINDOWS\system32\a*s*s.dll I`ve had to put the asterisks in because our automatic expletive code thinks I`m swearing lol

C:\WINDOWS\system32\WinNB57.dll

Once your system has rebooted, turn system restore back on.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of flamingdragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have done everything you said, but their were minor problems. When you said to delete the svchost.exe in c:\windows\ it was not there so I searched for it and it was found in C:\windows\system 32\ so I tried to delete it and it wouldn't so i put it into killbox. Hope thats ok and wont screw up anything. And the winlogon file u said to delete in HJT gets fixed but comes back when I restart the computer. I dont think any of these things will matter though. Other than that the computer is running perfectly, thanks.
Here is the HJT log:
 
I told you to delete the svchost.exe in C:\windows(IF THERE) not anywhere else. The rest of the svchost.exe files are legit and are important for the stable running of your system. Under no circumstances should they be deleted.

Just have HJT fix this inactive entry.

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)

Other than that, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of flamingdragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Nothing would install for a while, yet when I restarted the pc it ran a file repair thing automatically and fixed the problem, so its ok.
 
nevermind, i can not run any programs, including the internet. I'm pretty much back to where i started. what does the svchost.exe in the windows 32 file do?
 
"Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. It manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

I suggest you run a Windows repair as per this thread HERE.

Regards Howard :)
 
I tried a repair install, however when it gets to 33 min. remaining while installing devices it freezes. I have tried restarting several times to no avail.
 
Disconnect all devices not required to run your system. Just leave ram/video card/mobo/cpu/hard drive/cd-rom/psu/keyboard/mouse.

Try the repair again. If that doesn`t help, you may have to think about a reformat and reinstall.

Regards Howard :(
 
I have finnaly got my pc working again by switching my 2 graphics cards back and forth like 20 times. Everything is working fine now, except when i try to get on to some sites (including this one, have to use other pc) visual studio just in time debugger runs and closes internet explorer.


Also I just got a new hard drive and want to get rid of one windows is installed on, so if I install windows on another drive does it erase the data on it?
 
I was actually just thinking about switching to firefox.

I dont understand what you mean by "windows i dont want". Perhaps you misunderstood me, I have 2 hard drives currently in my computer and the computer can only hold two (because it sucks). I have just got a third one that I want to replace with one of the drives in the pc, however that drive has windows on it so I will need to install windows on another drive. So if i do install windows on the other drive in there, will it erase the stuff on it?
 
I`m not sure I follow.

You`ve just got a brandnew drive and want to replace the drive you currently have Windows set up on?

What do you intand to do with the drive you take out?

You will be installing Windows on the brandnew drive?

It`s always best to completely format a hard drive before installing Windows, therefore that would erase any data currently on the drive, but if it`s a new drive, there won`t be any data on it.

I`m sorry if I`ve misunderstood.

Regards Howard :)
 
It is not the new one i want to install windows on, but the second drive thats in the computer, the other drive whitch already has windows, i want to take out of the computer.
 
In that case, I suggest backing up any important data on the drive, then reformat it and reinstall windows on it.

Sorry for the confusion lol.

Regards Howard :)
 
It may be hard to believe but my computer is broken, yet again.

Shortly after starting up it says my drivers are not updated and restarts, only to do it again.

I am absolutely certain my drivers are updated.
When i uninstalled graphics for video card in safe mode, it stopped doing it.
I then went to the ATI website and downloaded and installed the latest drivers and it is doing it again.

Thanks
 
I`m sorry to hear you`re having major problems.

Go HERE and follow the instructions.

If that doesn`t help, start a new thread in our Windows OS forum.

Regards Howard :)

This thread is for the use of flamingdragon only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
467
eriksnyman1
E
midian182
Over 170 million fake reviews were removed from Maps and Search thanks to Google's new...
Replies
0
Views
102
midian182
midian182
I
  • Locked
Inactive Virus or rootkit on Windows and Linux
Replies
9
Views
2K
Broni
Broni

Latest posts

Back