TechSpot

HJT log - help for a very annoying virus.

By Koneko
Oct 21, 2006
  1. I know you've probably heard this all before but I have that unbelievably annoying msn virus. I'm not sure what it's specific name is.

    All I know is that I got a message saying "omg is this you" followed by what looked like a photobucket link.

    As soon as I was stupid enough to click, it infected my comp and send a billion other messages similar to it to all the contacts who were online on my list.

    Everytime msn opens up, desktop icons like "wen" and "one" and "gol" etc keep popping up.

    Not only that, but it's open my comp up to a bunch of other infections =/

    Can someone help me please? I've posted on a few other boards for help, but it seems like my post keeps being looked over -.-
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    hello!
    please go HERE, follow all the instruction to the letter. be sure to update hjt from the link given, after updating it alter the name to 'hijackthis1991', and then after all the scans have been done, post a fresh hjt log as a txt attachment along with avg log scan, instructions are there how to. you may also need to get a firewall. www.zonealarm.com its a free one
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    PRINTV~1

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    pvmodule.exe
    in.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL

    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll

    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\ROSA\in.exe

    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ROSA\Start Menu\Programs\IMVU\Run IMVU.lnk

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\PRINTV~1 Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log as an ATTACHMENT See HERE. Let me know if you`re still having problems.


    Regards Howard :wave: :wave:

    This thread is for the use of Koneko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. Koneko

    Koneko TS Rookie Topic Starter

    hey, i'm having an issue now after downloading the zonealarm thing mentioned above.
    When i went to reboot, my screen just went black after the Windows XP splash screen.
    Now it constantly goes to that black screen.
    Safe mode works though.

    P.S I'm using laptop right now.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Uninstall Zonealarm it can cause problems on some systems.

    Follow the instructions I have given you and post back with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Koneko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Koneko

    Koneko TS Rookie Topic Starter

    View attachment 9929

    Did what you said - and yeah, now it actually gets past the black screen without the zone alarm
     
  7. Koneko

    Koneko TS Rookie Topic Starter

    oh, and it also seems like the msn problem is now gone.

    I'm not 100% sure though.

    Just the other times I tried the moment it signed on it spread the virus message. And a bunch of processes popped up in taskmanager and icons popped up on the desktop.

    That stopped.

    Just checking though to be safe, is there more I should do?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Try the free Kerio firewall programme.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Koneko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Koneko

    Koneko TS Rookie Topic Starter

    I seriously can't thank you enough.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...