I messed up with my notebook... :(

By Sky85
Apr 30, 2010
Topic Status:
Not open for further replies.
  1. Ok guys, first of all...presentations.

    I write from Italy, so I apologize in advance if my English may be not very clear.
    Since yesterday morning I'm fighting resultless again some kind of virus/malware/spyware -I don't know- that affected my notebook .
    Surfing the web for a solution I found this website that seems very complete and clear with competent people, so I decided to register and open a thread, hoping someone will help me.
    I'm not new to this situation, I've already beated some viruses in past, but this time seems a very serious one.

    I followed carefully the instructions explained here: http://www.techspot.com/vb/topic58138.html, and I managed to delete some viruses I think, but I'm still having problem, like the task manager that doesn't start in anyways, slowed down netsurfing, windows update service that doesn't work (I can't even access to the Microsoft Windows Update web page!), continuous messagges of founded virus/undesired software from my Avira Antivir, and some time BSOD. These are only few problems that I noticed since yesterday my computer didn't run good like alway in past...

    I followed the step 8 and I attached to this post the logs of my scan, in addiction I attached the log of the antivirus too.
    Some words are Italians but the substance shall be the same, so I hope you can understand them and help me in someway, because I'm really desperate and I don't know what to do more..

    Thanks in advance.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot, Sky. I'll help with the malware. Your system is badly infected. One of the infection is a Rootkit, so it's going to take some work. The preliminary programs we had you run will not remove all the malware alone.

    It is advisable that you change all of your passwords and monitor any online financial transactions.
    =================================
    There is another part to the DDS log. It is named Attach.txt. Please find that and leave in next reply.I also need you to run the following:

    Security Check
    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.
    ==============================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    ==========================
    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please choose English when you run the scans. Leave the logs in your next reply.

    Please don't run any other cleaning programs or scans while I am helping you unless I request you to. Don't use a Registry cleaner or make any changes in the Registry
  3. Sky85

    Sky85 Newcomer, in training Topic Starter

    Hi Bobbye, and thank you very much for trying to help me.

    I have a problem with Eset Online scanning: it always stuck at 30%, while analizing some ...\NTUSER.DAT{3a539 etc. (long series of numbers and letters)}.TMContainer000000000000. I don't know why..! :S

    I attached the remaining reports.
    Regards

    Update 18:50 : I noticed that most of viruses are gone (now I can open Task Manager and use Microsoft Updates, for example), but when I insert my Kingston USB key 4GB, Avira alerts about some viruses found (winxp.exe and images.jpg)!

    Update 20:00: Dams it is back again ...now every time I reboot my PC it appear 2 messages from Avira of virus founded... some kind of images.jpg and winxp.exe... :'(

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Your flash drive is infected: D:\Autorun.inf, C:\autorun.inf, F:\Autorun.inf.

    Do not use it until you have disinfected it.

    Threat Removal Procedure:

    • [1]. Download Flash_Disinfector and save it to your Desktop.
      [2]. After downloading, double-click on Flash_Disinfector to run it.
      [3]. Just follow the prompts and continue until it begin scanning.
      [​IMG]
      [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
      [5]. It will scan removable drives, wait for the scan to finish. Done.
    ===============================
    Try this online scan: after the flash drive is cleaned up:
    Open
    Kaspersky Online Scanner in Internet Explorer


    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Click Accept and the web scanner will begin to load
    • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
    • You will be prompted to install an ActiveX component from Kaspersky, click Install
    • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT and then Scan Settings
    • In the scan settings make that the following are selected:
      [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
      [o] Scan Options: Scan Archives> Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      [o] Select My Computer
    • The program will start to scan your system.
    • Once the scan is complete, click on the Save as Text button and save the file to your desktop
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
    ================
    Please run Combofix again: follow the directions to :
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Leave Kaspersky and Combofix reports in next reply.
  5. Sky85

    Sky85 Newcomer, in training Topic Starter

    I downloaded Flash_Disinfector, but when I double-click on the icon nothing happens, even if I try to 'run as administrator'... :((

    EDIT: It say "Cannot create PV.exe"..

    Ok..I'll stay away from my notebook for a couple of days, for work.
    So let's see you... Bye!
  6. Sky85

    Sky85 Newcomer, in training Topic Starter

    No other ideas? :(
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please run Combofix and the Eset online scans as requested.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.