I Need Help Getting Rid of a Virus!

By Jamie4br
Feb 17, 2008
  1. Hi, I recently downloaded a virus and I'm having a hard time getting rid of it. I have already taken the following steps to try and get rid of it.

    1) I downloaded a free trial of Kaspersky anti virus and ran it in safe mode.
    2) Ran Ad Ware
    3) Downloaded Spybot Search and Destroy and ran the program.

    Any ideas?

  2. cmatthee

    cmatthee TS Rookie

    What symptoms is your computer giving that you think that you have a virus
  3. cmatthee

    cmatthee TS Rookie

    while i'm talkoing to you. how do i start a new thread?
  4. Jamie4br

    Jamie4br TS Rookie Topic Starter

    My desktop is constantly being changed to a blue background advertising anti-virus software, I get popups in my task bar saying I'm infected with a virus, pop-ups that look like windows security center saying that I'm infected, my task manager keeps restricting my access to it, etc...
  5. Jamie4br

    Jamie4br TS Rookie Topic Starter

    At the top of the forum menu page (where you select the thread you want to read), there is a button at the top that says "New Thread". Click it and post away.
  6. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Here is my Hijack this log:
  7. cmatthee

    cmatthee TS Rookie

    the message popping up in your taskbar. Type it into google search and it will give you a link to download a small until to remove it. This normally comes from crack sites if you don’t have a proper antivirus. Happened to me before as well. :mad:
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  9. Jamie4br

    Jamie4br TS Rookie Topic Starter

    I followed the instructions on the link you gave me and attached the requested logs. Other than running a little slow (I think it's because of the extra programs I have running) my computer seems fine. Let's hope this is the case!

    Attached Files:

  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    ok, few things.

    1)The items found in your AVG log say -> No action taken.

    AVG AntiSpyware
    • Launch AVG AntiSpyware
    • Click on the Update Icon at the top, then click Start Update in the left pane
    • After the update click on the Scanner Icon at the top, then select the settings tab, in the first section "How to act?" click on recommended actions and change it to delete.In the reports section make sure it is set to Automatically generate report after every scan
    • Click back to the Scan tab and select Complete System Scan
    • Finally, after the scan, select the Infections Icon at the top, click Select All at the bottom then Remove finally also at the bottom

    2) Run Smitfraudfix
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    3) Run HiJackThis from normal mode and attach a fresh log, can you also run a fresh combofix after following the above and post that log.
  11. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Here are the logs...

    Thanks in advance for the help!

    Attached Files:

  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Just so you know you are/were infected with a keylogger. What is a keylogger?

    It is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).

    You may want to read this thread Is your system infected? Read this before Cleaning or Formatting

    Let me know if you would still like to attempt to clean your system, there is no guarantee that we can find 100% of the infection

    If you decide that you would prefer to clean your system please post a new combofix log.
  13. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Here's the the new log...

    I would definately prefer to fix this over formatting my hard drive.
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    It appears this is a fairly new infection so please do the following

    Upload a File to Virustotal
    Please visit Virustotal found HERE
    • Click the Browse... button
    • Navigate to the file C:\bhka.exe
    • Click the Open button
    • Click the Send button
    • Copy and paste the results back here please.
  15. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Hmmmm, I can't seem to locate that file. I did a manual search and I did a search using the "find" tool. Any suggestions?
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Go to Start, click Search, click All files and folders, and then click More advanced options. Click the check boxes to Search system folders and Search hidden files and folders.

    In the search box for All or part of the file name please type bhka.exe it could also be under Wintel Update so search for that as well. if you find the path please use the same instructions to upload to Virus total.

    If you cannot find either of them, then we just need to remove it from the registry. In this case just post a new Hijackthis log
  17. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Okay... I searched for both files (as per your instructions) and nothing came up. Here is my new hijack this log.
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, the file is gone, just need to kill the startup entry.

    Run Hijackthis and select System Scan Only and put a check next to
    O4 - HKCU\..\Run: [WintelUpdate] C:\bhka.exe

    Select Fix Checked

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 4
    • The 4th option down is the one you want
    • After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
    • Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions in your case Java 6 Update 3


    Go to start -> Run -> type in combofix /u
    *note the space between
    This will uninstall combofix
    *remove vundofix backups
    *remove quarentine files
    *create a fresh clean restore point

    Remove Hijackthis from Start-> control panel -> add/remove programs
    Remove the 3 tools from step 10 (smitfraud, vundofix,virtumondobegone) by dragging to the recycle bin

    I recommend you keep
    1 anti virus program (AVG not anti spyware)
    1 firewall
    Spybot S&D, Adaware 2007, AVG Anti Spyware if you want but the version we downloaded is a 30 day trial

    keep them updated.

    Turn back on your resident protection for your anti-virus

    You can also turn on tea timer in Spybot:
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • check Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.
  19. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Hi... I just remembered that I forgot to thank you for your help. You definately saved the day. I was not looking forward to backing up 80gigs of files and then reformatting my laptop!

    Thanks again!
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    No problem, is everything still going ok

    and Java 6 update 5 just came out since we did this. This one can normally be done through the console

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
  21. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Everything seems to be going well. I haven't noticed any of the indications of the virus that were apparent when I was infected. I was even able to get rid of the Virtualmode virus that was on my work computer by myself... well I went over some forums and saw the various ways other people got rid of it. People always use my PC while I'm away at lunch and they must have opened something they weren't supposed to and decided not to tell me about it.

    But a long story short... everything is looking good. I will update JAVA when I get home tonight.

    Thanks again!
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You are very welcome, if you have any more issues feel free to use this thread
  23. Jamie4br

    Jamie4br TS Rookie Topic Starter

    Hello again,
    My girlfriend's computer seems to have a virus on it. Basically, I get the blue screen of death whenever I load windows normally and in safemode. I've downloaded kaspersky antivirus on her computer and have tried running it several times. Yet each time I run it, I get the BSOD. I'm assuming the BSOD has something to do with the malware.

    The error message is:


    I've also updated her driver for her network and video cards.

    Any ideas?

    Thanks again.
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Usually crashes come from an SDBot variant infection. Or it's not related to malware.

    If the computer has XP on it try this, if it has vista let me know and we will try to find an alternative.

    Download and Install SDFix
    • Download SDFix and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

    Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...