TechSpot

Just another noob with another problem

By Scottie Daddy
May 20, 2008
Topic Status:
Not open for further replies.
  1. I would like to get to know this site and people, but I am afraid I have a pretty big crisis on my hands. I am going to provide as much information about it as possible. I have done some research and found out I have a malware virus, as well as adware trojans and crap too.

    First of all, my name is Christopher M. Scott, Chris for short, Scottie Daddy to prevent confusion amongst the other Chris's in the world. There is only 1 Scottie Daddy :D

    OK, anyways, here are some of the problems I am having:

    1. c:\windows\system32\xwusuhzh.exe This little booger has disabled my task manager. When I hit ctrl+alt+del it says the administrator is preventing me from opening it. I AM the admin! I also can't open it by any other means... task manager is off limits to me... which sucks.

    2. Everytime I restart the computer, it is automatically waiting on me... Notepad has to close b/c "Microsoft" says it is unsafe. Which means I can't manually change the value of programs, and I can't get a textable log from Hijack This! Notepad is not functional at all....

    3. When I am on Google.com (my homepage) and I type "xwusuhzh.exe" so I can obtain information, and the list is populated, I click on the link, and thanks to a "TrojanDownloader.XS" I am re-directed to other sites. Stuff like yahoo jobs, and other search engines. Pretty annoying... I can however copy and paste the address into a new browser window, so, that's at least good... ?

    4. I download and ran, in safe mode, SmitFraudFix. It would get to the point of deleting the Temp folder, then say another program is using the Temp folder so it CAN'T delete it, and then it restarts. It never disk cleans... it actually doesn't do anything.

    There is more to go on, but, I have over 30 gigs of crap on here, never backed up (stupid me, I know) limited CD-Rs, I am poor, so a manual way to remove this crap would be prefered over buying a Microcrap anti-spyware program for $$$ I don't have...

    If someone would help, I would be greatly appreciated. Some other files on my computer which were deemed "bad" are located in the c\windows\ folder:
    editpad.exe
    msconfd.dll
    quicken.exe
    iedll.exe
    internet.exe
    mssys.exe
    msupdate.exe
    notepad32.exe
    svchost32.exe
    window.exe
    win64.exe


    Everytime I delete a file, it is spawned again... and if I can't delete it it's b/c it is ran by another program, which I am assuming is the virus.


    Anyways, please help. I am not totally noobified when it comes to computers, but keep in mind I only hung w/ Windows 95, then switched to Windows 98 (hard choice) in 2003, which once I got 98 my computer crashed. Since then, I haven't been online for 4 years, got 2 kids, full-time job, and all the stress life brings with it. I do have an Everex computer (I've never heard of it, came from Wal-Mart... wedding gift...) with Windows XP... AMD 64 Athlon processor, like 2 GHz I believe... argh, this is frustrating, I can't even think straight. Talk to me like I am a complete ******* noob :(
  2. AtK SpAdE

    AtK SpAdE TechSpot Chancellor Posts: 1,846

    Have you tried running it in safe mode?

    Also turn off your System Restore.

    WIthout the ability to run HJT I am not sure what you can do. I would say reformat but I am sure there is a way you can get out of it.
  3. CCT

    CCT TS Evangelist Posts: 3,556

    Try this then:

    Start
    Run
    Enter 'cmd /k' (no quotes)
    Enter 'cd\' (will get you the C:\ prompt)
    Enter 'cd\windows\system32\'
    Enter 'dir /w'
    If you can see the item, Enter 'erase xwusuhzh.exe '
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    This is a rootkit problem that can't be removed by deleting that one file.

    It is more than likely attached itself to the Userinit value, which specifies what program should be launched right after a user logs into Windows.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon ->under the value Userinit.

    -----------------------------------------------------------------------

    Attach a Hijackthis log here and we can go from there.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.