TechSpot

Laptop infected with virus. Followed instructions from board and logs are attached.

By shafe22
Oct 14, 2008
  1. I recently noticed the following message upon booting up my Dell Laptop:

    Windows Update (6300-NGSRP-TMR521A-SMG-542PH-3180) . Check system setting or upgrade system.Maybe your system not full patch .System still safe. PATCH CODE : AS3-CTRKEA-SR.

    I also noticed some sluggishness as well as seeing an occasional "Indian Smile" pop-up come onto my screen with the picture of a young Indian girl. Additionally, and maybe it's just paranoia, but my computer seems to be running hotter as well.

    After some searching, I found this website and the 8-step instructions for removing malware. I ran through the process and am attaching the requested logs. Please help.

    Thanks so much.
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    You are infected. I recommend caution. Wait for a trained volunteer. Other logs may show that the major threat has been removed & the residual effects are easily handled.

    See message #3 in this thread http://www.techspot.com/vb/topic103483.html

    Please be aware that when these F2 entries are fixed HijackThis does not delete the file associated with it. You must manually delete these files. However, it is NOT clear how to recover system files that are infected. See quote above.

    HJT fix but do not delete files may be a safe choice. Downside is re-infection.

    Code:
    F2 - REG:system.ini: Shell=explorer.exe, scvhost.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,scvhost.exe
    [edit] stsystra.exe is legitimate o4 entry. [/edit]

    Here is info showing linkages to this IP.& it raises my suspicions.
     
  3. shafe22

    shafe22 TS Rookie Topic Starter

    Thanks for the information. I will wait for a trained volunteer's input, but would I just be better off cleaning out my entire system and reinstalling everything? If I knew which areas to not transfer over to my external hard drive, I could backup everything else and start from scratch. I have to admit a severe lack of technical knowledge in this area, so please let me know if there are other better options.

    Thanks so much and I anxiously await further input.
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Waiting for trained malware removal volunteer

    When in doubt, back it up. Malware is easier to remove from a non-system disk.
    Here is a recent thread

    AVG may have forums dealing with this trojan. AVG did not clean system32/svchost.exe ? Or it was never infected?
    It could be that they replaced it with a clean version or the informational web site did not have all the details correct.

    I envision running scannow sfc. Worst case outcome - reload XP. I am weak with precise terms, but I am referring to 'replacement' - applications are not touched. If you have a slipstream copy of the installation CD, it takes less work.
    Some reading about SFC and file protection

    I try to avoid making extra posts in a thread. The volunteers get a false signal that progress is being made.

    Unless you know that the o17 entry is useful, have HJT fix it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...