Like you have never seen this but help

Status
Not open for further replies.

YoYo888

Posts: 29   +0
somehow some where I got a virus i'm pretty sure i keep getting this command popup on my desktop even when i dont have a browser open. I have looked in add and remove programs and found this command program listed, and it wasnt there before the worst part is it wont let me remove it. my tray icons are all gone and instead there are little blue blocks taking their place. I'm running extremely slow.
my os is windows xp pro laptop is a dell inspiron 6400.
can anyone help me with this? please!
 
TY for the quick reply I just rechecked progress now it says 5 hours lol
I'll re- post when i get done with the 15 steps. It will probably be tomorrow.

I cant seem to get to the hjt.exe file in order to change the name. can someone tell me how to do this? when i go in through program files it only sows me the startup icon for hjt
 
Start-->Run--> C:\Program Files\Trend Micro\HijackThis

This will open the normal install folder of HiJackThis, where you can rename it
 
ty got it will coninue on with the steps

looks like im full of questions tonight. All of my desktop icons and my taskbar just went away!!! should i panic now or just restart?
 
Sounds like explorer.exe just stopped running. Try hitting CTRL + ALT + Del and choosing File > New task. Type 'explorer.exe' in the box and see if that fixes. A restart would also work.
 
Step 10 tool 2

when I went to download the tool # 2 the website says it is unavailable.
Is there another place to get this?
 
Please attach logs instead of copy and paste

Tool 2 works just fine for me> you can skip it as tool 3 should pick up the same infections

Tool 3
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please attach C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
There are some shady sites in the log you copy and pasted you might want to look in to vmware or other virtual machine if you pick up a virus on that you can just delete the VM.
 
Ok I went back and tried tool 2 again it worked this time no infected files were found
ran tool 3 as well no infections found there either

no rootkits were found with panda
 
os problem

good day. I have a problem with my internet, it keep showing internet problem, and sometimes it hangs. i cant even close the task. what shall i do?
 
Hi zenenpt,

Welcome to Techspot!

This thread is for the use of YoYo888 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in your own thread with the requested logs. There should be at least 3.

1)MBAM or SAS log
2)Combofix log
3)Hijackthis log (Step 15)
 
Ty for all your help.
let me know if there is anything else I need to do.

do I need to perform any other tasks after posting my 3 logs?
 
No

By the way are you getting anymore popups on your desktop?

Whilst waiting, for the logs to be checked, you could run CCleaner and then defrafg your computer

Mind you, if I were you, I'd probably run Malwarebytes to be doubly sure
If you do this though, you would need to supply a new HJT log once finished

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
 
No I am not getting any more pop-ups but I keep getting a notice from McAfee refering to PUP's listed as being associated with my restore files but I was able to Quaranteen them using McAfee, but I have not seen that in 2 days. I am downloading MBAM and will run it and attach a new HJT on my next post.
Thank You all for your excellent help. If you ever need any info on your vehicle let me know. Thats what I DO know how to fix lol.

I ran the malwarebytes and attached the log let me know what I should do (what to remove?)
 
Actually I'm not perfect at going through these big lists
But if it was my computer I'd uninstall Spyware Doctor (slows computers down)
Also SUPERAntiSpyware and Ad-Aware

Remove these entries: (mainly poker sites)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokerfreerollsonline.com/
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Billy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Billy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\Billy\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: G2GPoker - b259f30a-f4f4-4fe5-81b4-9696d9c75daf - C:\Documents and Settings\Billy\Start Menu\Programs\G2GPoker\G2GPoker.lnk (HKCU)
O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Documents and Settings\Billy\Start Menu\Programs\IronDuke\IronDuke.lnk (HKCU)
O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\Billy\Start Menu\Programs\Games\PokerNordica\PokerNordica.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Billy\Start
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://66.91.147.106:8010/activex/AMC.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7560-b440h-turbotax/rnl/java/RntX.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://spinpalace.microgaming.com/freeplay/FlashAX2.cab

Actually reset IE fully: http://support.microsoft.com/kb/923737/en-us
 
Status
Not open for further replies.
Back