Lots of viruses

By --Timmy--
Feb 9, 2007
Topic Status:
Not open for further replies.
  1. --Timmy--

    --Timmy-- Newcomer, in training Topic Starter Posts: 49

    Oh wait, here.


    The numbers went backward, not forwards


    /sigh :p
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Looks like it deleted a load of crap.

    Now do the following exactly.

    Run the ISTbar removal tool.

    Run the Ccleaner programme.

    Run AVG Antispyware scan and post the log, only if it finds anything.

    Delete all Combofix logs, then run Combofix and post the new log.

    Let me know what problems you`re still having, if any.

    Regards Howard :)

    This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. --Timmy--

    --Timmy-- Newcomer, in training Topic Starter Posts: 49

    Hello howard, sorry about the late reply..

    I don't go on as much during the weekdays.


    I did a repair install - Some things are still a bit dodgy, i will possibly be getting a new rig in 2-3 weeks. :)



    Thanks for all the help.


    I also think i have a virus..

    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)


    Tried deleting it but it comes back
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    You`re quite right, the mousecrm.exe is indeed a virus. Please post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. --Timmy--

    --Timmy-- Newcomer, in training Topic Starter Posts: 49

    Here we go..


    Also , after i did repair install.. My pc isn't detecting my GPU, so when i try to install new drivers. It sais something about not being compatible with your hardware :|

    For eg. when i scroll down in mozilla, it flashes as if im in safe mode




    Also avast is detecting alot, i will post + edit its findings here.

    C:\Documents and settings\Georgie\...\lo1[1]
    Is the trojan horse TR/vundo.gen
    <Fixed

    C:\Windows\System32\iiiii.dll
    Is the trojan horse TR/vundo.gen
    <Fixed

    C:\WINDOWS\system32\spoolvc.exe[
    Name: Backdoor.sdbot.aad
    Risk: High, Found by avg anti-spyware

    C:\Documents and Settings\....\acid[1].exe
    Is the trojan horse TR.Crypt.ULPM.gen


    C:\msetss.exe
    Is the trojan horse TR.Crypt.ULPM.gen



    Also i decided today that i will be splashing out a bit on the new pc :D



    Thanks, Tim


    EDIT: Running vundo fix now, silly me :p (Found 3 so far)
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\ddcaxwu.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Mouse Cursor Monitor (mousecrm)<Disable the service name and/or the name in brackets.
    Task Client Manager

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    spoolvc.exe
    mousecrm.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O20 - Winlogon Notify: ddcaxwu - C:\WINDOWS\SYSTEM32\ddcaxwu.dll

    O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)

    O23 - Service: Task Client Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\spoolvc.exe
    C:\WINDOWS\System32\mousecrm.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. AricCougar

    AricCougar Newcomer, in training Posts: 26

    Same issue?

    I think i may have the same issue as this user. Am i allowed to post to this forum? I found iiiii.dll.
  8. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Please don't post in this thread anymore it was for the use of --Timmy-- only. The instructions given were for this user only
  9. --Timmy--

    --Timmy-- Newcomer, in training Topic Starter Posts: 49

    hahahahahahah

    i just checked my emails and saw that i was subscribed to this thread still... lol !

    Anyways i haven't gotten a virus since formatting and starting off with a clean system and looking after it.

    -Need a decent av
    -Need a decent firewall
    -Be cautious all the time.

    Also, why was howard banned? :)
  10. momok

    momok Newcomer, in training Posts: 2,272

    Thread closed. Do not post in year long threads that have had no response to them.

    Do not post in other's threads with your problem. Instead open a new thread in the relevant forum, making sure you have already read the stickies and followed all required instructions.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.