Many problems: autorun.inf/computer date 2 years back/etcetc

Status
Not open for further replies.
B

brownstar

Posts: 8   +0
Hey, my computer has recently gone haywire.
1) Double clicking C/D from My Computer leads to some sort of autoplay and won't actually open anything (but I can open with right click)
2) My internet has problems connecting at times
3) My computer date keeps resetting to 2005, the time and day is right, but it resets to 2005.

I've been trying to fix it, I've run numerous spyware programs, I've tried hijackthis (although I don't know what it did, lol), I've tried to alter the date in the BIOS, which only worked temporarily, I've emptied temp files and have tried to delete autorun.inf, but it just keeps reappearing! Any help would be greatly appreciated.

I use nod32 for antivirus and agnitum outpost for a firewall. I've run spysweeper and hijackthis analyzer, I've also tried going into windows/temp and windows/prefetch and deleting everything.

I've attached a hijackthis log!
 
First, I would replace the CMOS battery... $3.25 at Wal-Mart.
Looks like you are doing everything right... Momok and Howard can probably see a lot of stuff I cannot.
Are all your Microsoft updates tuned to the latest stuff?
On some of your actions, re-do them in Safe Mode.
 
Update

Found a way to delete the autorun.inf through cmd by just doing a -s -r whatchamacallit. Here's the new log though, ah.exe (which was linked to by the autorun that used to exist) is still on both my drives.
 

Attachments

  • hijackthis.log
    9.8 KB · Views: 6
Hi,

#You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

ALCMTR
anhao
lsass

Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

ALCMTR.EXE

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe
O23 - Service: lsass - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe (file missing)

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\Program Files\Common Files\Microsoft Shared\MSINFO\services.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\config\svchost.exe

Reboot into normal mode and rehide your protected OS files.

Please continue with the instructions as jobeard provided.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of brownstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
OK, so I did a bunch of stuff, some of the steps didn't work, but so far my comp seems to be running a lot better already. Although there is still a file called ah.exe that looks sketchy and is hidden on my harddrive.

Here are various logs. I really appreciate all the help! Hopefully I'm close to resolving this issue!

Note: the combofix log thing isn't working, it just says that it's almost done for over an hour, while the system is doing nothing, so i just pasted an older log of it and something else i found on c:\
 
AVG Anti-Spyware report shows clearly NO ACTION TAKEN, but would have done
some work if properly configured!
 
hey, i'm pretty sure my avg is properly configured, i ran it a few times before and it found 1.exe but thats not in this log. Is there anything I should change? I ran it exactly as it said on that other thread,
 
Hi,

Since the only detected things are cookies, we'll use ccleaner to get rid of them. Please download and run CCleaner via step 9 of the instructions HERE.

Please fix this entry in HijackThis.

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of brownstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hey, I forgot to mention, I don't think hijackthis etc, checked my second drive (drive D), because it also contains hidden files ah.exe and autorun.inf. Here are the fresh logs after combo, avg, and hijack though.

AVG didn't find anything...
 
Hi,

Unhide your system files and folders and delete this file:
C:\FOUND.004

Could you provide the details of the D:\ files? Apparently they do not show up in ComboFix because they have not been active in the past 3 months. I presume your AVG scan was a full scan which included all secondary drives too?


Regards,
Your friendly momok =)

This thread is for the use of brownstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hey thanks for all your help momok, I fiddled around with that combofix-do txt you sent me and just changed files to D:\ah.exe and D:\autorun.inf so here are the quarintine log and a fresh HJT, everything seems fine now, but I guess I can never be sure?
 
Hi,

I must say that was a wee bit dangerous, but I see that you got it right.

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\QooBox and C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of brownstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hey, it's me, back again, suddenly, I got the old 2005 problem out of nowhere. Any suggestions? I've attached my hijackthis log, I'm praying right now that it's just a hiccup.
 
Hi,

It appears you got your system infected with the same thing previously. I've tried researching on this process but it turns up only techspot and tonnes of chinese entries (my chinese has detiorated so terribly after I stopped taking it 4 years ago) I can't quite make out what the process actually does. Please read the following.

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of brownstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
G
Computer boots to Windows once only when moving RAM to a different slot. Also have display issues
Replies
6
Views
3K
Kshipper
Kshipper
M
Help needed with crazy ex IT boyfriend who hacks my computer and remotely makes changes
Replies
3
Views
2K
techmaniac231
T

Latest posts

Back