TechSpot

Monitor Screen Goes Black, computer is still on...VIRUS??

By hoPs57
Sep 10, 2007
  1. Attached Files:

  2. Daveskater

    Daveskater Banned Posts: 2,031

    how long does it take for the screen to go black, are you running windows xp or vista and can you get into windows :)

    ---

    i just realised your text file was a hjt log :D

    have hjt fix these:
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

    (i'm also a little bit weary about this "O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\pwttlc.exe" because not even google knows what it is but don't get hjt to fix it yet, we have to make sure it's a nasty first)

    then follow these instructions
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with a variety of malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    NEWdot.NET
    Click Start/Control Panel/Add/Remove Programs and uninstall: Newdot.net Application or New.net Domains
    If neither is listed, download and run this: www.new.net/support/uninstall6_38.exe

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    Windows XP Pro

    2-3 minutes usually while playing a source game. Its different when I'm browsing the web, going to certain web pages or looking at certain pictures will cause it to do this.

    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

    that one keeps coming back after fixing it with HJT.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You need to follow the instructions, otherwise we can`t help you.

    Don`t fix anything with HJT, unless I tell you to. This is because simply fixing something in HJT doesn`t necessarily get rid of the infection.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. zipperman

    zipperman TS Rookie Posts: 1,423   +7

    Virus fixes

    There are lots of free "Virus scans"
    Use them,then report results.
    http://housecall.trendmicro.com/housecall/start_corp.asp
    This could also be a video driver problem.
    Reinstall your video and monitor drivers.
    Virus's gets blamed to quickly.I never get any useing regular scans.:)
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    zipperman: I`ve already checked hoPs57`s HJT log and his system is definitely infected with malware.

    If you knew how to analyse HJT logs, you would already be aware of the infections in it.

    However, just in case you`re still not convinced, here`s the lowdown on SAcc.exe.

    Sacc.exe is an adware program Adware.SurfAccuracy.
    Sacc.exe display advertisements.
    Sacc.exe monitors user Internet activity and private information.
    It sends stolen data to a hacker site.
    Related files:
    %ProgramFiles%\sacc\sacc.cfg
    %ProgramFiles%\sacc\sacc.exe
    Adds the value:
    "SACC" = "%ProgramFiles%\sacc\sacc.exe"
    to the Windows startup registry keys.

    hoPs57 also has several other infections, including Newdot.net and an unknown trojan.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    thank you for all the help. I have completed steps 1-12 and am now posting my fresh HJT and ComboFix.txt
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    No, you need to complete all steps, then post the 3 requested log files and let me know the results of the AVG Antirootkit scan..

    However, the log files you have posted thus far would appear to be clean.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    the rootkit program found nothing

    the rootkit found nothing, and when i tried uploading the AVG antispyware file it said is was too big (2.83 MB), but i attached the HJT file from step 15.

    i know i am multiposting. sorry. now i edited the AVG file do make it smaller, i went threw and deleted all the cookies and left the virus stuff.

    now i was browsing and everytime i go to the Nvidia site to try and find a new version for my drivers it goes black(wasn't going to download any of them, just checking for updates).

    http://www.nvidia.com/content/drivers/drivers.asp

    I choose.....Graphics Driver/GeForce 6 series/Windows XP/then hit GO

    bam....it goes black everytime.

    here is the first assurance of newdotnet virus thing. which is about the time this started happening.

    i typed this eventvwr.msc in start/run/OK
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Delete all files in AVG Antispyware quarantine.

    Your HJT log is clean.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
     
  12. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    did everything you said. here is the file you requested.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Run the Avenger again, but this time use the script that`s attached to this post.

    Post the resulting c:\avenger.txt.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    here you go.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That`s great mate, it looks like you`re good to go.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. hoPs57

    hoPs57 TS Rookie Topic Starter Posts: 20

    thanks i appreciate all the help....however it still goes black when i go to Nvidia, so i am assuming that either there is still a virus on this laptop or there is something wrong with my Nvidia drivers.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I`m fairly convinced, the problem you have left is not malware related.

    Therefore, I think it`s far more likely to be driver related.

    I suggest you open a new thread in our Audio and Video forum.

    Regards Howard :)

    This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. zipperman

    zipperman TS Rookie Posts: 1,423   +7

    Clean your system

    You said it : Don`t fix anything with HJT,
    I don't read them,or ask for help.Sorry if my success is hard to grasp.
    I see no point in reading logs since the problem indicates removeing the cause of this,or reinstalling Windows.I solve my problems,witch are few,by regular maintenance.
    You say you know the problem,suggest a cure.
    I suggested a cure.:D He has nothing to lose by virus and other scans.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.