TechSpot

My pc has a problem..

By baok
Nov 7, 2007
  1. hi.. ok.. at first my c: drive cant access by double click as i will have C:\Bha.dll.vbs error.. my task manager, folder option and run cant be access.. then i decided to run flash disinfector by sUBs and everything seems went to normal.. however i dont want to take anything for granted so i run hijackthis.. and here's my log..

    hope i can get advices from experts here,,,

    thanks :)
     
  2. bushwhacker

    bushwhacker TechSpot Chancellor Posts: 783

    Can you please edit this out and attach the HJT log on your post?
     
  3. Daveskater

    Daveskater Banned Posts: 1,687

    Hello, baok, and welcome to Techspot :wave:

    Please take a look at the following threads to make your experience here as enjoyable as possible :)

    Message for all newcomers

    SNGX1275's Guide to making a good post/thread

    The Techspot FAQ

    If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum :)
    Knowing someone's location in the world can be extremely helpful, even if you just put a country.

    Also remember to post any problems or questions that you have in the appropriate forums

    With regards to your problem and log, please attach your log, as bushwhacker has said, as per the instructions here
     
  4. baok

    baok TS Rookie Topic Starter

    hi.. thanks for the reply.. currently reading the instruction and will post here based on the instruction given.. :)

    hi.. here is my HJT log... (attached as hijackthis.log)

    -edited
    My PC spec.. if that is helpful

    Intel Celeron Tualatin
    Unknown brand motherboard
    256mb SDRAM PC-133
    Onboard video
    Win XP
    Stock Cooling
    Cheapo Casing and PSU


    hi.. do I need to run antivirus/antispyware program first?

    thanks :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. baok

    baok TS Rookie Topic Starter

    hi..
    1. I did AVG antispyware scan and it detected some crapware and delete it.. however, i fail to find the logfile..

    2. I then decided to install Symantec Antivirus Corporate Edition and run updates and a full scan, it detected nothing.

    3. Then I decided to uninstall Adobe Acrobat Professional 7 and restart the computer.. The system then "hang" for a while during restart..

    4. I entered safemode and run combofix.. the system then restart and when it enter normal mode, the system hang (or very slow) again.. then I determined that DoScan.exe was the culprit.. so I uninstall the Symantec Antivirus again..

    5. I run hijackthis and compile the log with combofixlog in this post

    6. I'm apology for the late reply.. as I watch Man Utd vs Dynamo Kiev :p but I'm a Liverpool supporter though...

    -edit-

    7. I just finished run Panda AntiRootkit and it detected nothing...

    and now may I know what should I do?? Thanks for the advices :)

    -You'll Never Walk Alone- :)
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know what possessed you to install Norton, but that wasn`t a very smart move as it`s total crap.

    I suggest you uninstall Norton asap.

    Then install one of the following AV and Firewall programmes.

    AVG free or Avast antivirus programmes.

    Zonealarm, Kerio or Comodo free firewall programmes.


    Once you`ve done that, do the following.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Data0.Net Software
    Portable Antivirus

    Close control panel.


    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:



    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. baok

    baok TS Rookie Topic Starter

    hi.. i'm apology for my late reply, i read your post about two hours ago but downloading and updating both avast and zone alarm was painfully slow.. here's what i did

    1. downloaded both zone alarm and avast home.. and updated avast..

    2. run combofix as per instruction

    3. run hijackthis..

    both HJT log and combofix log attached..

    so.. is there any step next?

    thanks :)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x

    Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

    Click edit and choose find. Type y3114SYS into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to y3114SYS and display them in the righthand pane. Right click on any such y3114SYS entries and choose delete.

    Now click edit again and choose find next. Again, delete any entries that reference y3114SYS.

    Repeat the above, until no more y3114SYS entries are found.

    Close regedit.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. baok

    baok TS Rookie Topic Starter

    hi.. here's what i did..

    1. boot into safemode, run hijackthis and fixed those two entries

    2. do the unhide files and folders including hidden and systems

    3. looked for "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x" file but it wanst present.

    4. open regedit and looked for y3114SYS but wasnt present either.

    5. run Hijackthis and post the log attachment.

    the pc is much better than before.. any other steps to be taken??

    thanks :)
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All clean mate.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. baok

    baok TS Rookie Topic Starter

    hi.. i've done with the system restore.. so, can i close this thread now?

    thanks a lot for helping me howard.. really much appreciated..

    thanks and regards
    -baok-

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...