i ve infected by the vb.ckt virus.. i got it thru msn messebger.. waz chattin wit my frnd whn i suddenly got a link from him.. i clicked on it.. den he said he dint send it.. now i cant access run command, task manager, registry editor, cant change my home page(set to "thecoolpics" (the forum doesnt allow me to post links).. i can re-activate them but it keeps happenning again.. avg detects vb.ckt virus in 6 different locations.. pls pls help me..
My Pc's Infected With Vb.ckt Virus.. Pls Help!!!!
- Thread starter sherwyn
- Start date
- Status
evilfantasy
Posts: 425 +0
Hello and welcome to Techspot.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read this thread HERE and follow the instructions exactly. Post the requested log files once done.
Regards
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read this thread HERE and follow the instructions exactly. Post the requested log files once done.
Regards
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Threads merged.
In that case, copy and paste your log files and I`ll remove them once I`ve finished with them.
Regards Howard :wave: :wave:
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Threads merged.
In that case, copy and paste your log files and I`ll remove them once I`ve finished with them.
Regards Howard :wave: :wave:
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I see you have managed to attach some log files.
However, you didn`t attach the AVG Antispyware log that was asked for, but instead attached an VBG.tx that wasn`t asked for. Nor did you let us know the results of the Panda Antirootkit scan. Also, you haven`t renamed HijckThis.exe as per the instructions.
Unless you follow instructions properly, it`s just going to make it that much harder for us to help you effectively.
Make sure you follow these instructions properly.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Make sure you rename HijackThis.exe.
Also, post an AVG Antispyware log as well as the results of the Panda Antirootkit scan.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
However, you didn`t attach the AVG Antispyware log that was asked for, but instead attached an VBG.tx that wasn`t asked for. Nor did you let us know the results of the Panda Antirootkit scan. Also, you haven`t renamed HijckThis.exe as per the instructions.
Unless you follow instructions properly, it`s just going to make it that much harder for us to help you effectively.
Make sure you follow these instructions properly.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Make sure you rename HijackThis.exe.
Also, post an AVG Antispyware log as well as the results of the Panda Antirootkit scan.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Logs attached
hi,
i renamed hijackthis n posted the log file..
i ve also attached the combofix log file..
the panda software says no rootkits found & dint save a log the first time.. i ran it again jus to b sure..
i could not save a log for avg anti-spyware since i had to run it in safe mode n some options wer out of the screen.. but it found 4 items n fixed all..
wht do i do now?
n dude thanks so much for the help.. really appreciate it man..
sherwyn
hi,
i renamed hijackthis n posted the log file..
i ve also attached the combofix log file..
the panda software says no rootkits found & dint save a log the first time.. i ran it again jus to b sure..
i could not save a log for avg anti-spyware since i had to run it in safe mode n some options wer out of the screen.. but it found 4 items n fixed all..
wht do i do now?
n dude thanks so much for the help.. really appreciate it man..
sherwyn
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchost32.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe
O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system\svchost32.exe
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchost32.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe
O9 - Extra button: RadarSync Website - {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - C:\Program Files\RadarSync\RadarSync Website.lnk
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system\svchost32.exe
C:\qoobox
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and Combofix logs.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Use your normal account name.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
hi,
i did as u said. whn i opened the processes tab under task manager, there were 3 files named svchost. when i clicked on end process, the shutting down in 1 min dialog box opened. so i stopped the shutdown and closed the remaining svchost's..
then i ran hjt.
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe wasnt detected.
then i deleted qoobox but C:\WINDOWS\system\svchost32.exe want present.
i ve enclosed my hjt log & combo log.
thenks,
sherwyn.
i still ve svchost running.. i also ve some more wierd processes.. i ve attached a pic of my processes tab under task manager..
i did as u said. whn i opened the processes tab under task manager, there were 3 files named svchost. when i clicked on end process, the shutting down in 1 min dialog box opened. so i stopped the shutdown and closed the remaining svchost's..
then i ran hjt.
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe wasnt detected.
then i deleted qoobox but C:\WINDOWS\system\svchost32.exe want present.
i ve enclosed my hjt log & combo log.
thenks,
sherwyn.
i still ve svchost running.. i also ve some more wierd processes.. i ve attached a pic of my processes tab under task manager..
howard_hopkinso
Posts: 21,238 +17
You`ve posted your HJT log from safe mode. I need to see it from normal mode as per the instructions I gave you in my post#8
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchost32.exe
Close task manager.
Click start/run and type regedit intio the run box and hit the enter key.
Navigate to the following regkey and delete the bold portion.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messenger
Close regedit.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system\svchost32.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh Combofix log.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
svchost32.exe
Close task manager.
Click start/run and type regedit intio the run box and hit the enter key.
Navigate to the following regkey and delete the bold portion.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yahoo Messenger
Close regedit.
Locate and delete the following bold files and/or folders(if there).
C:\WINDOWS\system\svchost32.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh Combofix log.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
C:\WINDOWS\system\svchost32.exe Is the process you`re supposed to end if there, not svchost.exe, which is a legit process and is needed by your system.
Delete all versions of Combofix and download the latest version from here. combofix.exe
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Delete all versions of Combofix and download the latest version from here. combofix.exe
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I`ve just tried it and am getting the same results as you. There`s obviously some problem with Combofix at the moment.
Try this instead.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Try this instead.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That looks like it`s because the registry key is no longer there.
If that`s the case, then you should be good to go.
Your task manager pic doesn`t show any nasty processes running.
Uninstall AVG Antispyware.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If that`s the case, then you should be good to go.
Your task manager pic doesn`t show any nasty processes running.
Uninstall AVG Antispyware.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You should uninstall AVG Antispyware as that is taking a sizable portion of your systems resources.
You can also get rid of all the tools we used during cleanup.
For info on how to speed up your system, see HERE.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You can also get rid of all the tools we used during cleanup.
For info on how to speed up your system, see HERE.
Regards Howard
This thread is for the use of sherwyn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
- Locked
Latest posts
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
-
Modder builds a Nintendo Wii the size of a deck of cards- WhiteLeaff replied
