Newb with virus perhaps?

Status
Not open for further replies.
J

josh0013

Posts: 9   +0
So I am having all sorts of problems with my computer (dell w/ windows xp) right now. First of all, after restarting the computer, the taskbar, start button, and icons will disappear and re-appear every 5 seconds or so. I can't right click on anything, and I am having random pop-ups. I've searched and searched and couldn't find a fix. I did a system restore and the problems still persists. Any advice? I'm not that familiar with computers, but I believe I know enough for someone to get me around.

Please help....

Task manager doesn't help and the icons disappear forever until I run a new task explorer.exe and then I'm back to every 5 seconds.
 
Just as I suspected, your system is infected with a variety of malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of josh0013 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok, well that is alot so I'll get on it. It may take awhile since my icons and taskbar disappears. If I choose to format, then what do I have to do and I guess I will lose everything?
 
Yes a format would wipe everything.

To do a format, see below.

You need to do the following.

Diconnect from the net and don`t reconnect, until you have your firewall software installed.

1 Restart your computer and go to setup usually by pressing the F2 or delete key.

2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

3 Put the Windows xp disk into your cd drive.

4 Now save your settings and exit setup.

5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

7 You will be prompted to repair an installation press the escape key.

8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

11 Once the format is complete setup will continue.

Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

Install your firewall software and reconnect to the net. Install whatever drivers you need, then run Windows updates.

Finally, install whatever programmes/software you want.

Regards Howard :)

This thread is for the use of josh0013 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
just to let you know... I'm on step 10, tool 2 and after tool 1 most of my problems have been healed... but I'm gonna keep going to rid it all.
 
I don't have the log for avg anti-spyware... I couldn't find it after scanning. It quarantined 38 items and then deleted them. 3 were at high risk... a trojansmall, adaware, and another trojan.... the rest were small or medium and mainly consisted of tribalfusion, win32 not-virus-download, and other ad cookies.

the computer is still a little slow... well slower then usual, but I have full use of everything so far.
 
You haven`t let me know the results of the Panda Antirootkit scan. Please do so in your next reply.

Your system is slow because you`re running two antivirus programmes.

Go HERE and follow the instructions for removing McAfee. Since you already have AVG installed, you will only need to install a firewall programme.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

MyWaySA
SrchAsDe

Close control panel.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:


File::
C:\WINDOWS\system32\drivers\phooks.sys
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\ssttr.dll
C:\Program Files\Windows Media Player\hopetezyh4444.dll

Folder::
C:\VundoFix Backups
C:\Program Files\MyWaySA
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\a2FyaWU
C:\WINDOWS\system32\rMa01yy
C:\Temp\abW9
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D777EB5-4B6F-4C6B-A900-DAE3A1822545}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCB8B946-20A8-400A-866C-32FFA9C9EB70}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D64AFFD7-C308-4663-8261-9549A5007312}]
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Don`t forget to let me know the results of the Panda Antirootkit scan.

Regards Howard :)

This thread is for the use of josh0013 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Got rid of Mcafee... I now have Zonealarm and AVG

The panda antirootkit found nothing and unrooted nothing.

I attached the new combofix log and hijackthis log....

I found and removed mywaysearch... but didn't find anything associated with srchasde
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {7C98A27D-965E-4910-A780-65C7DD1B77BC} - C:\Program Files\MSN Gaming Zone\labun199.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Agatha Christie\Images\stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Agatha Christie\Images\armhelper.ocx

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\qoobox
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.bak1

Reboot into normal mode and rehide your protected OS files.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of josh0013 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
will do so and thanks very much... I am posting a link to this forum on another forum I am a member of so that way if anyone else has a problem, they will come here. Thanks again.
 
Well the computer seems to be running alot faster now... just one more quesiton if you don't mind. Is there anything else I can do to increase the speed of my computer... I mean I can delete a few things I dont' use anymomre, but is there any other way? And thanks again.
 
thanks alot

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.
 
Status
Not open for further replies.

Similar threads

orangeshadow
Games lag and freeze in 15-20 minute intervals.
Replies
0
Views
470
orangeshadow
orangeshadow
midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
547
Nobina
Nobina
C
Services.exe spikes up every so often
Replies
1
Views
1K
cpeach
C

Latest posts

Back