TechSpot

omg.. i cannot double click DRIVE C and D my internal hardrives..

By jhae
Mar 7, 2007
  1. TT__TT

    what the heck happened.. seems wierd that yesterday they were nornal
    and just this day.. i found somthing weird. i transfred to AVAST antivirus coz my AVG scanner expired... wehh i really dont know if that work effieciently..

    but hey.. wahhh i still cannot click on my DRIVE C via my computer...
    is t safe to plug any external hardrive would they get infected of the bug or virus??


    heres my HJT>>>

    PLUS what is this??????
    My goodnes is this a BUG or what..
    but everytime i open a new window in IE
    this shows up un the title bar..

    TAGA LIPA ARE!

    ^ omg thats sooo WEIRD>>>
    wahhhhhhhhhhh i'll try to post a screenshot..

    that appears selectively on my IE title bar..
    it wasnt der yesterday..

    sorry i have to use paint so the file size if juge
    but i will delete it once it examined/viewed...

    Lastly when i check up my task manager..
    there were a lot of WSCRIPT.exe in the processes tab..
    omg...
     

    Attached Files:

  2. husstorm

    husstorm TS Rookie

    this is obviously a virus attack. update your antivirus and run a full system scan on all drives. then for the drive c and d clicking, just delete any file that is named autorun with any extension. also delete same files from your c:\windows\system32 folder. becareful not to delete system files, only autorun.*** the files are hidden so you will have to enable view system and hidden files from your folder options. if you dont still see the files you can use winrar to explore the drives. winrar shows all the hidden files. so highlight them and delete. after that restart your pc.
     
  3. zipperman

    zipperman TS Rookie Posts: 1,179   +7

    Message to all,Include OS

    Are you here on that computer ?
    Can you use your mouse for everything else,like a cd disk drive ?
    Check your Control Panel/Mouse settings for click options.
    Try 1 click and type Enter.
    This isn't a Security and the Web problem.;)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with a variety of nasties.

    Also, you`re running more than one antivirus programme. This is not recommended, will slow your system down and can cause serious conflicts.

    Uninstall AVG from add remove programmes in your control panel.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Yes it is a security and the web problem, as the system is infected.

    If you can`t analyse HJT logs, please don`t give advice.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jhae

    jhae TS Rookie Topic Starter Posts: 26

    wahh... i only instaled the AVG firewall programe and i didnt know that the anti virus came with the instalation.. a month ago.. so AVG antvirus dosnt apear on my Program list but is in my system..
    but as of now i'm doing the HOUSE CALL scan via WEB.. STEP3 of the removal..

    OMG plus...
    when i'm trying to update all my spyware and malware scanners..
    they were all having errors saying cannot conect.. or error in updating..
    i will try to restart pc..
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If that doesn`t help, let me know and I`ll give you some instructions to follow that might help.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jhae

    jhae TS Rookie Topic Starter Posts: 26

    wahh i restart the pc two times already..
    still i canot update my spyware malware scanners.. plus antivirus too
    TT__TT
    seems like somthing is stopping it to update or what./..

    wahh pLUS omg this is scary...
    when i try to open a new window or link from IE..
    it says no connection even if my internet is working..
    OMG...

    so i just continue.. scanning even if it's not updated coz the virus or bug stops me from perfoming updates.. TT__TT
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download one of the free firewall programmes below.

    Zonealarm or Kerio free firewall programmes.


    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    AVG<Do not uninstall AVG Antispyware.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    AVG E-mail Scanner (AVGEMS)<Disable the service name and/or the name in brackets.
    AVG7 Update Service (Avg7UpdSvc)<Disable the service name and/or the name in brackets.
    AVG7 Alert Manager Server (Avg7Alrt)<Disable the service name and/or the name in brackets.
    AVG Anti-Spyware Guard
    AVG Firewall (AVGFwSrv)<Disable the service name and/or the name in brackets.


    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    wscript.exe
    splitjoin.exe
    FS6519.dll.vbs

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)

    O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\AHEM\Local Settings\Temp\splitjoin.exe
    C:\WINDOWS\FS6519.dll.vbs
    C:\PROGRA~1\Grisoft\AVG7<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Install whichever firewall programme you chose.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. jhae

    jhae TS Rookie Topic Starter Posts: 26

    as of know i followed mostly the instructions..
    but these i cant operate well or execute...

    :dead: delete the avg7 folder.. it says cannot be deleted..
    avgse.dll is in use or what....

    :dead:eek:n HJT

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    ^ i have not found those.. only one


    :dead: FS6519.dll.vbs.. found none in sytems folder and processes tab..
    but i found still the wscript and endprocess it..

    *im currently in SAFEMODE with NETWORKING, using firefox coz my IE cannot connect with the internet
    wahh... plus i'm scanning via AVG antispyware and updated the content .. wheee.. still i cannot double click on drives C: and D:...
    and the " TAGA LIPA ARE! " is still showing on IE>> so weird...
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. jhae

    jhae TS Rookie Topic Starter Posts: 26

    oops just to update..
    AVG antispyware Found a WORM.solow.a @ high risk
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just follow the instructions in my post above and we`ll deal with other stuff afterwards.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. jhae

    jhae TS Rookie Topic Starter Posts: 26

    heres the log files// ^__^

    wahh i hope i did the avnger one right..
    but it found none..i guess...
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It looks like you made some kind of mistake when running the Avenger.

    Try this instead.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath your need to enter into killbox.

    C:\WINDOWS\FS6519.dll.vbs

    Once your system has rebooted, rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. jhae

    jhae TS Rookie Topic Starter Posts: 26

    wahh killbox wasnt able to lacate it also
    but after rebooting... i got the dialog box
    everytime i click on drives C: and D:
    heres a screen shot
    HJT log later part...
    plus my AVG spyware scanner logs.. previous.. pomted to delete...


    ^__^
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Download LSPFix from http://cexx.org/lspfix.htm
    1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
    2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
    3. Check the "I know what I am doing" checkbox.
    4. Select (highlight) all instances of 'avgfwafu.dll' in the left column under "Keep".
    5. Click the arrow >> so it goes over to the right column under "Remove".
    6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.


    Locate and delete the following bold files and/or directories(if there).

    c:\windows\system32\avgfwafu.dll

    7. Restart your computer

    Go HERE and follow the instructions down to where is says disable system restore. Then do a full system scan with your antivirus programme.

    Then, go HERE and do likewise.

    Post a fresh HJT log as well as an AVG Antispyware log. Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. jhae

    jhae TS Rookie Topic Starter Posts: 26

    hmmm i cannot delete avgfwafu.dll from the system...
    plus it seemed that my sister s the culprit she always uses the Yahoo messenger
    i never recived any links from YM yesterday then i go this virus after she chatted..
    was also able to obtatin information about the
    virus...

    but i really cannot rely on these if not consulted well..
    the virus is called TAGA LIPA ARE>>> omg which is all over my IE title bar...
    they stated also that never click the drives for it will multiply the wscript.exe.....
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try deleting the c:\windows\system32\avgfwafu.dll from safe mode.

    I don`t think Yahoo messenger is to blame. I use it myself and have never had an infection.

    If you still can`t delete the file, then forget it for now and continue with the rest of the instructions.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. jhae

    jhae TS Rookie Topic Starter Posts: 26

    I have finished the steps.. here my HJT file
    and eveything else.. but sadly i still have that WINDOW POPUP
    telling cannot find script..

    i have deleted the avg.dll file yet the folder cannot be deleted..

    AND this alarms me... the most..
    SOMETHING prevents me from accessing the WEB...
    i randomly or if i open NEW IE windows...
    it says no connection even if it is WORKING nothing is wrong with my
    net server...

    PLUS when i ook @ my WTM proocess tab
    theres this wscntfy.exe---> looks new to me...

    still have the *TAGA LIPA ARE* on my IE title bar...
    though i cannot locate the TAGALIPA on my regedit

    plus when right click on C: and D:
    theres is this AUTOPLAY option.. wahh

    This just in..
    IE is acting abnormally see my screenshot... so weird..
    gonna post my rootkit soon enough..
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean, as is your AVG and Avast logs.

    See what the rootkit scan reveals and let me know.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. jhae

    jhae TS Rookie Topic Starter Posts: 26

    rootkit didnt fin any but
    i rescanned and AVAST located this virus.
    Win32Hackarmy-AE [Trj] and was unable to delete...

    hmmm i still have this window showing up when clicking on C: and D: drives
    see my screenshot.. on my other post
    to window is saying COULD NOT FIND SCRIPT FILE

    plus i still have the TAGA LIPA on my IE title bar...
    ^ how do i remove that one???
    hmm i found some information that this could be harmful is it???

    should i rootkit in SAFE MODE?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Follow the instructions HERE. That should get rid of your TAGA LIPA problems.

    Go HERE and follow the instructions in Step12 of post #2 for running Combofix.

    I can`t find any info on the Win32Hackarmy-AE [Trj]. Please attach a fresh HJT log as well as the Combofix log. after doing the above.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. jhae

    jhae TS Rookie Topic Starter Posts: 26

    WEEE.. THX mr howard
    i managed to have deleted the malewares
    plus disable the TAGA LIPA ARE...
    i HOPE my HJT is clean and as
    well as my combofix...
    hmm is the virus that risky? on the AVAST scan...


    Wahh THANK YOU VERY MUCH FOR YOUR SERVICE AND TIME!!!
    wahhh you ROCK!!!
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is still clean and Combofix has got rid of some nasties as well.

    Run a fresh scan with Avast and see if anything shows up.

    If it does, please give me the exact details, maybe a screen shot.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. jhae

    jhae TS Rookie Topic Starter Posts: 26

    uhuhhuhu oh crappy...
    mr. howard looks like i have to repeat te whole proces once again just
    because my EXTERNAL HARDRIVE is inficted and thus Infect my PC once again... mah goodnes... i'll be right back to start the process once again...
    Do you have any suggestions in handling infected USB hardrives...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...