Omg.. i cannot double click DRIVE C and D my internal hardrives..

Status
Not open for further replies.
J

jhae

Posts: 26   +0
TT__TT

what the heck happened.. seems wierd that yesterday they were nornal
and just this day.. I found somthing weird. I transfred to AVAST antivirus coz my AVG scanner expired... wehh I really dont know if that work effieciently..

but hey.. wahhh I still cannot click on my DRIVE C via my computer...
is t safe to plug any external hardrive would they get infected of the bug or virus??


heres my HJT>>>

PLUS what is this??????
My goodnes is this a BUG or what..
but everytime I open a new window in IE
this shows up un the title bar..

TAGA LIPA ARE!

^ omg thats sooo WEIRD>>>
wahhhhhhhhhhh I'll try to post a screenshot..

that appears selectively on my IE title bar..
it wasnt der yesterday..

sorry I have to use paint so the file size if juge
but I will delete it once it examined/viewed...

Lastly when I check up my task manager..
there were a lot of WSCRIPT.exe in the processes tab..
omg...
 

Attachments

  • hijackthis2.txt
    8.1 KB · Views: 10
  • 23.jpg
    23.jpg
    53.4 KB · Views: 15
this is obviously a virus attack. update your antivirus and run a full system scan on all drives. then for the drive c and d clicking, just delete any file that is named autorun with any extension. also delete same files from your c:\windows\system32 folder. becareful not to delete system files, only autorun.*** the files are hidden so you will have to enable view system and hidden files from your folder options. if you dont still see the files you can use winrar to explore the drives. winrar shows all the hidden files. so highlight them and delete. after that restart your pc.
 
Message to all,Include OS

Are you here on that computer ?
Can you use your mouse for everything else,like a cd disk drive ?
Check your Control Panel/Mouse settings for click options.
Try 1 click and type Enter.
This isn't a Security and the Web problem.;)
 
Your system is infected with a variety of nasties.

Also, you`re running more than one antivirus programme. This is not recommended, will slow your system down and can cause serious conflicts.

Uninstall AVG from add remove programmes in your control panel.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

zipperman said:
This isn't a Security and the Web problem.
Click to expand...

Yes it is a security and the web problem, as the system is infected.

If you can`t analyse HJT logs, please don`t give advice.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
wahh... i only instaled the AVG firewall programe and i didnt know that the anti virus came with the instalation.. a month ago.. so AVG antvirus dosnt apear on my Program list but is in my system..
but as of now i'm doing the HOUSE CALL scan via WEB.. STEP3 of the removal..

OMG plus...
when i'm trying to update all my spyware and malware scanners..
they were all having errors saying cannot conect.. or error in updating..
i will try to restart pc..
 
If that doesn`t help, let me know and I`ll give you some instructions to follow that might help.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
wahh i restart the pc two times already..
still i canot update my spyware malware scanners.. plus antivirus too
TT__TT
seems like somthing is stopping it to update or what./..

wahh pLUS omg this is scary...
when i try to open a new window or link from IE..
it says no connection even if my internet is working..
OMG...

so i just continue.. scanning even if it's not updated coz the virus or bug stops me from perfoming updates.. TT__TT
 
Download one of the free firewall programmes below.

Zonealarm or Kerio free firewall programmes.


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AVG<Do not uninstall AVG Antispyware.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AVG E-mail Scanner (AVGEMS)<Disable the service name and/or the name in brackets.
AVG7 Update Service (Avg7UpdSvc)<Disable the service name and/or the name in brackets.
AVG7 Alert Manager Server (Avg7Alrt)<Disable the service name and/or the name in brackets.
AVG Anti-Spyware Guard
AVG Firewall (AVGFwSrv)<Disable the service name and/or the name in brackets.


Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

wscript.exe
splitjoin.exe
FS6519.dll.vbs

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)

O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\AHEM\Local Settings\Temp\splitjoin.exe
C:\WINDOWS\FS6519.dll.vbs
C:\PROGRA~1\Grisoft\AVG7<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Install whichever firewall programme you chose.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
as of know i followed mostly the instructions..
but these i cant operate well or execute...

:dead: delete the avg7 folder.. it says cannot be deleted..
avgse.dll is in use or what....

:dead:eek:n HJT

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

^ i have not found those.. only one


:dead: FS6519.dll.vbs.. found none in sytems folder and processes tab..
but i found still the wscript and endprocess it..

*im currently in SAFEMODE with NETWORKING, using firefox coz my IE cannot connect with the internet
wahh... plus i'm scanning via AVG antispyware and updated the content .. wheee.. still i cannot double click on drives C: and D:...
and the " TAGA LIPA ARE! " is still showing on IE>> so weird...
 
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Just follow the instructions in my post above and we`ll deal with other stuff afterwards.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
heres the log files// ^__^

wahh i hope i did the avnger one right..
but it found none..i guess...
 
It looks like you made some kind of mistake when running the Avenger.

Try this instead.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath your need to enter into killbox.

C:\WINDOWS\FS6519.dll.vbs

Once your system has rebooted, rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
wahh killbox wasnt able to lacate it also
but after rebooting... i got the dialog box
everytime i click on drives C: and D:
heres a screen shot
HJT log later part...
plus my AVG spyware scanner logs.. previous.. pomted to delete...


^__^
 
Your HJT log is now clean.

Download LSPFix from http://cexx.org/lspfix.htm
1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of 'avgfwafu.dll' in the left column under "Keep".
5. Click the arrow >> so it goes over to the right column under "Remove".
6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.


Locate and delete the following bold files and/or directories(if there).

c:\windows\system32\avgfwafu.dll

7. Restart your computer

Go HERE and follow the instructions down to where is says disable system restore. Then do a full system scan with your antivirus programme.

Then, go HERE and do likewise.

Post a fresh HJT log as well as an AVG Antispyware log. Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hmmm i cannot delete avgfwafu.dll from the system...
plus it seemed that my sister s the culprit she always uses the Yahoo messenger
i never recived any links from YM yesterday then i go this virus after she chatted..
was also able to obtatin information about the
virus...

but i really cannot rely on these if not consulted well..
the virus is called TAGA LIPA ARE>>> omg which is all over my IE title bar...
they stated also that never click the drives for it will multiply the wscript.exe.....
 
Try deleting the c:\windows\system32\avgfwafu.dll from safe mode.

I don`t think Yahoo messenger is to blame. I use it myself and have never had an infection.

If you still can`t delete the file, then forget it for now and continue with the rest of the instructions.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have finished the steps.. here my HJT file
and eveything else.. but sadly i still have that WINDOW POPUP
telling cannot find script..

i have deleted the avg.dll file yet the folder cannot be deleted..

AND this alarms me... the most..
SOMETHING prevents me from accessing the WEB...
i randomly or if i open NEW IE windows...
it says no connection even if it is WORKING nothing is wrong with my
net server...

PLUS when i ook @ my WTM proocess tab
theres this wscntfy.exe---> looks new to me...

still have the *TAGA LIPA ARE* on my IE title bar...
though i cannot locate the TAGALIPA on my regedit

plus when right click on C: and D:
theres is this AUTOPLAY option.. wahh

This just in..
IE is acting abnormally see my screenshot... so weird..
gonna post my rootkit soon enough..
 
Your HJT log is clean, as is your AVG and Avast logs.

See what the rootkit scan reveals and let me know.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
rootkit didnt fin any but
i rescanned and AVAST located this virus.
Win32Hackarmy-AE [Trj] and was unable to delete...

hmmm i still have this window showing up when clicking on C: and D: drives
see my screenshot.. on my other post
to window is saying COULD NOT FIND SCRIPT FILE

plus i still have the TAGA LIPA on my IE title bar...
^ how do i remove that one???
hmm i found some information that this could be harmful is it???

should i rootkit in SAFE MODE?
 
Follow the instructions HERE. That should get rid of your TAGA LIPA problems.

Go HERE and follow the instructions in Step12 of post #2 for running Combofix.

I can`t find any info on the Win32Hackarmy-AE [Trj]. Please attach a fresh HJT log as well as the Combofix log. after doing the above.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
WEEE.. THX mr howard
i managed to have deleted the malewares
plus disable the TAGA LIPA ARE...
i HOPE my HJT is clean and as
well as my combofix...
hmm is the virus that risky? on the AVAST scan...


Wahh THANK YOU VERY MUCH FOR YOUR SERVICE AND TIME!!!
wahhh you ROCK!!!
 
Your HJT log is still clean and Combofix has got rid of some nasties as well.

Run a fresh scan with Avast and see if anything shows up.

If it does, please give me the exact details, maybe a screen shot.

Regards Howard :)

This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
uhuhhuhu oh crappy...
mr. howard looks like i have to repeat te whole proces once again just
because my EXTERNAL HARDRIVE is inficted and thus Infect my PC once again... mah goodnes... i'll be right back to start the process once again...
Do you have any suggestions in handling infected USB hardrives...
 
Status
Not open for further replies.

Latest posts

Back