TechSpot

Registry/Audio/Trojan/=Enigma/InJeopardy!

By Xfactor
Nov 7, 2007
  1. Amatuer Here,
    A couple days ago I tried to Download a Codec Device to play some videos. Thats when sometime later, I noticed the first symptoms of problems.

    Tryin to explain this as thorughly as possible, in chronological order, I first noticed my computer came to a crawl, which of course, prompted me to run a Virus scan(Live One Care.) (1).Once scanning was In progress, the program unchararestically came to a Abrupt crawl. In Addition to this, A runkey was placed in my tray(2).(AdWare Remover 2007) saying my computer was Infected, and that I needed to run a Virus scan?

    Upon further Analysis, I naturally tried to Remove the Adware Remover 2007, from Add/Remove programs, which of course was unsuccessful. I did However, manage to Uninstall just about everything BUT, the Infiltrated Adware Remover. Which is now(to what I believe) an Isolated problem(s) that I have.


    OTHER PROBLEMS:

    NOTE: I have Not been able to Determine the Reasons for the other problems, because I'm not sure what I did or did'nt Uninstall?

    1. My Windows Registry Repair Pro has vanished without a trace!?!

    2. My Desktop tab in settings has vanished without a trace, as well?!?

    3. I Now, have no sound! No "Audio Device connected" which is NOW dimmed(grey) and Inaccessable. In the Device manager there is a yellow question mark next to Multi-Media Audio Controller.

    4. Sometimes upon start up, it directs me into the BIOS screen????

    Upon trying to fix these problem I have possibly made matters worse. For example, I tried to Download a Driver for my sound (took a educated chance)(I know stupid move) and when finished Installing. My computer went into a series of "error beep codes" (I also have a exclamation mark, along with a question mark NOW)

    Fortunately, I did a Systems Restore for the previous day, and that seemed to control or fix the problem. Still have exclamation mark, However.
    Should I re-install/Uninstall Driver????

    I also found a "TOOL" called "SmitFradFIX" that I Naturaly used in Safe Mode and was able to Repair my Desk top settings.......Horaaaay!

    PLEASE HELP!!!

    ___________________________________-

    1.After some time, I eventually completed a scan(s) and was able to detect a couple Trojans along with SpySheriff.

    2. As of we speak, Adware Remove 2007, is STILL on my computer, but is now in "All Programs" Ive put the computer IN Selective Startup, So I dont have to See it everytime I Re-boot. Note: Is their a possibility this the reason for the disappearence for Windows Registry Repair Pro?????

    SYSTEM:
    Windows XP service P2
    Motherboard: Phoenix Award.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Whadyathink?

    Hello Howard,
    Thankyou for the Quick Response.

    I have limited knowledge about computers, so Im not exactly sure what I should do next?
    I do know however, I dont have online banking or anykind of sensitive material of anything like that.
    I feel a good clensing should be sufficient. Should I begin to attempt, the 15 step cleaning process?
     
  4. Rik

    Rik Banned Posts: 3,814

    Yup, the sooner you get started the sooner you will finish.



    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, as rik said, the sooner you start, the sooner you`ll finish.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Little help....lol

    Hello all,
    I would like to do a double check here before proceeding to step8.

    A couple questions?

    1. I had a little confusion, about creating a new folder.Note: I downloaded HJT about 5 days ago, would this be a issue?

    2. How I can I verify this was downloaded to my desktop? Or can I?

    3.When I pushed the delete key the folder vanished. Is that normal?

    4. I couldnt ascertain or not I successfully downloaded this to my file. Nothing happened.

    1A. The spybot wizard is asking me about a Registry back?

    2A. What is the teatimer ? I saw nothing about this.

    Should I start over. Because I have I lot better feel for it now.
    Hope this process isnt irrepraible.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, start over from step1. Delete all previous versions of HJT.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Newbie,in training

    Dear Howard,

    It my Intention to ask you the least amount of Questions as possible! I realize this is not your problem. I am grateful for any, and all help you give me. If any at all.

    I cant seem to get hi-jack this into its own folder? When I click HERE in step 4, it automatically starts to run, then a little pop-up window says hi-jack this, is already running in a temp folder, in effect, activating the main menu(in screen in HJT)

    Ive tried to Delete previous versions of HJT. BUT where and how?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Do a search of your system and delete all other versions of HijackThis, including any folders you may have made for it.

    Since you`re having so much trouble, click the link below.

    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    This will download the HijackThis installer. Run the installer and it will automatically place HJT in C:\program Files\Trendmicro\Hijackthis

    Then follow the instructions in step5 for renaming Hijackthis.exe.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    OK,Thankyou

    Crusty.exe has its own folder on my desktop.

    1.Theres is also the Hi-jackthis Icon on my desktop as well. Should I delete that?

    2. Is it okay that windows live one care is still active? NO means, I should disable or uninstall!

    1. yes or no

    2. yes or no
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Delete the HijackThis icon on your desktop.

    You should disable Windows Live One Care.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Ignore last problem

    Step 10:

    When I download SmitFraudfix, theres a Red screen Saying Reboot file.exe missing.????
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, skip Smitfraudfix for now and continue with the rest of the instructions.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Step13

    OH Boy....lol

    No Root KIt infections found.

    Panda 2007. Alertad me in apopup window! Should I be concerned? Should I Disable this Program to? Thankyou for your support Howard. I understand Im doing this at my own risk!
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Panda2007 alerted you to what?

    Disable which programme?

    I can`t give advice, if you don`t explain properly.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Step 14

     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, reinstall the communications library.

    Just disable the ones on the list.

    We`re now on post#17, including this one, and I haven`t seen a single log file yet. How much further do you have to go, before you`ve finished the instructions?

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    Sorry Howard, Almost There! This is all new to me! And Scary! Ill get those logs as soon as I can guy, & Thankyou!
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok mate, no worries. ;)

    Only once I`ve seen your log files, can I advise you on what needs to be done next.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

    I thought youd never ask.....lol/kiddin!

    My current status/progress is Ive already booted in safe mode a couple hours ago and ran SSD AVG with the open files "of course" NOTE: I had problems opening Adware '07 IS THIS the SE version?????????

    IM currently in normal mode "of course" with my hidden files still exposed????

    Im gettin ready to go back into safe and re scan pending I JUST saw step 14...lol

    Note: on my last scans I found nothing but a Cookie. This is probably because out of frustration last nite, I went ahead and ran the scans and found/detected a S.LOAD of stuff.
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s the SE version.

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. Rik

    Rik Banned Posts: 3,814

    I personally have never know it to take this many posts just to get the logs!



    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Nope, me neither mate :p

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. Xfactor

    Xfactor TS Rookie Topic Starter Posts: 76

     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I know what you`re saying Xfactor, but it does get a little frustrating from our point of view sometimes.

    I tried to make the instructions as ***** proof as I could. Maybe I didn`t do such a good job of it lol. :p

    Regards Howard :)

    This thread is for the use of Xfactor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...