TechSpot

Some help wih an infection

By sasaman
Oct 14, 2006
  1. Hello everyone,

    I was infected few days ago by a series of viruses. I followed all the preliminary steps reported in the sticky post to remove my infection. I have all the tools and software listed and in post and EWIDO did picked something up and I have then removed it.

    However, even if all the tools don’t find anything now, my HD space is decreasing even if I don’t save anything or if I am offline. I think something is still around in my machine…

    I have posted below my EWIDO and HijackThis reports. I hope that they will be able to tell you something and that someone is going to be able to give me a hand.

    Many thanks in advance for your help!!!

    View attachment 9695

    View attachment 9696
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: (no name) - {4B9F8B31-DD8F-EFDB-8207-02095E8D5978} - (no file)

    O2 - BHO: (no name) - {7CA697F3-F170-40D0-B180-EBB59B74F128} - (no file)

    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)

    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

    O4 - HKCU\..\Run: [ChkMail] P=

    O4 - Global Startup: RtlWake.lnk = ?

    O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\System32\nzdd.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of sasaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. sasaman

    sasaman TS Rookie Topic Starter

    Howard,

    Many thanks for your reply. Everything worked but Killbox could not find the file to delete. Maybe because HijackThis deleted already when fixing it?

    Anyway something... My HD space is decreasing without doing anything :(

    I have attached a nes HT log... Hope it will help to see it anything is wrong.

    Thanks again!!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    What exactly do you mean by your hard drive space is decreasing all the time? Please try and give some specific details.

    Regards Howard :)

    This thread is for the use of sasaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. sasaman

    sasaman TS Rookie Topic Starter

    Howard I had about 1GB of free space on my C drive and without downloading anything the space now available is 0. This has happened few times in the last week… Basically I have always freed some space and after few days the freed space decreases without me doing anything. Do you think this is normal and only due to the OS eating some memory space?

    Many thanks for your help!

    BTW: Good to know that the log is clean!!!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The fact that you only have 1gig left on your hard drive may cause problems. For instance you need around 15% free space to defrag your hard drive.

    It might be time to get a larger Hard drive.

    I can find no evidence of any viruses/spyware on your computer that would cause your hard drive problems.

    All I can suggest is you get rid of anything you don`t need or use and backup your important data. IE photo`s/Music etc.

    You should also run a disk check as in these instructions HERE.

    You might also want to run a disk check on your Hard drive using the manufacturers diagnostic utility. If you can`t find it, take a look at this thread HERE.

    Regards Howard :)

    This thread is for the use of sasaman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...