TechSpot

Some preliminary help, thank you!

By jennp
Nov 22, 2007
  1. hello everyone! I've been reading through these threads trying to look for an answer to my problem but I realize that everyone is about ten steps ahead of me, so I hope I can get a few answers before I take any further steps.

    I know very little about computers so I am afraid of taking any "preliminary removal systems" steps. I've only gone about as far step 2 (running a free anti-virus software that I downloaded the night before). But hopefully if you could tell me if my problem is even one concerning viruses, I'd know a little more about what to do next.

    My problem is this: When I try to open up my harddrive (not C:\ but an extra one, not external), it freezes. I got a message saying that my virtual memory is low. I checked the task manager and sure enough, when I try to open up that hard drive, the virtual memory goes up and up reaching as far as 1.5 gb, before I "end program" - though it takes a while even for that to work. I've ran the anti-virus software and ad-aware but even what it did find and quarantine, didn't seem to help much, since I still have the same problem. :(

    Does this sound like a virus? And if so, would someone with limited computer skills (me) be able to understand beyond step 2 of what to do? :eek:

    Please advise. Thank you so much.

    -jenn.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    What you`re describing may well be caused by a virus and I urge you to follow the instructions and post the requested log files.

    Regards Howard :wave: :wave:

    This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jennp

    jennp TS Rookie Topic Starter

    update - stuck on step 13

    Okay. I've made it up to step 13, but I'm having problems after booting into safe mode. I've gone into safe mode under my normal user name, but when I double-click on my antivirus program, it doesn't do anything (it seems to load for a bit, the hourglass icon, but then...nothing).

    What should I do?

    Also - I've been booting into safe mode using the "system configuration tool method" (going through run - msconfig) because I can't get the F8 way to work (it just says keyboard error and my mouse and keyboard do not work).

    I've also done the second part of step 13, which is to show all files and folders.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, just move on to step14 etc.

    Regards Howard :)

    This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jennp

    jennp TS Rookie Topic Starter

    Happy Thanksgiving Howard!

    Is it okay then, to run Step 14, (SS&D, Ad-Aware, and AVG) all in normal mode? I noticed that at the end of Step 14, it says to "reboot into normal mode and rehide your protected OS files).

    -Jenn
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s quite alright.

    Regards Howard :)

    This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jennp

    jennp TS Rookie Topic Starter

    Hello again

    Here are the log files...

    And the Panda Antirootkit scan came up as:

    Rootkits detected: 0
    Removed: 0
    Sent to Panda: 0

    Thanks again!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    viewpoint
    viewpoint toolbar
    viewpoint manager
    BSplayer_WhenUSave_Installer

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

    Close the services window.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:



    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. jennp

    jennp TS Rookie Topic Starter

    Here it is :)

    Hello again,

    Hope I did everything correctly.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That all looks good.

    Click start/run and type combofix /u into the run box and hit the enter key. That should delete Combofix and all it`s folders etc.

    Have HJT fix these entries, if you don`t recognise them.

    O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab

    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab

    O16 - DPF: {BFE40CC2-CE88-4684-9F90-E9D43A832DCE} (DSNFileUpload Class) - http://gamerich.gemmir.com/arcade_module/arcade.cab

    O16 - DPF: {CA9C7127-7147-4A28-B297-5C36B0B3CE58} (p3skaset Class) - http://cyaod.cyworld.nate.com/player/aod/dll/p3skaset.cab

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. jennp

    jennp TS Rookie Topic Starter

    Thank you so much for all your help!

    I still had the problem after all that, but I deleted some files that I downloaded recently (around the time that this started) and it seems better now. But through this process I found a LOT of viruses and spyware that I normally would not have noticed.

    Thanks again!

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...