Very weird virus. Two icons on desktop and tons of .tmp files in my documents and c:

Status
Not open for further replies.

techflame23

Posts: 58   +0
HI I have a very weird virus in my computer.
When i start up my computer i am being greeted with the following message

"Important-Potential errors found in the system

During a scan of files at system startup, potential errors in the system registry were found.
P-07-0100 irql: 1F SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED"

i also have two folders on my desktop which pose as windows update and help and support center but if you click on them they bring up a webpage advertising a virus scan product which is most likely fake . If i try to delete these they come back again in the next minute. Also in my documents and c:. I have tons of .tmp files all labelled from pos1A00 to posFFF. I can delete some of them but the others say that they are in use and i can not delete them. The ones that i can delete come back once i restart my computer. Someone please HELP!
 
Oops i forgot to say that i am also getting a pop up that says:

"A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer
****WXYZ.SYS-Address F73120AE base at c00000, DateStamp 36b072A3
Kernel Debugger Using:COM2 (port 0x28F, Baud rate 192000)"

I will run hijackthis soon and post a log in my next post.
 
Here is my hijackthis log as promised. Any help with fixing this virus would be appreciated!
 

Attachments

  • hijackthis.log
    8.9 KB · Views: 10
Yes you are infected!

standby and someone will followup with techiques to clean your system.
 
Hello. I am having this same exact problem. Additionally, a little bit of time after booting up I can not open folders (my documents; my pictures; my computer...etc.). Any help would be greatly appreciated. Thanks.
 
Dear calbano;

For clarity and to avoid confusion, PLEASE post your problems in threads that you create. You can always relate to some other thread by pasting that URL into your post.

Thank you :)
 
this is gonna sound weird but, did this virus appear after you installed BioShock (if ya did)? i ask because that happened to me.
 
I have exactly the same symptons as Techflame23, but the virus has got such a stranglehold on my system that it operates at a snail's pace. I also have a red X across the C Drive in My Computer. I can't even format my C Drive - system is unable claiming that utilities are open that preven formatting.
At the end of my tether !!
 
540705 said:
I have exactly the same symptons as Techflame23, but the virus has got such a stranglehold on my system that it operates at a snail's pace. I also have a red X across the C Drive in My Computer. I can't even format my C Drive - system is unable claiming that utilities are open that preven formatting.
At the end of my tether !!


Please open a new thread in this forum. This permits a 1-to-1 dialogue. Use a title descriptive of your problem for the flood of tmp files.

Is the system more stable in Safe Mode?
Consider a System Restore to the day before this began (make note of applications installed after the selected restore point).

If the above actions are taken, include in the posting.
 
Ok guys i have fixed it i hope!!
Except for the pop ups that you get when you are the intenet
I just downloaded virtumundobegone by googleing it up
I then ran it and i saved a log to the desktop.It deleted some files and two of them it couldnt delete so t tryed to put a .vir on the end. It coulnt but it signified the files i manually hao delete. I deleted them and it fixed my computer. The icons on the desktop i could delete and the .tmp files that i couldnt i can now. Also the pop ups that i have listed in my above posts have also disappeared. But i still get the regular pop up ads when i am on th internet. They just wont go away. My computer is not also as slow as before but it still lags a bit hence if you see bad spellng in this post it will be due to that. I will post my new hijackthis log so that someone can check that my computer really is clean.
 
Well done. It must be a relief.

I suggest it is time to re-assess your situation now that things are more stable.

If you are being bothered by internet popups, as a minimum, review the
Internet Explorer ! Tools ! privacy tab and the associated 'popup' controls.
Remove all from the allowed list lets you start over by admitting sites as you re-visit them

Apply all Windows security updates.

As suggested by another post, consider a reload or a reformat, which was the entry point for this forum. These choices take much time and effort. During this period of calm, make note of annoyances and hiccups.

Happy Computing.
 
Hi the pop-ups are not really internet pop-ups but they are only triggred when the internet is connected. I have a feeling that there is still a file or folder that i have not deleted yet. If anyone has theorys on how to locate it then they would be appreciated!

Thanks!
 
kittengod094 said:
this is gonna sound weird but, did this virus appear after you installed BioShock (if ya did)? i ask because that happened to me.

Isn't bioshock a FPS game?
No i did not get it from bioshock as i don't even have it (my system can't support something like that). Anyway to get a virus from that you would have to have a non official illegal copy ripped off an authentic disk. perhaps the person who did it had the virus.....You never know.
 
Red Cross where the C Drive used to be

Hi All

I have followed the link fromJulio on TechSpot Forum and this helped to rid the PC of the virus - it took a long time particularly in the early days when the PC had slowed. I was able to delete the tmp files (000's of them) and things are looking a little brighter. System still slow on start-up. And I have a big red cross icon where my C Drive used to be - wtf is causing that?
 
Can you please start you own thread and post the requested logs, after reviewing your logs the cause of your symptoms should be clear and further instructions can be given.

We need:
1)Hijackthis log
2)combofix log
3)avg log

This thread is for the use of techflame23 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hi blind dragon. i Have parsed my new hijackthis log and it doesnt show much but i will post it soon. I still need to download avg and combofix so ill post them when i get the programs. Anyway a recent virus scan has quarantined over 10,000 files and when i try to get into it the CPU usage gets to 100% and trend micro (my virus program) says that it is not responding. I looked on the task manager and under processes i found that a file called ufnavi was using between 97-99% of the CPU usage. Also trend micro quarantines about two of the same virus every time i log onto my computer. Thir names are somewhere along the lines of Troj.vundo. I dont know if this is to do with the last virus but it is annoying that i cant get in to delete the 10,000 + viruses/spyware that are in quarantine. Will post my logs soon.
 
540705 said:
Hi All

I have followed the link fromJulio on TechSpot Forum and this helped to rid the PC of the virus - it took a long time particularly in the early days when the PC had slowed. I was able to delete the tmp files (000's of them) and things are looking a little brighter. System still slow on start-up. And I have a big red cross icon where my C Drive used to be - wtf is causing that?
I never had the red cross, but i see your computer is lagging and missing out letters like mine does now..... It never did before i had this virus.
 
Blind Dragon said:
hi, can you please post a fresh Hijackthis log and combofix log

Also did you go through the 15 step preliminary removal?https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

CCleaner should get rid of those temp files and the icons sound like smitfraud or vundo which is one of the 3 tools

Its not smitfraud because ive had that before and it was different but vundo...... now thats a different story. Trend micro is quarantining about two troj.vundo's per day!!!
 
Ok here is my fresh hijack this log.
There are about four files that concerned me all to do with ctfmon. parasite.

Lets see what you guys think.
 

Attachments

  • hijackthis.log
    8.3 KB · Views: 7
info on virus

1) no, I didn't obtain BioShock illegally (and it didn't even work:mad: ) and 2) all I had to do was restore my computer to the day before I noticed the virus and then later I found a file called 10ktmp.tmp or something like that in C:\Documents and Settings\[my user]\Local Settings\ (which is hidden) and if you open the file with notepad, you'll find the filenames of all those .tmp's so I just deleted it and no more problems! hope this helps. PS: I can't remember exactly where the file was but I know it was in Documents and Settings in a hidden file. it's really hard to miss.
 
Status
Not open for further replies.
Back