TechSpot

Virus help?

By Lilli
Sep 23, 2008
  1. my computer has decided within the last few weeks to rebel against me and misbehave:
    i get multitudes of pop-ups, literally 10-15+ within a few minutes, as well as several different "antivirus" programs that continually pop up and try to download themselves. currently there is one with a "license agreement" screen that, upon showing up, cannot be closed.
    usually after a while of this, my start bar disappears and i have to reboot before it will come back.
    i'm using windows XP, and have mcafee security software which at least 3 times a day says it has detected a trojan or bad program and that it has been removed.
    also, when i reboot my computer, my desktop has started coming up blank, and a warning message says that "x is a bad image please check it against your installation diskette".
    so basically, i'm on self-destruct here and could use some help!
    thanks!
     
  2. tw0rld

    tw0rld TS Maniac Posts: 609   +6

  3. SpiritWind

    SpiritWind TS Rookie Posts: 164

  4. AtK SpAdE

    AtK SpAdE TechSpot Chancellor Posts: 1,851

    Or I could just do it in person lol. But just follow the guides and if you need help (they can be a bit confusing) post here or you know where I'm at.
     
  5. tw0rld

    tw0rld TS Maniac Posts: 609   +6

  6. Lilli

    Lilli TS Rookie Topic Starter

    first log

    malwarebyte's log attached
     
  7. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    There should be three logs. More importantly is the HJT log. 85 infections in mbam log. I need the HJT log.
     
  8. Lilli

    Lilli TS Rookie Topic Starter

    2nd log

    i know, i'm working through them...
    superantispyware attached
     
  9. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    Based on both logs, it must have been a while since you last checked your system for Malware.
     
  10. Lilli

    Lilli TS Rookie Topic Starter

    3rd log

    guilty...

    and here's the HJT, sorry they're all separate.

    i appreciate the help!
     
  11. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    Reset IE to default

    To use RIES in Internet Explorer 7, follow these steps:
    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
    Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.
     
     
  12. Lilli

    Lilli TS Rookie Topic Starter

    i don't generally use internet explorer...i have it, and for some reason that's what all my pop-ups come up on, but i usually use firefox. does that make any difference?
     
  13. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    Run Hijackthis again, check the following and click fix checked.

    Remove the following from startup list using msconfig
    How to use msconfig
    Start > run > type Msconfig > select startup tab > uncheck the following

    1. qttask.exe
    2. iTunesHelper.exe
    3. sprtcmd.exe
    4. jusched.exe
    5. DSAgnt.exe
    6. msmsgs.exe
    7. msmsgs.exe
    8. sprtcmd.exe
    9. SUPERAntiSpyware.exe
    10. RCADetective.exe
    11. reader_sl.exe
    12. DMXLauncher.exe
    13. quickset.exe

    Update the following
    Adobe acrobat reader

    Make sure Mcafee is updated with latest definitions then run scan.

    Make sure that you have done the procedure mentioned in the previous post(Reset IE to Default Setting).
    When done post New HJT log.
     
  14. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    Still perform the procedure. Some IE settings are missing.
    I am off to bed. I will look at your log 2morrow.
     
  15. m.adib_87

    m.adib_87 TS Rookie

    anti virus

    hai......


    what anti virus surpose i use?
     
  16. tw0rld

    tw0rld TS Maniac Posts: 609   +6

  17. Lilli

    Lilli TS Rookie Topic Starter

    new hjt log

    the new log is attached
    thanks
     
  18. tw0rld

    tw0rld TS Maniac Posts: 609   +6

    Good to go!

    Looks good!
    Just remove a few more things from startup list using msconfig

    • winampa.exe
    • Reader_sl.exe
    • aim6.exe
    • ctfmon.exe
    • sprtcmd.exe
    • dsca.exe

    Everything looks fine. I see no sign of any threats. Just practice safer browsing. Make sure that all your security software are updated, also perform frequent system scans.

    Safe Browsing Practices.

    • Make sure your computer is updated!
    • Browse the Web with an up to date browser!
    • Run anti-spyware programs weekly.
    • Run Anti-virus programs to search for viruses.
    • Set your Operating System to always show file extensions.
    • Other Safe Browsing Practices


    Info taken from here; http://www.bio.fsu.edu/complabs/safebrowse.php I'm too lazy to make a list of my own.
     
  19. Lilli

    Lilli TS Rookie Topic Starter

    thanks for all your help!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.