Virus: I don't know what kind it is

By HuaracheKing
May 19, 2009
Topic Status:
Not open for further replies.
  1. I got this from trying to download a crack to goldwave 5.25. I should have known better than to try that without having my anti-virus updated (a careless mistake on my part) and when I tried to open the crack i immediately knew what happened.

    I have windows XP, and now my windows toolbar now looks like its from windows ME or windows 2000. I can't copy and paste anything either. I also tried to install Kaspersky as well as other anti-virus softwares and it won't let me install any of them. I tried to do the 8 step virus removal that was stickied @ the top of this thread, but i can't install anything but the cleaner so i couldn't carry that out effectively. My computer doesn't run slow or anything, so I'm thinking its not that serious of a virus but I could be wrong. I've attached my log so I hope that helps. Somebody please help me out on this. I'm a DJ and my computer is my money maker. Any assistance would be greatly appreciated. Thanks in advance.

    Attached Files:

  2. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    can somebody look @ this and please help.....i've done my homework and I don't know what else to do
  3. touch

    touch Newcomer, in training Posts: 978

    Hello HuaracheKing

    Sorry for late reply.

    Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
    Not more.
    Remove/uninstall from "Programs and Features" in controlpanel:
    One of Your antivirus programs (ESET or Kaspersky.)

    Reboot.

    Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
    http://www.bleepingcomputer.com/files/lspfix.php
    Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
    Click on -> I know what I'm doing – move - 5756687.dll to rigth pane using >>> then – Finish – button

    Reboot

    Then please run the steps in this guide:

    8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Post attached log´s from:

    Malwarebyte
    Superantispyware
    Hijackthis


    In your next reply
  4. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    Thank you so much for getting back to me.

    when i try to uninstall it thru the control panel it says:

    "the windows installer service could not be accessed. This can occur if you are running windows in safe mode (which i am not) or if the windows installer is not correctly installed. contact your personal support specialist for assistance"

    This is the same message it gives me when i try to install stuff too. so should i try to just go into the program files and delete it manually?
  5. touch

    touch Newcomer, in training Posts: 978

  6. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    ok....sorry it took me so long to get back to u,

    but when i downloaded the windows installer from the website that you forwarded to me and since i have windows sp3 it said it wasn't compatible because that version is only compatible up to windows sp2. i then went to this website (softwarepatch.com/windows/wininstallnt.html) to try to get a newer windows installer and it gave me this message:

    KB942288-v3 Setup Error
    Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on the computer.

    are there any other options that i have?

    I know that once i'm able to uninstall and copy/paste things onto my computer, i'll be able to rid the virus with the trial version of bit defender or kaspersky (that is why you see kaspersky on my system because as soon as i saw that i had the virus i tried to install it, but it wouldn't let me run a scan).
  7. touch

    touch Newcomer, in training Posts: 978

    Download Dial-A-Fix to desktop
    http://majorgeeks.com/Dial-a-fix_d4899.html
    Choose one of the servers at majorgeeks
    And extract it to a memorable folder.

    Step 2:
    These options should repair the issue at hand.
    Run Dial-A-Fix and locate the “Fix SSL/HTTPS/Crytography” section of the .
    Step 3:
    Make sure all options in this section are ticked.
    Step 4:
    With all the check boxes ticked, press the GO button and let Dial-a-Fix work.

    Reboot
  8. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    ok.....i did that and i still recieved this message

    "the windows installer service could not be accessed. This can occur if you are running windows in safe mode or if the windows installer is not correctly installed. contact your personal support specialist for assistance"

    please don't tell me that your next step 4 me is to reformat my hard drive
  9. touch

    touch Newcomer, in training Posts: 978

  10. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    ok. well that helped me out with getting the msiexec uninstalled so that i can reinstall it, but now it won't let me install the latest version of it. when i tried to re-install msi, it gave me this message:

    KB942288-v3 Setup Error
    Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on the computer.

    if i can bypass that, or at least get my computer to copy and paste, i KNOW i can beat this virus. what to do now?
  11. touch

    touch Newcomer, in training Posts: 978

    That´s odd. See if you can run combofix, it don´t need to be installed ->

    Please download combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  12. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    man....u're helpin me out a whole lot. even tho we haven't solved the prob in full yet, i just want to thank u. but here's the log u asked for
  13. touch

    touch Newcomer, in training Posts: 978

     
  14. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    i wish i could....the virus has disabled my internet, as well as my copy and past function
  15. touch

    touch Newcomer, in training Posts: 978

    I have a bad feeling about this.

    Rightclick on the below files - Properties, and tell if they are Microsoft files ?
    c:\windows\system32\user32.dll
    c:\windows\system32\winlogon.exe
    c:\windows\explorer.exe
  16. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    it says that they're all MS apps....and since we're both online u wanna talk thru a messenger or something....only if its easier 4 u
  17. touch

    touch Newcomer, in training Posts: 978

    I don´t use messenger or any other chat program ;)


    Run a scan with HijackThis. Check the following and hit 'Fix checked'
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Raul\uumcdg.exe \s
    O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll
    O4 - HKLM\..\Run: [kalfr] C:\WINDOWS\system32\kalfr.exe \u
    O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work
    O4 - HKCU\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
    O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
    O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work (User '?')
    O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')
    O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')



    Reboot to safe mode ->

    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.
    .
    Show hidden files and folders.
    Click Start button, then go to Programs, Accessories and click on Windows Explorer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the "Hidden files and folders" heading please check Show hidden files and folders.
    Uncheck the Hide protected operating system files (Recommended) option.
    Click Yes to confirm.
    Click OK.

    Find and delete these files (if present)
    c:\windows\system32\5756687.dll
    C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe
    C:\WINDOWS\system32\kalfr.exe
    C:\Documents and Settings\Raul\uumcdg.exe
    C:\WINDOWS\system32\sdrgfcvbf.dll
    C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe


    Delete this folder:
    C:\Program Files\Viewpoint

    Reboot, attach new hijackthis log and tell how things are running ?
  18. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    i didn't find any of these in hijack this.....i was able to delete the viewpoint folder tho. also i none of those .dll's or .exe's were present either. so on to the next step......oh yhea....i attached the new HJT file as u asked
  19. touch

    touch Newcomer, in training Posts: 978

    Ok :)

    can you run combofix now ?

    It´s possible you´ll have to run it from safe mode
  20. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    ok. i was able 2 run combofix last night and is there a preference in how i run it? it ran fine in the reg mode
  21. touch

    touch Newcomer, in training Posts: 978

    Great -

    Please download combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  22. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    here is the now combo log.....

    just so you know tho....i still cannot connect to the internet, copy/paste, install/uninstall programs.
  23. touch

    touch Newcomer, in training Posts: 978

    I don´t think your problems are virus related, I´ll therefore suggest you check for corrupted or missing system files.

    Click Start > Run and type sfc /scannow and the click OK.
    Note the space between the c and the /
    You may need your Windows XP CD so have it ready.
    If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD. This can be done with a borrowed CD, if you don't have one.
    Allow the scan to run and when completed, reboot the system.
  24. HuaracheKing

    HuaracheKing Newcomer, in training Topic Starter

    ok....well i don't know if i have the xp cd. i may have to look for it. and it has to do with a virus somehow, someway....i have windows xp and my toolbar looks like its from windows 2000.

    but i ran the scan and it took about an hour and some change, and after it finished i rebooted and nothing really happened. it didn't ask me for the xp cd or anything like that, and my cpu is doing the same things
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.