TechSpot

Virus infection

By dark_angel_v
Jun 30, 2007
Topic Status:
Not open for further replies.
  1. My computer has been infected by some unknown virus, pls help me identify and fix it.

    The virus has disabled my task manager, regedit, tweakui, norton auto-protection, ad-aware and some startup processes.

    Any advice will be greatly appreciated. Thanks
  2. momok

    momok TS Rookie Posts: 2,272

    Hi dark_angel_v and welcome to techspot. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    You are also running an outdated version of HijackThis.
    You can obtain the latest version from the link in my signature.

    Have HijackThis fix these entries:

    O4 - HKLM\..\Run: [Resume copy] --copyfstq.exe /startup
    O4 - HKLM\..\Run: [] --
    O4 - HKLM\..\Run: [KernelFaultCheck] --
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://nettv.1-net.com.sg/peter/tvantsx.0675.cab

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. dark_angel_v

    dark_angel_v TS Rookie Topic Starter

    Thank you for your prompt reply and help :)

    I've carried out the preliminary removal instructions and regained the control of the task manager, 'run' function, regedit and tweakui. But I still have no access to norton auto-protection and ad-aware.

    Nothing was detected when I ran the AVG Antirootkit. I've attached the fresh HJT, AVG Antispyware and Combofix logs for your viewing. Pls instruct me on how to proceed from here. Thanks again for your help.
  4. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\DARK\Application Data\Mozilla\Profiles\default\cintrakc.slt\prefs.js)

    O4 - Global Startup: AutorunsDisabled

    Close HJT.

    Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. dark_angel_v

    dark_angel_v TS Rookie Topic Starter

    Done as told

    I've done as you required.

    Anyway, I've reinstalled the norton internet security and ad-aware, and they work fine. Now the whole system is behaving just as it used to be.

    But I'm quite afraid that there is still any trace of the virus lurking somewhere in the system waiting to reactivate itself.

    Pls advise me on removing the virus altogether. Thanks :)
  6. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Your logs look clean now.

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    You may also delete the C:\VundoFix Backups folder and its contents.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. dark_angel_v

    dark_angel_v TS Rookie Topic Starter

    Thanks, Momok :)
    I'm very grateful for all the assistance that you had provided.
    I had renewed the restore points and will be extra careful from now on.
  8. momok

    momok TS Rookie Posts: 2,272

    Glad to be of help. Enjoy your clean system hehe.

    Regards,
    Your friendly momok =)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.