Virus infection

[dark_angel_v]

My computer has been infected by some unknown virus, pls help me identify and fix it.

The virus has disabled my task manager, regedit, tweakui, norton auto-protection, ad-aware and some startup processes.

Any advice will be greatly appreciated. Thanks

 

[momok]

Hi dark_angel_v and welcome to techspot. =)

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

You are also running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.

Have HijackThis fix these entries:

O4 - HKLM\..\Run: [Resume copy] --copyfstq.exe /startup
O4 - HKLM\..\Run: [] --
O4 - HKLM\..\Run: [KernelFaultCheck] --
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://nettv.1-net.com.sg/peter/tvantsx.0675.cab

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[dark_angel_v]

Thank you for your prompt reply and help

I've carried out the preliminary removal instructions and regained the control of the task manager, 'run' function, regedit and tweakui. But I still have no access to norton auto-protection and ad-aware.

Nothing was detected when I ran the AVG Antirootkit. I've attached the fresh HJT, AVG Antispyware and Combofix logs for your viewing. Pls instruct me on how to proceed from here. Thanks again for your help.

 

[momok]

Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\DARK\Application Data\Mozilla\Profiles\default\cintrakc.slt\prefs.js)

O4 - Global Startup: AutorunsDisabled

Close HJT.

Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[dark_angel_v]

Done as told

I've done as you required.

Anyway, I've reinstalled the norton internet security and ad-aware, and they work fine. Now the whole system is behaving just as it used to be.

But I'm quite afraid that there is still any trace of the virus lurking somewhere in the system waiting to reactivate itself.

Pls advise me on removing the virus altogether. Thanks

 

[momok]

Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of dark_angel_v only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[dark_angel_v]

Thanks, Momok
I'm very grateful for all the assistance that you had provided.
I had renewed the restore points and will be extra careful from now on.

 

[momok]

Glad to be of help. Enjoy your clean system hehe.

Regards,
Your friendly momok =)