TechSpot

Virus problem?

By WreC
Jul 4, 2006
  1. Ok little confused... I got a msg on aim from a friend w/ a link.. So i dl/ed it and it happend to be a virus of some sort and would disable taskmanager and also any type of virus scan. After installing a product for startup control i found the problem and disabled it, but when i searched for it on the computer it was no where to be found. I ran a HJT after i disabled it and i was wondering if anyone could tell me if i elimnated the problem or if it still existed. Thanks in advance for any help provided
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint\Viewpoint Toolbar V35

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    mb2np

    close the services window.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    FotomatDeviceConnect.exe
    ViewMgr.exe
    sxkfpb.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

    O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

    O4 - HKLM\..\RunServices: [mb2np] sxkfpb.exe

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

    Fix all 018-Protocol entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint
    sxkfpb.exe you will need to search your system for this file and delete all instances of it.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :wave: :wave:
     
  3. WreC

    WreC TS Rookie Topic Starter

    ok, did what u said. this is the log file:
     
  4. WreC

    WreC TS Rookie Topic Starter

    Sry for the double post... Different computer... same problem ... posted HJT results also. :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Exactly the same entries are in your HJT log.

    Go back to my instructions and try them again please.

    Post a fresh HJT log when done.

    Regards Howard :)
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    As for the HJT log for the other computer.

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - <default> - (no file)

    O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)

    O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -

    Fix all O18 - Protocol: entries.

    Click on the fix checked button.

    Close HJT.

    Other than the above, this system is clean.

    Regards Howard :)
     
  7. WreC

    WreC TS Rookie Topic Starter

    Ok here is the hjt log again :) But there is still one thing wierd... on this computer at random it closes certrain websites... i have no idea why.. ive disabled popups/made sure it wasnt restricted turned off any form of firewall and to no avail it still does it... one of the site is www.marineland.net it will start to load then close all instances of the program i had running. It leaves no error screen no nothing just closes.... I have yet to figure out why :evil: :evil: :evil: :evil: is all i can think of :(
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    mb2np

    close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    sxkfpb.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

    O4 - HKLM\..\RunServices: [mb2np] sxkfpb.exe

    Click on the fix checked button.

    Close HJT.

    Run HJT again and click on the config button, followed by the misc tools button.

    Click the delete file on reboot button and browse to sxkfpb.exe(you may need to search your system to find out where this file is located. Delete all instance3s of it). Click on sxkfpb.exe and click open. You will be prompted to restart your computer, click yes.

    Once your computer has restarted, turn system restore back on and post a fresh HJT log.

    Regards Howard :)
     
  9. WreC

    WreC TS Rookie Topic Starter

    Posted yet another HJT logg but still have the problem i listed before :( quote on this computer at random it closes certrain websites... i have no idea why.. ive disabled popups/made sure it wasnt restricted turned off any form of firewall and to no avail it still does it... one of the site is www.marineland.net it will start to load then close all instances of the program i had running. It leaves no error screen no nothing just closes.... I have yet to figure out why is all i can think of end quote
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Have HJT fix the following inactive entries.

    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

    Click on the fix checked button and close HJT.

    Other than the above, your HJT log is now clean.

    I want you to try something for me.

    Download and install the Firefox browser from HERE.

    It`s a lot more secure than IE.

    See if you still have the same problems with web pages automatically closing.

    Please let me know.

    Regards Howard :)
     
  11. WreC

    WreC TS Rookie Topic Starter

    Tried it and i got the same result.. i have no idea what it could be.. it just closes it and any thing to do with it.. it also does it in ie.. so i am not quite sure what is up with it.
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Mmm very strange.

    Go HERE and follow all the instructions exactly.

    This is because you may have some kind of infection, that isn`t showing up in HJT.

    Please let us know the results.

    Regards Howard :)
     
  13. WreC

    WreC TS Rookie Topic Starter

    I dont think it is adaware i think it may be somethign w/ activex because it has done it ever sense i have installed Windows Xp on it.... so idk if perhaps i have my controls set so when something triggers it that it auto closes only thing i can think of but i dont know much about activex ... so im not sure
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    The thing is, Firefox doesn`t use ActiveX controls and I can open the www.marineland.net website using Firefox without any problems.

    I`m not sure what else to suggest to be honest.

    Maybe you should open a new thread in our Windows OS forum.

    Sorry I couldn`t help solve your problem.

    Regards Howard :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.