Virus problem.

[angelSLACKER]

i'm using avg and a trojan: downloader.generic2 wont be healed, move to virus vault or even delete...

i tried it in safe mode but no luck
scanned it using the following: Kaspersky, F-Secure and no virus was found!~

 

[howard_hopkinso]

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Run a full system scan with your antivirus programme and delete whatever it finds.

Reboot into normal mode and turn system restore back on.

Let me know if this solves your problem.

Regards Howard

 

[angelSLACKER]

here's the hijackthis log~

 

[howard_hopkinso]

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B1E3469A-2168-4469-996C-A06E1B367E3C}: NameServer = 58.69.254.6 58.69.254.8<Only fix this, if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Other than the above, your HJT log is clean.

It appears you`re not running any firewall software. You should consider getting some. The free Zonealarm or Kerio firewall programme are very good. Just Google for these.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

ah thank you for your reply, i managed to delete the "downloader.generic2" manually~~~

uhm i didn't remove any of those above because i'm kind-of using them~

thanks anyway! =)

 

[angelSLACKER]

thecoolpics link (virus content) spreading in Yahoo! Messenger

I opened a link from thecoolpics sent by a someone over at YM and since then, there's been a virus I can't seem to get rid of... It sends itself to people in my list, too (this is prob'ly how it got to me)! I have to log out to make sure it doesn't spread... I scanned using Ad-Aware and antivirus scanners. Ad-Aware detected something but the antivirus scanners didn't... I deleted it and I was able to run YM again... Each time I open the Internet Explorer, however, the home is set at the site where I got the virus! I can't change it! And I can't check the Task Manager coz it won't open... I tried the thread where it says how I can un-disable the Task Manager but I can't find the "Run" in my Start Menu...

Please help. And thanks!

 

[howard_hopkinso]

I have merged your new thread into this one.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard


This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

This is the only thing I can seem to do. =(

I can't boot into Safe Mode. I can't use Run. And my PC goes into Blue Screen in the middle of my AVG scanning.

And thank you!

 

[howard_hopkinso]

Follow as many of the instructions below as you can. Don`t worry if you can`t boot into safe mode at this stage.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

svchost32.exe<Not to be confused with svchost.exe
svhost.exe<Not to be confused with svchost.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost32.exe

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\system\svhost.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system\svchost32.exe<not to be confused with svchost.exe
C:\WINDOWS\system\svhost.exe<Not to be confused with svchost.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

svchost32.exe<Not to be confused with svchost.exe
svhost.exe<Not to be confused with svchost.exe

Close task manager

there is no task manager, it's disabled with right click:

and even when i press ctrl+alt+delete: it just prompts me if i wanna lock computer, log-off, shutdown, change password, and cancel.. the task manager is disabled as well~

but i managed to boot it in safemode here's the hjt for that~

and thanks again XD

EDIT;

oh & btw, there's also no Run on Start:

 

[howard_hopkinso]

Your HJT log apperas to be clean. Did you run the HJT scan from safe mode or normal mode?

If it was from safe mode, I need to see a fresh HJT log from normal mode.

Did you manage to delete the files I suggested?

As for your task manager problems, please see this thread HERE.

For your run problem, try the following.

To add RUN to the menu.
Right-click on the Start button and choose Properties from the menu
Click the start menu tab.
Then choose the "customize" button
Then choose the "advanced" tab and check the box for the Run command.

Click ok/apply/ok.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

It says:

Task Manager has been disabled by your administrator.

there is only 1 computer account and it's already administrator~

As for RUN:

there is NO Run command in the Advanced Tab

attached is the HJT log from normal mode.

again, thanks

 

[howard_hopkinso]

Your HJT log is clean.

Once you`ve clicked the advanced tab you should see a panel named "start menu items"

If you use the scroll bar to navigate though the list, you should see the run command box. It`s directly under the printers and faxes box. Make sure it`s ticked and click ok/apply/ok

For your task manager problem, see HERE and follow the instructions.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

i run ad-aware and i saw a disable task manager from there, now i can use the task manager, but as for the run there really is no run command, only the following:

Control Panel
Enable Dragging & Dropping
Favorites Menu
Help & Support
My Computer
My Documents
My Music
My Network Places
My Pictures
Network Connection
Printer & Faxes
Scroll Programs
Search
Set Program Access & Default
System Administrative Tool

 

[howard_hopkinso]

Yes, under network connections you should see the following three round radio buttons.

Display as Connect to menu<not selected

Don`t display this item<should be selected

Link to network connection folder<Not selected

Then directly under those, you should see some square little boxes starting with-

Printers and faxes

Run command <should be ticked

Scroll programs

Set programme access and defaults.

Let me know if this helps.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

here's the start menu items i have:

 

[howard_hopkinso]

Go HERE and see if it helps.


Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[angelSLACKER]

How can I go to my registry editor without the Run command?

 

[howard_hopkinso]

Open task manager, click file, new task and type regedit, click ok.

Regards Howard

This thread is for the use of angelSLACKER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.