VIRUS! Please help

Status
Not open for further replies.

brutalhoe

Posts: 45   +0
i got few nasty things on my pc and i need help.virus shut off my anti virus and dint let me install avg,wouldn't let me do a system restore,took me awhile to run house call cuz it kept closing the window,even shut off my pc few times im not even talking about spam and some software installs from nowhere.
I've done all the steps in Viruses/Spy ware/Mal ware, preliminary removal instructions.
AntiRootkit didn't find anything.

I was also trying to install Nero 8 i currently have 7 and when i try to install 8 it tells me i need to uninstall 7 first, when i prompt if i want to delete old version i hit on yes it tells me that it cant find Nero.msi .i tried to search for it with windows search but it doesn't work i see the stupid dog but there is no search bubble on top? also few other softwares acted the same way.so i cant uninstalls them now?
Thanks for your help, i don't know what would i do with out your help guys.
 
sweet i got better news,windows update dont work for crap,if i hit windows update from start menu it opens new windows and i see a blank white screen,i tried to go there from microsoft and all i get is this
"Checking if your computer has the latest version of Windows updating software for use with the website…
The website uses ActiveX controls to determine which version of the software your computer is running. If you see an ActiveX warning, make sure the control is digitally signed by Microsoft before installing it or allowing it to run."
and nothing happening. is this that time when i need to nuke my xp? or maybe reinstall SP2 and see if that works?can i get some help here PLEASE!!

maybe there is some tool that will fix my problems? would sfc/scannow do anything?
 
cmon some 1 please help me,second day and no1 posted single post,ppl who posted their problem today already been helped and im waiting 2nd day to get some help.
 
If you read the info in the link , and follow the instructions given you should be able to figure out whats going on. LOL
 
well if u read my post i said that i already did it and i posted the logs too and i needed some one to check my logs.
 
Calm down, did you try it in safe mode ? I only offered a response because noone else did, have patience. Have you checked your processes to see if anything abnormal is running in the back ground ?
 
tneff said:
Calm down, did you try it in safe mode ? I only offered a response because noone else did, have patience. Have you checked your processes to see if anything abnormal is running in the back ground ?

jee thanks but i need like professional to help me, my pc works even that half of my **** doesn't work.sys restore is ****ed,WM player wont even open, few softwares missing .msi files,windows update is ****ed too,sfc/scan ask for cd and it keep telling im using wrong cd even that its genuine cd from the store, i even copied I368 folder to c: and changed path in regedit it still does some thing.so if u can help me that will be great but i doubt it.thanks for concern
 
Please note: HJT and any other logs must not be posted as .doc files. This is due to the risk of viruses etc.

you need to post the actual logs or even rename them as txt, so they can be opened with notepad
 
reformat is not the best solution since i have lots of stuff that i don't have a cd for anymore so that will suck i also was think of running windows repair from CD but what will it do concerning my games, music softwares and how they will work after.
srry for the logs i miss understood the the mall ware instruction lol im gonna run the scans over again since it's been 3 days after i posted those logs and i cleaned a lot of registry entries and some softwares
 
The repair function won't cause you to lose data, only microsoft updates, but it also wont get rid of malware
 
Hi,

You mentioned that you have gone through the instructions and have the logs. However, because some time has lapsed, I require you to provide 3 fresh logs: AVG antispyware, HJT from normal mode and ComboFix from normal mode.

Do the scans in this order: AVG, ComboFix, HJT. I'll reply you as soon as I see your logs.
 
here we go finally i got some1 to help me,thanks for helping momok i've been waiting for 3 days now.I had to put combo and adware(found more virus thought u might want to take a look and i also included fist avg scan log cuz i didnt find anything on the second scan except tracking cookies) logs in zip it kept telling it was to big to post.
P.S. what happened to hopkinso? he got banned? he helped me out last time kinda sad,seemed like a great guy.

Blind Dragon said:
The repair function won't cause you to lose data, only microsoft updates, but it also wont get rid of malware

thats why im trying to clean out my pc first, i don't care about updates they can be download again but my programs and such how they gonna act? are they still gonna work properly? in my other post i listed most of the problems that im having atm that been caused by virus (https://www.techspot.com/vb/showthread.php?p=559297#post559297)

Got it sir my bad
 
Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type msconfig. Press the enter key.
    Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

    License

  4. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {2EF2834D-9B4D-4BBC-803D-6C887A824AE4} - (no file)
    O4 - HKLM\..\Run: [License] locker.exe
    O20 - Winlogon Notify: tuvsqqo - tuvsqqo.dll (file missing)

    Close HJT.

  5. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\Alcmtr.exe
    C:\WINDOWS\system32\dllcache\OLDE02.tmp
    C:\WINDOWS\system32\dllcache\OLDD87.tmp
    C:\WINDOWS\system32\dllcache\OLDD7F.tmp
    C:\WINDOWS\system32\dllcache\OLDCF1.tmp
    C:\WINDOWS\system32\dllcache\OLDCC0.tmp
    C:\WINDOWS\system32\dllcache\OLDC83.tmp
    C:\WINDOWS\system32\dllcache\OLDC25.tmp
    C:\WINDOWS\system32\dllcache\OLDB77.tmp
    C:\WINDOWS\system32\dllcache\OLDB3F.tmp
    C:\WINDOWS\system32\dllcache\OLDB17.tmp
    C:\WINDOWS\system32\dllcache\OLDAB8.tmp
    C:\WINDOWS\system32\dllcache\OLDA42.tmp
    C:\WINDOWS\system32\dllcache\OLD9C1.tmp
    C:\WINDOWS\system32\dllcache\OLD991.tmp
    C:\WINDOWS\system32\dllcache\OLD96D.tmp
    C:\WINDOWS\system32\dllcache\OLD8FB.tmp
    C:\WINDOWS\system32\dllcache\OLD894.tmp
    C:\WINDOWS\system32\dllcache\OLD83B.tmp
    C:\WINDOWS\system32\dllcache\OLD76C.tmp
    C:\WINDOWS\system32\dllcache\OLD739.tmp
    C:\WINDOWS\system32\dllcache\OLD6CA.tmp
    C:\WINDOWS\system32\dllcache\OLD619.tmp
    C:\WINDOWS\system32\dllcache\OLD5F7.tmp
    C:\WINDOWS\system32\dllcache\OLD516.tmp
    C:\WINDOWS\system32\dllcache\OLD47C.tmp
    C:\WINDOWS\system32\dllcache\OLD458.tmp
    C:\WINDOWS\system32\dllcache\OLD325.tmp
    C:\WINDOWS\system32\dllcache\OLD19B.tmp
    C:\WINDOWS\system32\dllcache\OLDA2.tmp
    C:\WINDOWS\system32\dllcache\OLD42.tmp
    C:\WINDOWS\system32\dllcache\OLDE.tmp
    C:\WINDOWS\system32\dllcache\OLD8.tmp
    C:\WINDOWS\system32\dllcache\OLD2.tmp
    C:\WINDOWS\system32\dllcache\OLDB.tmp
    C:\WINDOWS\system32\dllcache\OLD5.tmp
    C:\WINDOWS\000001_.tmp
    C:\WINDOWS\system32\BReWErS.dll
    C:\WINDOWS\system32\pbsvc[1].exe
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsqqo]
  6. Save this as CFScript on the desktop.
  7. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  8. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

  9. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh HJT log and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of brutalhoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Hi,

  1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\system32\dllcache\OLDD83.tmp
    C:\WINDOWS\system32\dllcache\OLDD45.tmp
    C:\WINDOWS\system32\dllcache\OLDD32.tmp
    C:\WINDOWS\system32\dllcache\OLDCE3.tmp
    C:\WINDOWS\system32\dllcache\OLDC8B.tmp
    C:\WINDOWS\system32\dllcache\OLDC2E.tmp
    C:\WINDOWS\system32\dllcache\OLDB8E.tmp
    C:\WINDOWS\system32\dllcache\OLDB37.tmp
    C:\WINDOWS\system32\dllcache\OLDB13.tmp
    C:\WINDOWS\system32\dllcache\OLDABC.tmp
    C:\WINDOWS\system32\dllcache\OLDA3C.tmp
    C:\WINDOWS\system32\dllcache\OLDA1A.tmp
    C:\WINDOWS\system32\dllcache\OLD999.tmp
    C:\WINDOWS\system32\dllcache\OLD939.tmp
    C:\WINDOWS\system32\dllcache\OLD91C.tmp
    C:\WINDOWS\system32\dllcache\OLD8CE.tmp
    C:\WINDOWS\system32\dllcache\OLD890.tmp
    C:\WINDOWS\system32\dllcache\OLD793.tmp
    C:\WINDOWS\system32\dllcache\OLD73F.tmp
    C:\WINDOWS\system32\dllcache\OLD6CD.tmp
    C:\WINDOWS\system32\dllcache\OLD63D.tmp
    C:\WINDOWS\system32\dllcache\OLD611.tmp
    C:\WINDOWS\system32\dllcache\OLD536.tmp
    C:\WINDOWS\system32\dllcache\OLDDF0.tmp
    C:\WINDOWS\system32\dllcache\OLD4D3.tmp
    C:\WINDOWS\system32\dllcache\OLD424.tmp
    C:\WINDOWS\system32\dllcache\OLD335.tmp
    C:\WINDOWS\system32\dllcache\OLD2F3.tmp
    C:\WINDOWS\system32\dllcache\OLD9A.tmp
    C:\WINDOWS\system32\dllcache\OLD29.tmp
  2. Save this as CFScript on the desktop.
  3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post a fresh HJT log and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of brutalhoe only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
well right before it gave me a report i saw something like Cant read something with DNE or something like that
 
1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

Comments:
***IMPORTANT NOTE: DO NOT MODIFY ANY INFORMATION IN THIS FILE***
***ANY UNSUPERVISED CHANGES TO THIS FILE MAY POTENTIALLY DAMAGE THE WORKINGS OF THE SYSTEM WHEN AVENGER IS RUN***

Files to delete:

C:\WINDOWS\system32\dllcache\OLDE14.tmp
C:\WINDOWS\system32\dllcache\OLDD97.tmp
C:\WINDOWS\system32\dllcache\OLDD49.tmp
C:\WINDOWS\system32\dllcache\OLDCF7.tmp
C:\WINDOWS\system32\dllcache\OLDCA8.tmp
C:\WINDOWS\system32\dllcache\OLDC68.tmp
C:\WINDOWS\system32\dllcache\OLDC2B.tmp
C:\WINDOWS\system32\dllcache\OLDB9E.tmp
C:\WINDOWS\system32\dllcache\OLDB23.tmp
C:\WINDOWS\system32\dllcache\OLDACF.tmp
C:\WINDOWS\system32\dllcache\OLDA6F.tmp
C:\WINDOWS\system32\dllcache\OLDA2A.tmp
C:\WINDOWS\system32\dllcache\OLDA12.tmp
C:\WINDOWS\system32\dllcache\OLD995.tmp
C:\WINDOWS\system32\dllcache\OLD976.tmp
C:\WINDOWS\system32\dllcache\OLD915.tmp
C:\WINDOWS\system32\dllcache\OLD8CA.tmp
C:\WINDOWS\system32\dllcache\OLD87C.tmp
C:\WINDOWS\system32\dllcache\OLD780.tmp
C:\WINDOWS\system32\dllcache\OLD6E1.tmp
C:\WINDOWS\system32\dllcache\OLD6C7.tmp
C:\WINDOWS\system32\dllcache\OLD61D.tmp
C:\WINDOWS\system32\dllcache\OLD5BF.tmp
C:\WINDOWS\system32\dllcache\OLD53A.tmp
C:\WINDOWS\system32\dllcache\OLD4B7.tmp
C:\WINDOWS\system32\dllcache\OLD410.tmp
C:\WINDOWS\system32\dllcache\OLD328.tmp
C:\WINDOWS\system32\dllcache\OLD2B8.tmp
C:\WINDOWS\system32\dllcache\OLD9E.tmp
C:\WINDOWS\system32\dllcache\OLD5A.tmp
C:\Program Files\Uninstall Ask Toolbar.dll
C:\WINDOWS\system32\SSUBTMR6.DLL

Folders to delete:
C:\Program Files\AskTBar

Registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ce47857-8582-11dc-a066-00508d9120a2}

Save this as "avengerscript.txt"

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just created, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and Combofix log.


Regards,
Your friendly Momok =)
 
it wont let me upload the HJT.log so i guess ill just post it here.
i also had few errors while trying to run avenger.
and for some reason while i was trying to upload the HJT.log dss.exe ran itself so i upload it its log cuz it ran HJT.
 
Status
Not open for further replies.
Back