1.reg malware HELP ME!!!

Status
Not open for further replies.

shivmister

Posts: 55   +0
well everytime i still start up my computer I get a message from Avast saying I have a virus VBS: Malware [Gen]. When I try to move to the chest in Avast it comes back next time I restart my computer, the location of the file is C:\DOCUME~1\SHIVAN~1.PC7\LOCALS~1\Temp\1.reg. i had no luck with the preliminary steps.. i tried running all the different scans i have, but nothing seems to fix it. here is my hijack this log, avg log and combo fix. let me know if more is needed.
Also, the avg rootkit did not find anything. it said everything was fine.

On another note i have pop ups saying that my windows explorer is notworking properly. it asks me whether or not i want to send this message to microsoft. it comes up everytime i open up a certain folder where i hold WRC race videos. after i say yes or no to sending the message, then i get a pop up saying that a Dr Watson something or other program has an error and ask's me to send error report to microsoft. wen i press send or not send it freezes my screen till i Ctrl+Alt+Delete the folder from my processes. Also, it seems that my internet has slowed down and sometimes does not load pages, it take forever. this has never happened to me before. can u tell me if i am suffering from the same problem or is thre multiple problems. Also plz tell me the best cource of action. i would prefer not to reformat the harddrive if possible, but will if absolutely necccessary.
as i said above i have attached the latest highjackthis, avg, and combo logs.
Thank You for ur help!
EDIT: sorry forgot to upoaad the logs. here they are now.
 
re-do it with no programs running apart from hijackthis!, ok.
Also you renamed hijackthis.exe to crusty.exe.exe(i think)
It needs to be just Crusty.exe
Someone will then com along and sough it all out ok
 
new repots

i am posting here the latest highjack this report and a ewido report, if it will help. it removed some more stuff so i thouht it pertenent to share it with you. also i am attaching the smitfraudfix rapport file.
Thank You for helping!
 
your now running hijackthis in a temp folder. install anywhere except desktop and temp folder, rename the .exe, not the shortcut, and call it crusty.exe.
 
hopefully this right. i ran it from program files folder. and renamed the .exe to Crusty.exe. tell me wat u think.

plz someone help me. i need to know whether reformatting is my only course of action. Thank you
-shivmister

someone plz help me my internet is now going haywire. it works for 5 mins and then it dies out for 10mins. it is really annoying. plz help me, i feel the virus i hav is muitating.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Toolbar

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service
MSUpdater

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

System32i.exe
ViewpointService.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MSUpdater] System32i.exe

O4 - HKLM\..\RunServices: [MSUpdater] System32i.exe

O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.proxy.cc.uic.edu/lib/uic/support/plugins/ebraryRdr.cab

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\System32i.exe
C:\Program Files\Viewpoint<Delete the entire folder.
C:\Program Files\Common Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs.

Regards Howard :)

This thread is for the use of shivmister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
thank you very much howard i will do this and post up fresh hjt file.

THANK YOU VERY MUCH :) !!!!!!!
I did everything u said, and now wen i rebooted my laptop, there was no avast pop-up. jus a few things, some of the steps u listed there was noting in the those places. is that good or bad. secondly, i attached a fresh HJT log let me know if anything else i need to do. Also. would u suggest i reformat my comp, anytime soon.
Again THANK YOU VERY MUCH!!!!!. I was getting scared.
-shivmister
 
Your HJT log is now clean.

However, I asked you to post a fresh Combofix log as well. Please do so in your next reply.

Don`t worry that you couldn`t find all the items I asked you to delete. That`s why I said(if there). This is perfectly normal.

Regards Howard :)

This thread is for the use of shivmister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
sorry about that did not read the directions carefully. well here is the combo fix log.
On a side note though, my avast found Combofix to be malware, a debora or something trojan. is this because its scripting, or is it malware. i tried redownloading it,but same thing happened wen i started it, i just told the comp to quarentine it. am i okay?
 
Combofix is definitely not any kind of malware, so don`t worry.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\wt3d.ini

Reboot into normal mode and rehide your protected OS files.

Other than the above your log file looks clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of shivmister only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you

For all the informative help that you have provided here, and for the fact that it worked like a charm (manual method only), I thank you. My systems had a similar problem and although you provided help explicitly for shiv_, it worked on BOTH of my systems:

AMD Socket 939 3500+ running Windows Server 2003
AMD Socket AM2 4800+ running WindowsXP sp2

Simple help, thrilling outcome.
 
Status
Not open for further replies.
Back