Bugged Out

Status
Not open for further replies.

Marvin

Posts: 50   +0
My computer after an upgrade into a new box has picked up some nasty little bots and I really ought to do a full reinstall, but i'm very nervous about it and would like a step by step talk through.

I don't want to loose all my software, email and bookmarks.

How should I go about it?
 
Let`s see if we can get rid of the viruses/spyware. If we can, you might not need to reformat etc.

Go HERE and follow the instructions exactly.

Post a fresh HJT log as an attachment into this thread, only after doing the above.

Regards Howard :)

This thread is for the use of Marvin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Update on scans ...

Update so far ....
In sequence :
1) Kaspersky gave a report highlighting 21 items but seemingly did nothing about what it found. (?)
2) support.f-secure scrubbed 8 items
3) Bitdefender ran all night and scrubbed a ton of junk out. But admitted my computer was still infected.
and ....
Housecall.trendmicro does not want to work on either IE or Firefox. The applet (hc.applet.implementation) cannot or will not load.
 
D:\Programmes\downloads\Paint_Shop_Pro_7.02_and_Animation_Shop_Pro_3.02_by_Morglum.zip/Psp 7.02 & Asp 3.02 Crack.exe

Uninstall/Delete the above it`s infected.

Then follow the rest of the instructions and post a fresh HJT log.

Regards Howard :)
 
Done that.

Ran all the bug fix programmes and a HJT + fixed the requisite files.

Slowly getting there. A number of programmes are not installing on bootup anymore - Avast! and the Sound Manager Programme (currently running in silent mode) and for some reason my internet connection keeps dropping out.

Restarting to run another HJT programme, that should be that.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Microsoft Telecoms Center

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

nrcs.exe
xpfilesys.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\userinit.exe,F:\WINDOWS\NT\nrcs.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F179D96D-1760-4427-830F-46FB5CB62A6A}: NameServer = 194.72.0.114 194.74.65.69<Only fix this, if it doesn`t belong to your ISP.

O20 - Winlogon Notify: rqrsqpp - F:\WINDOWS\

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

F:\WINDOWS\NT\nrcs.exe

xpfilesys.exe Search your system for this file and delete all instances of it.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Marvin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Done all that, got the sounds driver reinstalled, still dropping the internet connection and I think I need to reinstall Avast (or leave Ewido in it's place?)

New HJT log ....
 
Your HJT log is clean.

You shouldn`t replace Avast with Ewido. Ewido is not an antivirus programme. It is mainly an anti trojan programme.

As for you connection dropping out, I suggest you contact your isp and see if they are having any problems in your area.

Regards Howard :)
 
Thanks!

Thank you very much Howard, you are a star!

I have a feeling it's something my son did when he reconfigured everything, sadly he's out of the country right now.

The connection has been behaving for the last couple of hours .... (famous last words ....)
 
Status
Not open for further replies.
Back