Computer infected with virus.

By sedarati ยท 6 replies
May 1, 2006
  1. Computer infected with virus. :(

    I have contracted this stupid viruses which is locking various windows explore features like right click and also getting pop ups and tray icons etc the usual crap

    Beneath is my hijackthis log hope someone can help really need to fix as my deadlines are soon and im ****ed otherwise so if theres any body who can help be blow this virus up please help :)
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
  3. sedarati

    sedarati TS Rookie Topic Starter


    sorry my bad
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem.

    I`ve also changed your thread title, to something more appropriate.

    Regards Howard :)
  5. sedarati

    sedarati TS Rookie Topic Starter

    Computer still infected with a virus. :(

    Have spent all night doing all the stuff recomended before posting these logs which i hope someone can help me with i have got rid of some parts of the virus but defintly sum still remain. the tray icons have gone but still sum dodgy proceesses running and still getting pop ups Please Help:(

    Im using windows Xp sp2
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type regsvr32 /u C:\Program Files\Intel\medonuga.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

    O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
    O2 - BHO: (no name) - {18FD6F09-0224-4817-B919-80E00EBE029A} - C:\Program Files\Intel\medonuga.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: clsemixer.MyBHO - {898827FA-0AE9-4F7A-ADD9-1E7CE37CF4B0} - C:\WINDOWS\system32\clsemixer.dll (file missing)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

    O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard16.exe
    O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad16.exe
    O4 - HKLM\..\Run: [newname] C:\windows\newname16.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [POlNTER] POlNT32.EXE
    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

    O15 - Trusted Zone: *
    O15 - Trusted Zone: * (HKLM)

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\Program Files\Intel\medonuga.dll
    POlNT32.EXE You will need to search your computer for this file. Probably it is in the Windows or system or system32. folders.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
  7. sedarati

    sedarati TS Rookie Topic Starter


    Thanks for the fast and effective help :)

    attached a little picture for u :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...