Extreme Virus Problem - Would not let me do the eight steps

Status
Not open for further replies.

vernonv

Posts: 6   +0
Hi Techspot,
I have a pretty problematic virus going on in my computer and the symptoms are as follows;

• Random audio clips playing that I’ve never ever heard of every 30 mins or so
• Google ALWAYS redirecting me to other sites
• Computer sometimes would freeze during the boot right before it gets to the password screen
• Nero can't recognize my CD Drive saying "no devices detected"
• Got a warning message saying Adobe has stopped a potentially dangerous file from playing
• During shutdown, an error message pops up with the heading vsmon.exe

In regards to the 8-step Preliminary Removal Instructions, I could not complete many of them because:
• Malwarebyte will NOT respond and cannot be reinstalled
• When trying to install SUPERAntiSpyware, an error message states that “SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience”
• I didn’t DL and install Hijack This because it said to “Only do this step after completing the previous steps”

I know how important these logs are to diagnose the problem but my computer simply will NOT let me do them. Any help would be extremely appreciated. Thanks in advance!

UPDATE: Symptoms
 
So, I saw in another topic where someone couldn't run the 8 steps as well and one of the experts suggested to run combofix so I tried it. However, when I did it gave a warning to turn off AVG but AVG was already off. It gave the warning again to turn off AVG so I restarted the computer unsure of what to do. Should I just run the program anyways?
 
Okay I ran Combofix and I think it found a lot of rootkits and malware but I don't know if it removed everything. Here's the Combofix log.
 
Download: DelDomains.inf
http://mvps.org/winhelp2002/DelDomains.inf,
and save it to the desktop.

Close all open browsers
Right-click DelDomains.inf and select: Install

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {19b67035-6802-4355-8aae-5e7eb4903731} - (no file)
O2 - BHO: (no name) - {B81E9DF6-EB2C-4F9D-8DBC-9E47C25440D1} - (no file)
O4 - HKLM\..\Run: [zebuzekefe] Rundll32.exe "C:\WINDOWS\system32\norereji.dll",s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MntWeb] C:\WINDOWS\system32\tkbsbezi.exe
O4 - HKCU\..\Run: [MntAdmInfo] C:\WINDOWS\system32\henkdwhg.exe
O4 - HKCU\..\Run: [ComWinAct] C:\WINDOWS\system32\izkfgfyf.exe
O4 - HKCU\..\Run: [CmdMon] C:\WINDOWS\system32\wxifwfch.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [actmnt] C:\WINDOWS\system32\fsjibsvq.exe


Reboot. Attach new hijackthis log and tell how things are running ?
 
How exactly do I download the DelDomains.inf file from that link?

And the computer is running much better now, thanks!
 
That´s good news :)

Looks like you are using firefox ? Then, rightclick on the link - save as.
 
Okay I ran HJT again and I only found the first two files listed and removed it. Here's a new log and thanks once again! The computer is running better than ever!
 
Clean log - good job :)

Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Click START then RUN
Now type Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?

Keep safe :wave:
 
Status
Not open for further replies.
Back