[Help] Msconfig, Norton, Websites wont open.

By SpoR ยท 9 replies
Sep 5, 2005
  1. think i got a virus. I can't run msconfig, load websites, or norton. I ran ad-aware,spybot, and hijackthis. they didn't fix anything. It either came from Guedit or Mame32k I recently DL'ed. Some wierd file called dl.exe kept running from dos and getting errors then i tried to run msconfig and i get this faky error reporting messages from dwwin.exe and drwtsn32.exe . Right now im using my grandpas computer to try and search for information and im finding nothing. If anyone knows anything or can help me search please do. god damn ****nig virus. ****!

    Hijack this log attached, please help.
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. SpoR

    SpoR TS Rookie Topic Starter Posts: 25

    Thats nice but how am I supposed to do any of that with not being able to go to websites? As i said before im on a different computer right now. I already posted my hijackthis log as an attachment. Did you even read my post?

    Ayways I figured out that when I load any program this virus copies that program and uses it to put the dl.exe in that programs folder. What a scandalous piece of ****. That is what was causing my firefox to not load webpages. I had so many duplicate programs running it was taking up too much resources and there was no room to load websites.

    So now that im on my comp im updating trendmicro scan right now and its taking forever with 56k. I think it froze wtf.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    My advise is based on the crap in your log. An outside scan as from TrendMicro is your best bet if your own programs dont work.
  5. SpoR

    SpoR TS Rookie Topic Starter Posts: 25

    I ran both panda and trend micro scanners and updated their crap which took around 4000 hours on 46.6k (verizon sucks) and when i finally get to clean the files the all my programs close. Before I get to enter my info for their ticket bull**** it closes everything, wtf. I even have task manager open and im closing all the duplicate programs that the virus opens so I only have 15-20 processes at one time. What else can i do?, this isn't working..

    Oh yea and the virii that I have are PE_TENGA.A and TROJ_TENGADL.A

    Heres what trend micro's descriptions are:

    This virus spreads via network shares. It retrieves the first three octets of a host machine's IP address. It then generates the fourth octet from 1 to 255 and scans the whole network for writable shared folders using port 139. Once found, it searches for executable (.EXE) files and infects them.

    Upon execution, it downloads the malicious file DL.EXE from the Web site utenti.lycos.it/vx9. Trend Micro detects the said file as TROJ_TENGADL.A. This downloaded Trojan, in turn, downloads the file GAELICUM.EXE, which Trend Micro detects as PE_TENGA.A-O.

    The file detected as PE_TENGA.A-O is the mother file infector of this virus. It attempts to connect to the site vx9.users.freebsd.at. While doing this, it also spawns a remote command prompt.

    This file infector, PE_TENGA.A, uses either the appending type or cavity type of infection to infect files. It checks the last section of the host file for unused space. If the said space is greater than this virus' file size, it uses cavity infection. Otherwise, it simply appends its viral code at the end of the host file.

    Some files contain extra codes at the end of their last section. This virus overwrites the said section with its codes. As a result, the files become corrupted.

    It infects all .EXE files it finds in all of the system's folders. However, it avoids infecting the file NTOSKRNL.EXE. This file infector can execute at every system startup if the file it infects has autostart capabilities.

    This virus also checks for its infection marker "V" to avoid reinfecting a file. It also makes sure that only one instance of itself is running on the infected system's memory by creating the mutex gaelicum.

    It runs on Windows 95, 98, ME, NT, 2000, and XP.


    This memory-resident Trojan searches for an Internet connection on the system. If a connection exists it then accesses the Web site, utenti.{BLOCKED}lycos.it/vx9/, and proceeds to download the following files:

    * CBACK.EXE - detected by Trend Micro as BKDR_CALLBACK.B
    * GAELICUM.EXE - detected by Trend Micro as PE_TENGA.A

    It then executes these malware after the download process.

    This Trojan creates the following registry entries to ensure the automatic execution of the downloaded malware at every system startup:

  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Try to run the free Malware Scan from http://www.ewido.net/en/, bottom left.
    If they can't sort it out, I think a format/reinstall from scratch is in order.
    Hopefully you have backups of your personal files...
  7. SpoR

    SpoR TS Rookie Topic Starter Posts: 25

    That didn't work either..

    This really sucks. I can't beleive there is no way to fight this post infection.. Can I at least manually go through the 2062 files it infected and wipe them all out or something? I don't have backups of my files, and its like 65 gigs of stuff I don't want to lose. It seems to only infect the .exe files. Will it be safe to transfer files to an external hard drive as long as they aren't .exe ? The worst part about this is I stayed up all night all updating and downloading crap that was telling me this virus is a low or medium threat. The only removal information for it I found with google was to run norton or other antivirus software, they don't tell you that once you have the virus corrupting all your damn .exe files you can't run any antivirus sh!t. There has to be some other way then reformatting. I'm willing to try anything at this point. PM if you have any not-so-legal methods of dealing with this.
  8. Tedster

    Tedster Techspot old timer..... Posts: 6,002   +15

    feel for ya..... always backup and have a reversion program like GOBACK or Norton Ghost, or even Windows backup.
  9. SpoR

    SpoR TS Rookie Topic Starter Posts: 25

    Ok, i got advice from somewhere to slave my HD on anothe computer and run virus scanners from the master HD to clean out my system. It worked! So i reinstalled my HD and now when i load my computer it gets to the point where there is the blue windows login screen ( the one with adminster, guest, etc.) then the monitoor flickers and says no signal.

    So i booted up in safe mode, and most my programs still work, and the colors arent all ****ed up so I don't think its a hardware issue. I was thinking maybe the vcleaner.exe deleted some crucial .dll or .exe files. If so how can i reinstall them without reformat?
  10. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Click on Start/Run and type in sfc /scannow and click OK. Keep your Windows-CD handy for any replacements that scan may make.

    That was a risky move to put the HD in another PC. Anyway, glad it worked for you.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...