1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

I need help with dug-in viruses!

By kittengod094 ยท 19 replies
Feb 27, 2008
  1. i am once again typing thru my Wii and that means no HJT log or any internet. my problem is this: i have done a destructive recovery FROM THE MANUFACTURE'S DISK 8 TIMES and some virus still manages to live. i refuse to plug in anything besides my mouse, keyboard, and monitor for fear of even worse infections. I need to know of any way ANY WAY of killing this virus. I notice that there are 2 files labeled WMsysprx.prx and WMsys9prx.prx in my WINDOWS folder after every recovery. is this the help assisstant virus? i know the basic CP commands and such, so using that to clear my HD isn't a problem if i can get some instruction. please help me! another thing that i've noticed is MANY svchost.exe's running and if i end them, the comp attempts to shut down (and yes i know about shutdown -a). i really need help! if i must connect to the net, i can but only if it's really neccassary. another thing: is it bad to have a file called reglocs.old in my WINDOWS folder after reformat? it sounds like a bad kind of file...dunno why. i've also seen QTFont.for and .qfn so those don't sound right either. i see some wia[debug, servc].doc and in the TEMP folder there are folders that all lead to desktop.ini
    i'm probobly over-reactting, but i dunno what to think anymore! help!
  2. CCT

    CCT TS Evangelist Posts: 2,610   +6

  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,774

    Not a bad idea to wipe the drive if you are having that many issues. Especially since there are no garuntees that we can remove 100% of the infection. I agree with CCT

    Just curious, what anti-virus is installed? and has it been ran from safe mode?

    Those 2 backdoor trojans you mentioned are pretty common and should be in your anti-virus definitions. Well, one of them is but I would think it would pick up on both.

    If you are going to wipe the hard drive anyways, can you please upload the WMsys9prx.prx file to virus total.

    Upload a File to Virustotal
    Please visit Virustotal found HERE
    • Click the Browse... button
    • Navigate to the file C:\Windows\WMsys9prx.prx
    • Click the Open button
    • Click the Send button
    • Copy and paste the results back here please.
  4. rf6647

    rf6647 TS Maniac Posts: 823

    Great! The A-Team has arrived.

    I subscribed to the original thread from Kitt.
    The Combo Log posted here, did not name a quarantine file.
    The HJT log had no o23 listings and it listed o17 pointing to Vanderbilt.

    From the logs & posts, surmise the following:
    Dial-up ! Emachine ! XP SP1 ! Network Associates AV <corporate> !

    In one PM exchange, it was not established if data was backed to CD or memory card.

    Kittengod094 will take it from here.

    If a boot virus is a possiblity, does the bios for the Emachine have a setting to block writes to track 0?
  5. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    sorry for the delay. bed always tends to cause that =) um, so with what you're telling me, i need to connect to the net (i have dialup) and attempt to download killdisk even though the net gives the virus access? i'll try, but i dunno if its gonna work. i download things at a whopping 5.1 kb/s MAX! but i'll try. i'll report back later. in response to rf66: i use all those vanderbilt items. my mom works there so we get free virus scanner and VUaccess. those arn't viruses.
  6. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    My Update

    Okay, this is from my computer now and I just wanted to let you guys know that I've finished downloading Killdisk so, for fun and to let you all see what was on my system, I'm posting a HJT and CCleaner log. Please don't tell me what is wrong with my computer, because I really don't want to know. I'm going to run Killdisk and rid of this virus once and for all. I'll run these scans after my disk-killing: HJT, CCleaner, Combofix, SS&D, and Smitfraudfix. I'll post those programs logs when I can get my internet back up. Thank you guys for your impossibly helpful advice and I'll see you on the clean side!
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,774

    So you know for future reference.

    Besides having good anti-virus, firewall, antispyware programs

    It is important to keep up with updates. You are still on XP SP1, there were many critical security updates since SP1 that you don't have access to. It's all free, besides a small investment of time. Your Java Runtime is also out of date, updated version usually include protection from newer attacks.
  8. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    blind drag, i reformatted my comp, so of course it's got SP1
  9. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    bad news, killdisk didn't work. my comp hung and i had to reboot, but the system files were gone. killdisk got to 65%. i just reformatted and the virus is still there... any more ideas guys?
  10. CCT

    CCT TS Evangelist Posts: 2,610   +6

  11. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    okay, this became far too complicated. i'll restate my question for you all. is there any way to COMPLETELY erase ALL files and stuff from my hard drive that is FREE. i am no longer worried about saving ANY files and i just want a normal, reformatted, virus-free computer to play games n' such on.
  12. rf6647

    rf6647 TS Maniac Posts: 823

    Sometimes I have trouble thinking outside the box!

    Get back to your last safe stop point @ 10 PM on 2-27-08.

    Keep Internet connect time to a minimum.
    After reading this post, Disconnect.  Suggest Wait of 30 minutes
    Re-connect immediately before the next step.
      [URL="http://download.zonealarm.com/bin/free/1025_update/zaSetup_en.exe"]Get the shields up - Save ZA Setup to desktop[/URL]
    On completion - Disconnect from internet.  Wait 30 minutes.
    Re-connect to Internet. 
    Execute ZA setup.  
    Save to Desktop
    On completion - Disconnect from internet.
    Execute ZA installation
    Run ZA.  
    Configure it.

    Re-connect to Internet.  ZA is protecting you.
    [URL="http://software.lsoft.net/killdisk.zip"]Just in-case, get self-extracting floppy disk zip file for Kill Disk[/URL]
    Save to Desktop
    ** Caution ** Caution ** Caution **
    Apply Windows Updates [SP 2 + all criticals]
    The actual SP 2 update needs special instructions 
    because ZA needs to be disabled
    Follow 15-step procedure [Malware Removal] again.

    Re-load applications.

    Re-load personal files.

    If all else fails - Have CPU - will travel.
    Have you considered "borrowing" a high speed connection from a friend @ VU?
  13. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    rf66, you always catch me at a bad time. i already reformatted my system again so there arn't any restore points. i still have the virus, but i do have killdisk. i DO plan on borrowing my uncle's wireless card and "borrowing" my neighbor's WIFI. my question is this: what do i do to make killdisk create a bootable process on my USB drive? i ask because it keeps failing to do so correctly and a message says that it can't load the kernal. is the kernal supposed to be a SYS file or am i forgetting to put in a file or what? if i could do this i'm sure it would work but the PDF and TXT don't help at all! also, i do not own a floppy disk drive and nobody i know does either. help would be appreciated.
  14. rf6647

    rf6647 TS Maniac Posts: 823

    Now you're cooking.

    When using neighbor's WIFI, strongly suggest that the neighbor have a good firewall installed on their computers and/or their Windows XP computers have all security updates applied. Or powered off is an absolute protection.

    Their router could have a special setting / filter (a.k.a. War Zone) to give your computer internet access, but no access to IP's in their home network.

    Consider imposing on the neighbor for an extra favor. Have them download the Kill Disk for floppy & try to 'image' it to the USB memory stick. Or have them create the bootable CD. The freeware burner did not work for me. I resurrected an old version of Nero (full featured).

    My experiment to create a bootable flash only has significance if it fails, but then we are nowhere closer to having tools in-place.

    [edit] Go to Bios setup....Tell us what setting exists for 'boot virus protection'.....Normally under 'Advance' tab. 'Enable would be preferred. Kill Disk will trigger it. Reload XP will trigger it.[/edit]
  15. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    one little problem...my neighbor HATES me...a bottlerocket flew through his window and set his curtains on fire. dunno who did it (totally was me) i suppose my persian friend Sina could help me, but he isn't home...i'll still try though.
  16. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    MY Critical Update

    Yay for Kittengod094!!! I just went out and bought a wireless desktop card (it's Belkin, if anyone cares) and I quickly downloaded the ISO for Killdisk. I then burned it and ran it all the way through. There are a few traces of this persistant virus, but I do belive that I can get rid of it for now. I am downloading a firewall and a virus scanner. This does not mean that I will not be keeping in touch. Oh no, I will be posting logs all the time, but I don't think the virus is as big a threat as it was. I want to thank you all for your hard work and all the trouble you went through with me. I want to know though: anyone have suggestions for the BEST FREE anti-virus progam and firewall? I heard AVS and Zonealarm make a great team, but I want a professional's opinion.
  17. kritius

    kritius TS Guru Posts: 2,077

    Good choice, I use AVG and comodo on one computer and Avast! and Comodo on another.
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,774

    I use AVG and Comodo as well. If I had XP though I would probably use AVG with Zonealarm
  19. CCT

    CCT TS Evangelist Posts: 2,610   +6

    Try using a Win98 boot disk and running 'format c: /u' .

    Then Killdisk again.

    Nothing should survive.
  20. kittengod094

    kittengod094 TS Rookie Topic Starter Posts: 24

    okay, well I've got to admit that the virus came back up BUT I ran Killdisk at least 20 times and reformatted and now, the symptoms are gone. I know it's still there. I'm gonna get all the CCleaner and stuff and post the logs in a while. I've now got Comodo firewall and am downloading avast 4! Home and will remove all traces of this thing. I've also downloaded the AVG Free Root-kit tool and will run that. I'm just repeating myself, but this time I think it's gone. I won't let my guard down though. so thnaks again. will be posting logs regularly until I know it's gone.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...