Lots of viruses
- Thread starter Timmyf
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Looks like it deleted a load of crap.
Now do the following exactly.
Run the ISTbar removal tool.
Run the Ccleaner programme.
Run AVG Antispyware scan and post the log, only if it finds anything.
Delete all Combofix logs, then run Combofix and post the new log.
Let me know what problems you`re still having, if any.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Now do the following exactly.
Run the ISTbar removal tool.
Run the Ccleaner programme.
Run AVG Antispyware scan and post the log, only if it finds anything.
Delete all Combofix logs, then run Combofix and post the new log.
Let me know what problems you`re still having, if any.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hello howard, sorry about the late reply..
I don't go on as much during the weekdays.
I did a repair install - Some things are still a bit dodgy, i will possibly be getting a new rig in 2-3 weeks.
Thanks for all the help.
I also think i have a virus..
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
Tried deleting it but it comes back
I don't go on as much during the weekdays.
I did a repair install - Some things are still a bit dodgy, i will possibly be getting a new rig in 2-3 weeks.
Thanks for all the help.
I also think i have a virus..
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
Tried deleting it but it comes back
howard_hopkinso
Posts: 21,238 +17
You`re quite right, the mousecrm.exe is indeed a virus. Please post a fresh HJT log.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Here we go..
Also , after i did repair install.. My pc isn't detecting my GPU, so when i try to install new drivers. It sais something about not being compatible with your hardware :|
For eg. when i scroll down in mozilla, it flashes as if im in safe mode
Also avast is detecting alot, i will post + edit its findings here.
C:\Documents and settings\Georgie\...\lo1[1]
Is the trojan horse TR/vundo.gen <Fixed
C:\Windows\System32\iiiii.dll
Is the trojan horse TR/vundo.gen <Fixed
C:\WINDOWS\system32\spoolvc.exe[
Name: Backdoor.sdbot.aad
Risk: High, Found by avg anti-spyware
C:\Documents and Settings\....\acid[1].exe
Is the trojan horse TR.Crypt.ULPM.gen
C:\msetss.exe
Is the trojan horse TR.Crypt.ULPM.gen
Also i decided today that i will be splashing out a bit on the new pc
Thanks, Tim
EDIT: Running vundo fix now, silly me (Found 3 so far)
Also , after i did repair install.. My pc isn't detecting my GPU, so when i try to install new drivers. It sais something about not being compatible with your hardware :|
For eg. when i scroll down in mozilla, it flashes as if im in safe mode
Also avast is detecting alot, i will post + edit its findings here.
C:\Documents and settings\Georgie\...\lo1[1]
Is the trojan horse TR/vundo.gen <Fixed
C:\Windows\System32\iiiii.dll
Is the trojan horse TR/vundo.gen <Fixed
C:\WINDOWS\system32\spoolvc.exe[
Name: Backdoor.sdbot.aad
Risk: High, Found by avg anti-spyware
C:\Documents and Settings\....\acid[1].exe
Is the trojan horse TR.Crypt.ULPM.gen
C:\msetss.exe
Is the trojan horse TR.Crypt.ULPM.gen
Also i decided today that i will be splashing out a bit on the new pc
Thanks, Tim
EDIT: Running vundo fix now, silly me
(Found 3 so far)howard_hopkinso
Posts: 21,238 +17
Download Vundofix from HERE.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the filepath you need to enter into killbox.
C:\WINDOWS\SYSTEM32\ddcaxwu.dll
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Mouse Cursor Monitor (mousecrm)<Disable the service name and/or the name in brackets.
Task Client Manager
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
spoolvc.exe
mousecrm.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - Winlogon Notify: ddcaxwu - C:\WINDOWS\SYSTEM32\ddcaxwu.dll
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Task Client Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\System32\mousecrm.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.
Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.
This is the filepath you need to enter into killbox.
C:\WINDOWS\SYSTEM32\ddcaxwu.dll
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Mouse Cursor Monitor (mousecrm)<Disable the service name and/or the name in brackets.
Task Client Manager
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
spoolvc.exe
mousecrm.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - Winlogon Notify: ddcaxwu - C:\WINDOWS\SYSTEM32\ddcaxwu.dll
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Task Client Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\System32\mousecrm.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of --Timmy-- only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
AricCougar
Posts: 26 +0
Same issue?
I think i may have the same issue as this user. Am i allowed to post to this forum? I found iiiii.dll.
I think i may have the same issue as this user. Am i allowed to post to this forum? I found iiiii.dll.
Blind Dragon
Posts: 3,774 +4
Please don't post in this thread anymore it was for the use of --Timmy-- only. The instructions given were for this user only
hahahahahahah
i just checked my emails and saw that i was subscribed to this thread still... lol !
Anyways i haven't gotten a virus since formatting and starting off with a clean system and looking after it.
-Need a decent av
-Need a decent firewall
-Be cautious all the time.
Also, why was howard banned?
i just checked my emails and saw that i was subscribed to this thread still... lol !
Anyways i haven't gotten a virus since formatting and starting off with a clean system and looking after it.
-Need a decent av
-Need a decent firewall
-Be cautious all the time.
Also, why was howard banned?
- Status
Similar threads
Latest posts
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
-
Google is cracking down on third-party apps that block YouTube ads- Athlonite replied
-
New charging algorithm could double life of li-ion batteries- Endymio replied
