Monitor Screen Goes Black, computer is still on...VIRUS??

[hoPs57]

Hey, I have had the same problem as another on this website

https://www.techspot.com/vb/topic65159.html

I did all the steps, not sure if the file got on here or not?

aim is Jungleman86a

 

[Daveskater]

how long does it take for the screen to go black, are you running windows xp or vista and can you get into windows

---

i just realised your text file was a hjt log

have hjt fix these:
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

(i'm also a little bit weary about this "O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\pwttlc.exe" because not even google knows what it is but don't get hjt to fix it yet, we have to make sure it's a nasty first)

then follow these instructions

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with a variety of malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

NEWdot.NET
Click Start/Control Panel/Add/Remove Programs and uninstall: Newdot.net Application or New.net Domains
If neither is listed, download and run this: www.new.net/support/uninstall6_38.exe

Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

Windows XP Pro

2-3 minutes usually while playing a source game. Its different when I'm browsing the web, going to certain web pages or looking at certain pictures will cause it to do this.

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

that one keeps coming back after fixing it with HJT.

 

[howard_hopkinso]

You need to follow the instructions, otherwise we can`t help you.

Don`t fix anything with HJT, unless I tell you to. This is because simply fixing something in HJT doesn`t necessarily get rid of the infection.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[zipperman]

Virus fixes

Windows XP Pro

2-3 minutes usually while playing a source game. Its different when I'm browsing the web, going to certain web pages or looking at certain pictures will cause it to do this.

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

that one keeps coming back after fixing it with HJT.

There are lots of free "Virus scans"
Use them,then report results.
http://housecall.trendmicro.com/housecall/start_corp.asp
This could also be a video driver problem.
Reinstall your video and monitor drivers.
Virus's gets blamed to quickly.I never get any useing regular scans.

 

[howard_hopkinso]

zipperman: I`ve already checked hoPs57`s HJT log and his system is definitely infected with malware.

If you knew how to analyse HJT logs, you would already be aware of the infections in it.

However, just in case you`re still not convinced, here`s the lowdown on SAcc.exe.

Sacc.exe is an adware program Adware.SurfAccuracy.
Sacc.exe display advertisements.
Sacc.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\sacc\sacc.cfg
%ProgramFiles%\sacc\sacc.exe
Adds the value:
"SACC" = "%ProgramFiles%\sacc\sacc.exe"
to the Windows startup registry keys.

hoPs57 also has several other infections, including Newdot.net and an unknown trojan.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

thank you for all the help. I have completed steps 1-12 and am now posting my fresh HJT and ComboFix.txt

 

[howard_hopkinso]

No, you need to complete all steps, then post the 3 requested log files and let me know the results of the AVG Antirootkit scan..

However, the log files you have posted thus far would appear to be clean.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

the rootkit program found nothing

the rootkit found nothing, and when i tried uploading the AVG antispyware file it said is was too big (2.83 MB), but i attached the HJT file from step 15.

i know i am multiposting. sorry. now i edited the AVG file do make it smaller, i went threw and deleted all the cookies and left the virus stuff.

now i was browsing and everytime i go to the Nvidia site to try and find a new version for my drivers it goes black(wasn't going to download any of them, just checking for updates).

http://www.nvidia.com/content/drivers/drivers.asp

I choose.....Graphics Driver/GeForce 6 series/Windows XP/then hit GO

bam....it goes black everytime.

here is the first assurance of newdotnet virus thing. which is about the time this started happening.

i typed this eventvwr.msc in start/run/OK

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Your HJT log is clean.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

did everything you said. here is the file you requested.

 

[howard_hopkinso]

Run the Avenger again, but this time use the script that`s attached to this post.

Post the resulting c:\avenger.txt.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

here you go.

 

[howard_hopkinso]

That`s great mate, it looks like you`re good to go.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[hoPs57]

thanks i appreciate all the help....however it still goes black when i go to Nvidia, so i am assuming that either there is still a virus on this laptop or there is something wrong with my Nvidia drivers.

 

[howard_hopkinso]

I`m fairly convinced, the problem you have left is not malware related.

Therefore, I think it`s far more likely to be driver related.

I suggest you open a new thread in our Audio and Video forum.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[zipperman]

Clean your system

zipperman: I`ve already checked hoPs57`s HJT log and his system is definitely infected with malware.

If you knew how to analyse HJT logs, you would already be aware of the infections in it.

However, just in case you`re still not convinced, here`s the lowdown on SAcc.exe.

Sacc.exe is an adware program Adware.SurfAccuracy.
Sacc.exe display advertisements.
Sacc.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\sacc\sacc.cfg
%ProgramFiles%\sacc\sacc.exe
Adds the value:
"SACC" = "%ProgramFiles%\sacc\sacc.exe"
to the Windows startup registry keys.

hoPs57 also has several other instfections, including Newdot.net and an unknown trojan.

Regards Howard

This thread is for the use of hoPs57 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

You said it : Don`t fix anything with HJT,
I don't read them,or ask for help.Sorry if my success is hard to grasp.
I see no point in reading logs since the problem indicates removeing the cause of this,or reinstalling Windows.I solve my problems,witch are few,by regular maintenance.
You say you know the problem,suggest a cure.
I suggested a cure. He has nothing to lose by virus and other scans.