My pc has a problem..

[baok]

hi.. ok.. at first my c: drive cant access by double click as i will have C:\Bha.dll.vbs error.. my task manager, folder option and run cant be access.. then i decided to run flash disinfector by sUBs and everything seems went to normal.. however i dont want to take anything for granted so i run hijackthis.. and here's my log..

hope i can get advices from experts here,,,

thanks

 

[bushwhacker]

Can you please edit this out and attach the HJT log on your post?

 

[Daveskater]

Hello, baok, and welcome to Techspot :wave:

Please take a look at the following threads to make your experience here as enjoyable as possible

Message for all newcomers

SNGX1275's Guide to making a good post/thread

The Techspot FAQ

If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum
Knowing someone's location in the world can be extremely helpful, even if you just put a country.

Also remember to post any problems or questions that you have in the appropriate forums

With regards to your problem and log, please attach your log, as bushwhacker has said, as per the instructions here

 

[baok]

hi.. thanks for the reply.. currently reading the instruction and will post here based on the instruction given..

hi.. here is my HJT log... (attached as hijackthis.log)

-edited
My PC spec.. if that is helpful

Intel Celeron Tualatin
Unknown brand motherboard
256mb SDRAM PC-133
Onboard video
Win XP
Stock Cooling
Cheapo Casing and PSU


hi.. do I need to run antivirus/antispyware program first?

thanks

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baok]

hi..
1. I did AVG antispyware scan and it detected some crapware and delete it.. however, i fail to find the logfile..

2. I then decided to install Symantec Antivirus Corporate Edition and run updates and a full scan, it detected nothing.

3. Then I decided to uninstall Adobe Acrobat Professional 7 and restart the computer.. The system then "hang" for a while during restart..

4. I entered safemode and run combofix.. the system then restart and when it enter normal mode, the system hang (or very slow) again.. then I determined that DoScan.exe was the culprit.. so I uninstall the Symantec Antivirus again..

5. I run hijackthis and compile the log with combofixlog in this post

6. I'm apology for the late reply.. as I watch Man Utd vs Dynamo Kiev but I'm a Liverpool supporter though...

-edit-

7. I just finished run Panda AntiRootkit and it detected nothing...

and now may I know what should I do?? Thanks for the advices

-You'll Never Walk Alone-

 

[howard_hopkinso]

I don`t know what possessed you to install Norton, but that wasn`t a very smart move as it`s total crap.

I suggest you uninstall Norton asap.

Then install one of the following AV and Firewall programmes.

AVG free or Avast antivirus programmes.

Zonealarm Kerio or Comodo free firewall programmes.


Once you`ve done that, do the following.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Data0.Net Software
Portable Antivirus

Close control panel.


Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::

Folder::
C:\Program Files\Data0.Net Software
C:\WINDOWS\system32\n8127
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAVAgent"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"y3114SYS"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baok]

hi.. i'm apology for my late reply, i read your post about two hours ago but downloading and updating both avast and zone alarm was painfully slow.. here's what i did

1. downloaded both zone alarm and avast home.. and updated avast..

2. run combofix as per instruction

3. run hijackthis..

both HJT log and combofix log attached..

so.. is there any step next?

thanks

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Click edit and choose find. Type y3114SYS into the dialogue box and click the find next button. Regedit will now search your registry for any entries that contain a reference to y3114SYS and display them in the righthand pane. Right click on any such y3114SYS entries and choose delete.

Now click edit again and choose find next. Again, delete any entries that reference y3114SYS.

Repeat the above, until no more y3114SYS entries are found.

Close regedit.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baok]

hi.. here's what i did..

1. boot into safemode, run hijackthis and fixed those two entries

2. do the unhide files and folders including hidden and systems

3. looked for "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\dv6191700x" file but it wanst present.

4. open regedit and looked for y3114SYS but wasnt present either.

5. run Hijackthis and post the log attachment.

the pc is much better than before.. any other steps to be taken??

thanks

 

[howard_hopkinso]

All clean mate.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of baok only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[baok]

hi.. i've done with the system restore.. so, can i close this thread now?

thanks a lot for helping me howard.. really much appreciated..

thanks and regards
-baok-

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.