Some preliminary help, thank you!

Status
Not open for further replies.

jennp

Posts: 6   +0
hello everyone! I've been reading through these threads trying to look for an answer to my problem but I realize that everyone is about ten steps ahead of me, so I hope I can get a few answers before I take any further steps.

I know very little about computers so I am afraid of taking any "preliminary removal systems" steps. I've only gone about as far step 2 (running a free anti-virus software that I downloaded the night before). But hopefully if you could tell me if my problem is even one concerning viruses, I'd know a little more about what to do next.

My problem is this: When I try to open up my harddrive (not C:\ but an extra one, not external), it freezes. I got a message saying that my virtual memory is low. I checked the task manager and sure enough, when I try to open up that hard drive, the virtual memory goes up and up reaching as far as 1.5 gb, before I "end program" - though it takes a while even for that to work. I've ran the anti-virus software and ad-aware but even what it did find and quarantine, didn't seem to help much, since I still have the same problem. :(

Does this sound like a virus? And if so, would someone with limited computer skills (me) be able to understand beyond step 2 of what to do? :eek:

Please advise. Thank you so much.

-jenn.
 
Hello and welcome to Techspot.

What you`re describing may well be caused by a virus and I urge you to follow the instructions and post the requested log files.

Regards Howard :wave: :wave:

This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
update - stuck on step 13

Okay. I've made it up to step 13, but I'm having problems after booting into safe mode. I've gone into safe mode under my normal user name, but when I double-click on my antivirus program, it doesn't do anything (it seems to load for a bit, the hourglass icon, but then...nothing).

What should I do?

Also - I've been booting into safe mode using the "system configuration tool method" (going through run - msconfig) because I can't get the F8 way to work (it just says keyboard error and my mouse and keyboard do not work).

I've also done the second part of step 13, which is to show all files and folders.
 
Happy Thanksgiving Howard!

Is it okay then, to run Step 14, (SS&D, Ad-Aware, and AVG) all in normal mode? I noticed that at the end of Step 14, it says to "reboot into normal mode and rehide your protected OS files).

-Jenn
 
Hello again

Here are the log files...

And the Panda Antirootkit scan came up as:

Rootkits detected: 0
Removed: 0
Sent to Panda: 0

Thanks again!
 
Go to add remove programmes in your control panel and uninstall anything to do with(if there).

viewpoint
viewpoint toolbar
viewpoint manager
BSplayer_WhenUSave_Installer

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:


File::
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\tmp.txt
C:\WINDOWS\SYSTEM32\bdod.bin
C:\WINDOWS\SYSTEM32\bdss.log
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\SYSTEM32\TZLog.log
C:\WINDOWS\unins000.exe

Folder::
C:\Program Files\BSplayer_WhenUSave_Installer
C:\Program Files\Viewpoint
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BSplayer_WhenUSave_Installer"=-


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard :)

This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That all looks good.

Click start/run and type combofix /u into the run box and hit the enter key. That should delete Combofix and all it`s folders etc.

Have HJT fix these entries, if you don`t recognise them.

O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab

O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab

O16 - DPF: {BFE40CC2-CE88-4684-9F90-E9D43A832DCE} (DSNFileUpload Class) - http://gamerich.gemmir.com/arcade_module/arcade.cab

O16 - DPF: {CA9C7127-7147-4A28-B297-5C36B0B3CE58} (p3skaset Class) - http://cyaod.cyworld.nate.com/player/aod/dll/p3skaset.cab

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of jennp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you so much for all your help!

I still had the problem after all that, but I deleted some files that I downloaded recently (around the time that this started) and it seems better now. But through this process I found a LOT of viruses and spyware that I normally would not have noticed.

Thanks again!

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.
 
Status
Not open for further replies.
Back