Virus: I don't know what kind it is

Status
Not open for further replies.
H

HuaracheKing

Posts: 13   +0
I got this from trying to download a crack to goldwave 5.25. I should have known better than to try that without having my anti-virus updated (a careless mistake on my part) and when I tried to open the crack I immediately knew what happened.

I have windows XP, and now my windows toolbar now looks like its from windows ME or windows 2000. I can't copy and paste anything either. I also tried to install Kaspersky as well as other anti-virus softwares and it won't let me install any of them. I tried to do the 8 step virus removal that was stickied @ the top of this thread, but I can't install anything but the cleaner so I couldn't carry that out effectively. My computer doesn't run slow or anything, so I'm thinking its not that serious of a virus but I could be wrong. I've attached my log so I hope that helps. Somebody please help me out on this. I'm a DJ and my computer is my money maker. Any assistance would be greatly appreciated. Thanks in advance.
 

Attachments

  • hijackthis report.txt
    14.1 KB · Views: 7
Hello HuaracheKing

Sorry for late reply.

Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more.
Remove/uninstall from "Programs and Features" in controlpanel:
One of Your antivirus programs (ESET or Kaspersky.)

Reboot.

Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
http://www.bleepingcomputer.com/files/lspfix.php
Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
Click on -> I know what I'm doing – move - 5756687.dll to rigth pane using >>> then – Finish – button

Reboot

Then please run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply
 
Thank you so much for getting back to me.

when i try to uninstall it thru the control panel it says:

"the windows installer service could not be accessed. This can occur if you are running windows in safe mode (which i am not) or if the windows installer is not correctly installed. contact your personal support specialist for assistance"

This is the same message it gives me when i try to install stuff too. so should i try to just go into the program files and delete it manually?
 
ok....sorry it took me so long to get back to u,

but when i downloaded the windows installer from the website that you forwarded to me and since i have windows sp3 it said it wasn't compatible because that version is only compatible up to windows sp2. i then went to this website (softwarepatch.com/windows/wininstallnt.html) to try to get a newer windows installer and it gave me this message:

KB942288-v3 Setup Error
Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on the computer.

are there any other options that i have?

I know that once i'm able to uninstall and copy/paste things onto my computer, i'll be able to rid the virus with the trial version of bit defender or kaspersky (that is why you see kaspersky on my system because as soon as i saw that i had the virus i tried to install it, but it wouldn't let me run a scan).
 
Download Dial-A-Fix to desktop
http://majorgeeks.com/Dial-a-fix_d4899.html
Choose one of the servers at majorgeeks
And extract it to a memorable folder.

Step 2:
These options should repair the issue at hand.
Run Dial-A-Fix and locate the “Fix SSL/HTTPS/Crytography” section of the .
Step 3:
Make sure all options in this section are ticked.
Step 4:
With all the check boxes ticked, press the GO button and let Dial-a-Fix work.

Reboot
 
ok.....i did that and i still recieved this message

"the windows installer service could not be accessed. This can occur if you are running windows in safe mode or if the windows installer is not correctly installed. contact your personal support specialist for assistance"

please don't tell me that your next step 4 me is to reformat my hard drive
 
ok. well that helped me out with getting the msiexec uninstalled so that i can reinstall it, but now it won't let me install the latest version of it. when i tried to re-install msi, it gave me this message:

KB942288-v3 Setup Error
Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on the computer.

if i can bypass that, or at least get my computer to copy and paste, i KNOW i can beat this virus. what to do now?
 
That´s odd. See if you can run combofix, it don´t need to be installed ->

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
 
man....u're helpin me out a whole lot. even tho we haven't solved the prob in full yet, i just want to thank u. but here's the log u asked for
 
I have a bad feeling about this.

Rightclick on the below files - Properties, and tell if they are Microsoft files ?
c:\windows\system32\user32.dll
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
 
it says that they're all MS apps....and since we're both online u wanna talk thru a messenger or something....only if its easier 4 u
 
I don´t use messenger or any other chat program ;)


Run a scan with HijackThis. Check the following and hit 'Fix checked'
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Raul\uumcdg.exe \s
O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll
O4 - HKLM\..\Run: [kalfr] C:\WINDOWS\system32\kalfr.exe \u
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work
O4 - HKCU\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')


Reboot to safe mode ->

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
.
Show hidden files and folders.
Click Start button, then go to Programs, Accessories and click on Windows Explorer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading please check Show hidden files and folders.
Uncheck the Hide protected operating system files (Recommended) option.
Click Yes to confirm.
Click OK.

Find and delete these files (if present)
c:\windows\system32\5756687.dll
C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe
C:\WINDOWS\system32\kalfr.exe
C:\Documents and Settings\Raul\uumcdg.exe
C:\WINDOWS\system32\sdrgfcvbf.dll
C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe


Delete this folder:
C:\Program Files\Viewpoint

Reboot, attach new hijackthis log and tell how things are running ?
 
touch said:
Run a scan with HijackThis. Check the following and hit 'Fix checked'
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Raul\uumcdg.exe \s
O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll
O4 - HKLM\..\Run: [kalfr] C:\WINDOWS\system32\kalfr.exe \u
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work
O4 - HKCU\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [InetChk] C:\DOCUME~1\Raul\LOCALS~1\Temp\ms1242432870.exe work (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')
O4 - HKUS\S-1-5-21-1078081533-308236825-682003330-1004\..\Run: [uidenhiufgsduiazghs] C:\DOCUME~1\Raul\LOCALS~1\Temp\bx12jt49x.exe (User '?')[/B]
Click to expand...

i didn't find any of these in hijack this.....i was able to delete the viewpoint folder tho. also i none of those .dll's or .exe's were present either. so on to the next step......oh yhea....i attached the new HJT file as u asked
 
Great -

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
 
here is the now combo log.....

just so you know tho....i still cannot connect to the internet, copy/paste, install/uninstall programs.
 
I don´t think your problems are virus related, I´ll therefore suggest you check for corrupted or missing system files.

Click Start > Run and type sfc /scannow and the click OK.
Note the space between the c and the /
You may need your Windows XP CD so have it ready.
If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD. This can be done with a borrowed CD, if you don't have one.
Allow the scan to run and when completed, reboot the system.
 
ok....well i don't know if i have the xp cd. i may have to look for it. and it has to do with a virus somehow, someway....i have windows xp and my toolbar looks like its from windows 2000.

but i ran the scan and it took about an hour and some change, and after it finished i rebooted and nothing really happened. it didn't ask me for the xp cd or anything like that, and my cpu is doing the same things
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
Jess_123
My num pad + doesn't work ...
Replies
0
Views
282
Jess_123
Jess_123
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
315
Nelson28
N

Latest posts

Back