i got myself some sort of virus, the red circle with the white X in my tool bar that keeps popping up saying my computer is infected! i tried to delete it myself but it keeps showing up. i tried to run ewido but it wont run. it wont even let me run HJT so i cant post a log right now. any help is appreciated
Your computer is infected
- Thread starter sublime90
- Start date
kritius
Posts: 2,077 +0
Hi sublime90, :wave:
I need you to follow all the steps HERE and then post back with the three requested logs as attachments
Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Good luck and welcome to techspot.
This thread is for the use of sublime90 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I need you to follow all the steps HERE and then post back with the three requested logs as attachments
- AVG antispyware
- ComboFix
- Hijackthis (step 15)
Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Good luck and welcome to techspot.
This thread is for the use of sublime90 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
try gettin avast antivirus and let it detect the stuff. Also WINPATROL is very good it shows all your startup programs bho's services and much more and its free and very popular. www.winpatrol.com you could try seeing if winpatrol finds it in the startup then disable it and delete. Hope this helps.
kritius
Posts: 2,077 +0
I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.
Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.
Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
o Extended (If available, otherwise use standard)
o Scan Options:
o Scan Archives
o Scan Mail Bases - Click OK
- Under select a target to scan, select My Computer
- The scan will take a while so be patient and let it run.
- Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
- Click the Save Report As... button (see red arrow below)
- In the Save as... prompt, select Desktop
- In the File name box, name the file
- In the Save as type prompt, select Text file (see below)
- Include the report in your next post.
I had a bad time with some Viruses and spyware / malware last week too. One of then was Trojan.win32... also Some things that seemed to help me eventually get rid of it were:
1.) Build a Bart PE spyware CD with free virus tools, like McAfee Stinger and others. See irongeek.com/i.php?page=security/pebuildertutorial. Scan your drive and get rid of as much as you can. I had some trouble getting all the plugins right, so had the best luck just putting the standalone scanners on a memory stick, and making sure the BartPE had the HWPnP so it would detect the USB drive. Get the command version of scanners, McAfee stinger, hijack this, and whatever else you can get that can be run without being installed and put it on the USB drive.
2.) Install Microsoft® Windows® Malicious Software Removal Tool (KB890830)
3.) Install Spybot search and destroy. It has a real-time protection that alerts you when anything trys to change the registry. This is important because the malware I had kept re-installing itself every minute, or every time I clicked on the warning box you are talking about. I would delete all the files found by spyware scanners, and within a minute or two, they’d be back. When it alerts you of a registry change be very careful what you choose, whether to allow or block it. In the box that pops up, in the middle fo the bottom, there is a button that brings up info on the change. If it says it is spyware or malware, then block the change and click the box to remember it.
4.) Install Windows Defender (requires Validation)
5.) If none of these works, if you have a second hard drive, install a second copy of windows to that other drive. Boot to it and install virus and spyware scanners and try to clean your hard drive as best you can. Then do 1 - 4 above, if they didn’t work the first time.
This is really no fun at all. But I was sure happy when I got through it.
I really didn’t make much progress until I ran the Windows tools 2.) and 3.).
Once you get it clean..
grisoft.com has a free virus scanner for home use.
F-prot has one also.
Check on Download.com for others.
1.) Build a Bart PE spyware CD with free virus tools, like McAfee Stinger and others. See irongeek.com/i.php?page=security/pebuildertutorial. Scan your drive and get rid of as much as you can. I had some trouble getting all the plugins right, so had the best luck just putting the standalone scanners on a memory stick, and making sure the BartPE had the HWPnP so it would detect the USB drive. Get the command version of scanners, McAfee stinger, hijack this, and whatever else you can get that can be run without being installed and put it on the USB drive.
2.) Install Microsoft® Windows® Malicious Software Removal Tool (KB890830)
3.) Install Spybot search and destroy. It has a real-time protection that alerts you when anything trys to change the registry. This is important because the malware I had kept re-installing itself every minute, or every time I clicked on the warning box you are talking about. I would delete all the files found by spyware scanners, and within a minute or two, they’d be back. When it alerts you of a registry change be very careful what you choose, whether to allow or block it. In the box that pops up, in the middle fo the bottom, there is a button that brings up info on the change. If it says it is spyware or malware, then block the change and click the box to remember it.
4.) Install Windows Defender (requires Validation)
5.) If none of these works, if you have a second hard drive, install a second copy of windows to that other drive. Boot to it and install virus and spyware scanners and try to clean your hard drive as best you can. Then do 1 - 4 above, if they didn’t work the first time.
This is really no fun at all. But I was sure happy when I got through it.
I really didn’t make much progress until I ran the Windows tools 2.) and 3.).
Once you get it clean..
grisoft.com has a free virus scanner for home use.
F-prot has one also.
Check on Download.com for others.
ye run the microsoft malicious tool thats good but thats alot of infectuions i would get the spyware doctor free edition it scan and removes it will find a ton of trojans n delete them. http://www.download.com/Spyware-Doctor-Starter-Edition/3000-8022_4-10704508.html?tag=lst-2 you can delete spyware doctor after if you want but it finds alot and i would also get spybot which does finds alot of trojans too and avg anti spyware. Hope this helps you.. also u can look up those trojans and delete them manually or you can get a removal tool which some companys have that remove it automated such as symantec.
a quick update here. i ran Spy Sweeper, Ad-Aware and Spyware Dr. they all removed a ton of things but my problem still exsists. also i have Spybot, HJT and Ewido installed on my computer but i can not! access them. i cant double click them, open them through the start menu or get them to launch after a re install. plus when i go on the internet i cant see any pictures, just empty boxes.
ok big progress here. i downloaded and used Advanced Windows Care and it dleeted alot of junk and finally allowed me to run Spybot and AVG! the annoying popup in the tool bar is gone! everything seems normal now except a few annoying minor problems.
1) Internet Explorer - when ever i open explorer i just see empty boxes where pictures should be, but when i use Firefox everything is fine. how do i fix IE?
2) when im moving boxes around on my desktop (ex. i have my computer opened and drag the box to the other side of my screen) it shows a hollowed out box outline the whole time, its really annoying and wasnt like that before.
finally shall i post a HJT log on here after i run everything? just so you guys can help me get rid of anything i dont need thats just taking up space.
thank you
1) Internet Explorer - when ever i open explorer i just see empty boxes where pictures should be, but when i use Firefox everything is fine. how do i fix IE?
2) when im moving boxes around on my desktop (ex. i have my computer opened and drag the box to the other side of my screen) it shows a hollowed out box outline the whole time, its really annoying and wasnt like that before.
finally shall i post a HJT log on here after i run everything? just so you guys can help me get rid of anything i dont need thats just taking up space.
thank you
hey advanced wnidowscare is good the new version is coming out soon but in beta now. I read the kaspersky still looks nasty wit some trojans in tehre. Try running these scans they remove the stuff... http://www.eset.com/onlinescan/ thats nod32 very high detections make sure you check both options. http://www.trendsecure.com/portal/en-US/tools/security_tools this is trend micro scan and removal very good scan make sure you do full scan. http://www.bitdefender.com/scan8/ie.html another very good scan. Plz run all the scans and tell me what they find and remove them these scans should find all. PimpMyPc
kritius
Posts: 2,077 +0
Fix entries using HiJackThis
Find and Delete Suspect File
Delete the following files and folders (if still present)
C:\WINDOWS\system32\jfiehayd.dll<-----Delete this file
C:\WINDOWS\cru629.dat<-----Delete this file
C:\WINDOWS\system32\cru629.dat<-----Delete this file
C:\WINDOWS\winp9.exe<-----Delete this file
C:\WINDOWS\system32\univrs32.dat<-----Delete this file
C:\WINDOWS\system32\msindc.dll<-----Delete this file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Find and Delete Suspect File
Using Start > Search > All Files and Folders
Click Advanced Options and make sure the following are ticked Search system folders, Search hidden files and folders, Search subfolders
Enter qomnljj.dll in the 'All or part of file name' box
Select C: in the 'Look in' dropdown box
Click Search Now
Right-click on qomnljj.dll and select Delete
Repeat for each copy of the file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Create an uninstall list
After this Run the Kaspersky scan again and then run a fresh HijackThis scan
In your next reply you should have,
1) Uninstall list
2) Fresh Kaspersky scan
3) Fresh HijackThis scan
This thread is for the use of sublime90 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Slightly Stoopid Toolbar - {4E7BD74F-2B8D-469E-BEDE-CC39F0D3F960} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\bobby\LOCALS~1\Temp\csrssc.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: qomnljj - qomnljj.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Find and Delete Suspect File
Delete the following files and folders (if still present)
C:\WINDOWS\system32\jfiehayd.dll<-----Delete this file
C:\WINDOWS\cru629.dat<-----Delete this file
C:\WINDOWS\system32\cru629.dat<-----Delete this file
C:\WINDOWS\winp9.exe<-----Delete this file
C:\WINDOWS\system32\univrs32.dat<-----Delete this file
C:\WINDOWS\system32\msindc.dll<-----Delete this file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Find and Delete Suspect File
Using Start > Search > All Files and Folders
Click Advanced Options and make sure the following are ticked Search system folders, Search hidden files and folders, Search subfolders
Enter qomnljj.dll in the 'All or part of file name' box
Select C: in the 'Look in' dropdown box
Click Search Now
Right-click on qomnljj.dll and select Delete
Repeat for each copy of the file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Create an uninstall list
- Launch Hijackthis
- Click the Open the Misc Tools section button
- Click the Open Uninstall Manager button.
- Click the Save list button.
- Copy and paste this log into your next reply
After this Run the Kaspersky scan again and then run a fresh HijackThis scan
In your next reply you should have,
1) Uninstall list
2) Fresh Kaspersky scan
3) Fresh HijackThis scan
This thread is for the use of sublime90 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
first iof all ur java looks out of date go to www.java.com get the new version it takes only a few mins. also u can delete the pop up stopper free edition n get goodle toolbar which is safe. slightly stoopid toolbnar sounds like a spyware but im not sure. Solid State ION Internet Explorer Plugin this looks like a hijacker. did you run all the scans i told u to run?
kritius
Posts: 2,077 +0
See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***
Find and Delete Suspect File
Delete the following files and folders (if still present)
C:\WINDOWS\system32\msindc.dll<-------Delete this file
C:\WINDOWS\system32\univrs32.dat<-------Delete this file
C:\WINDOWS\winp9.exe<-------Delete this file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Let me know if you cannot find them or they cannot be deleted.
Delete temporay internet files,
Fix entries using HiJackThis
Reboot into Normal mode
Update your Java Runtime Environment
If for some reason you couldn't update through the above instructions.
Run HijackThis again and a fresh Kaspersky scan
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***
Find and Delete Suspect File
Delete the following files and folders (if still present)
C:\WINDOWS\system32\msindc.dll<-------Delete this file
C:\WINDOWS\system32\univrs32.dat<-------Delete this file
C:\WINDOWS\winp9.exe<-------Delete this file
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
Let me know if you cannot find them or they cannot be deleted.
Delete temporay internet files,
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
- Click OK.
Fix entries using HiJackThis
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entrieslisted below
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Reboot into Normal mode
Update your Java Runtime Environment
- First try going to Start -> Control Panel -> double click Java
- Select the Update TAb at the top
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5 - The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
Run HijackThis again and a fresh Kaspersky scan
Similar threads
