Virus problem?

Status
Not open for further replies.

WreC

Posts: 15   +0
Ok little confused... I got a msg on aim from a friend w/ a link.. So i dl/ed it and it happend to be a virus of some sort and would disable taskmanager and also any type of virus scan. After installing a product for startup control i found the problem and disabled it, but when i searched for it on the computer it was no where to be found. I ran a HJT after i disabled it and i was wondering if anyone could tell me if i elimnated the problem or if it still existed. Thanks in advance for any help provided
 
Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint\Viewpoint Toolbar V35

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

mb2np

close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

FotomatDeviceConnect.exe
ViewMgr.exe
sxkfpb.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

O4 - HKLM\..\RunServices: [mb2np] sxkfpb.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

Fix all 018-Protocol entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint
sxkfpb.exe you will need to search your system for this file and delete all instances of it.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :wave: :wave:
 
Sry for the double post... Different computer... same problem ... posted HJT results also. :)
 
WreC said:
ok, did what u said. this is the log file:

Exactly the same entries are in your HJT log.

Go back to my instructions and try them again please.

Post a fresh HJT log when done.

Regards Howard :)
 
As for the HJT log for the other computer.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: (no name) - <default> - (no file)

O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -

Fix all O18 - Protocol: entries.

Click on the fix checked button.

Close HJT.

Other than the above, this system is clean.

Regards Howard :)
 
Ok here is the hjt log again :) But there is still one thing wierd... on this computer at random it closes certrain websites... i have no idea why.. ive disabled popups/made sure it wasnt restricted turned off any form of firewall and to no avail it still does it... one of the site is www.marineland.net it will start to load then close all instances of the program i had running. It leaves no error screen no nothing just closes.... I have yet to figure out why :evil: :evil: :evil: :evil: is all i can think of :(
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

mb2np

close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

sxkfpb.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O4 - HKLM\..\RunServices: [mb2np] sxkfpb.exe

Click on the fix checked button.

Close HJT.

Run HJT again and click on the config button, followed by the misc tools button.

Click the delete file on reboot button and browse to sxkfpb.exe(you may need to search your system to find out where this file is located. Delete all instance3s of it). Click on sxkfpb.exe and click open. You will be prompted to restart your computer, click yes.

Once your computer has restarted, turn system restore back on and post a fresh HJT log.

Regards Howard :)
 
Posted yet another HJT logg but still have the problem i listed before :( quote on this computer at random it closes certrain websites... i have no idea why.. ive disabled popups/made sure it wasnt restricted turned off any form of firewall and to no avail it still does it... one of the site is www.marineland.net it will start to load then close all instances of the program i had running. It leaves no error screen no nothing just closes.... I have yet to figure out why is all i can think of end quote
 
Have HJT fix the following inactive entries.

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

Click on the fix checked button and close HJT.

Other than the above, your HJT log is now clean.

I want you to try something for me.

Download and install the Firefox browser from HERE.

It`s a lot more secure than IE.

See if you still have the same problems with web pages automatically closing.

Please let me know.

Regards Howard :)
 
Tried it and i got the same result.. i have no idea what it could be.. it just closes it and any thing to do with it.. it also does it in ie.. so i am not quite sure what is up with it.
 
Mmm very strange.

Go HERE and follow all the instructions exactly.

This is because you may have some kind of infection, that isn`t showing up in HJT.

Please let us know the results.

Regards Howard :)
 
I dont think it is adaware i think it may be somethign w/ activex because it has done it ever sense i have installed Windows Xp on it.... so idk if perhaps i have my controls set so when something triggers it that it auto closes only thing i can think of but i dont know much about activex ... so im not sure
 
The thing is, Firefox doesn`t use ActiveX controls and I can open the www.marineland.net website using Firefox without any problems.

I`m not sure what else to suggest to be honest.

Maybe you should open a new thread in our Windows OS forum.

Sorry I couldn`t help solve your problem.

Regards Howard :)
 
Status
Not open for further replies.
Back