Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wierd Scary Error Messages On Bootup


  • This topic is locked This topic is locked
9 replies to this topic

#1 Booman

Booman

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 06 March 2008 - 08:40 PM

My brother downloaded something and then th epc rebooted and when i logged back on i got these messages.... "YOUR PC IS UNPROTECTED! DOWNLOAD THE TOOLS NOW!"...and some others... I CANNOT LOAD HJT OR MY AV NOR SUPERANTISPYWARE....the only thing i can load is Uniblue spyeraser....and thats it.....and it already found some things.....here are some pics

http://i229.photobucket.com/albums/ee189/d...an/crappeth.gif
http://i229.photobucket.com/albums/ee189/d.../0306082008.jpg

sorry for the detail on the 2nd pic....i took it with my phone....ummm i tried safemode and it wont load my scanners either....

BC AdBot (Login to Remove)

 


#2 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 07 March 2008 - 07:03 AM

i am in safemode... i can confirm that the error messages are from Braviax.exe..i keep getting these error mesages.... "IEXPLORER has ben termintAed"....i have tried to remove the infection with Uniblue SPyEraser which is the only thing i can use right now.....and it did not work...i am in safemode right now and i still have this messages frome SYSFADER

#3 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 07 March 2008 - 04:17 PM

i am scanning with yahoo toolbar CA ANTISPY and it supposedly removed this thing called Kallah and found Security Toolbar which it wont remove...like i said...i cannot run anything....it is hard to do anything without the pc to freeze up on me. ..cannot run any security systems....idk if baviax.exe is still there....is there anything i can do

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:29 AM

Posted 07 March 2008 - 04:31 PM

Try this online scanner:

http://eset.com/onlinescan

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 08 March 2008 - 12:28 AM

are you going to help me through this O neal? i did a boot time schedule with avast...here is the log

03/07/2008 22:44
Scan of C:\
File C:\Documents and Settings\Jeff\Application Data\Uniblue\SpyEraser\Quarantine\PUP.UnclassifiedProgram.B_07_03_2008_06_54_54.asq23281 is infected by Win32:WpePro-F, Deleted
File C:\System Volume Information\_restore{BE005BF3-AF7C-4131-ADE9-09312F2D075F}\RP84\A0021753.exe is infected by Win32:Wpepro [Tool], Deleted
File C:\System Volume Information\_restore{BE005BF3-AF7C-4131-ADE9-09312F2D075F}\RP85\A0023084.sys is infected by Win32:Agent-QNI [Trj], Deleted
File C:\System Volume Information\_restore{BE005BF3-AF7C-4131-ADE9-09312F2D075F}\RP86\A0031436.exe\[UPX] is infected by Win32:Agent-RUQ [Trj], Deleted
File C:\WINDOWS\system32\dllcache\beep.sys is infected by Win32:Agent-QNI [Trj], Deleted
File C:\WINDOWS\system32\drivers\beep.sys is infected by Win32:Agent-QNI [Trj], Deleted
File C:\WINDOWS\system32\njbgqwrw.dll is infected by Win32:TratBHO [Trj], Deleted
File C:\WINDOWS\system32\xljrbmzk.dll is infected by Win32:TratBHO [Trj], Deleted

Number of searched folders: 7787
Number of tested files: 354680
Number of infected files: 8


OH NO! my C: Drive has a delete symbol on it..and this Windows.exe keeps popping up....and so does this thing regenerate after i delete is... braviax.exe

here are some pics

http://i229.photobucket.com/albums/ee189/d...olfman/hmmm.gif
http://i229.photobucket.com/albums/ee189/d.../vundoalert.gif

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:29 AM

Posted 08 March 2008 - 12:37 AM

are you going to help me through this O neal?

I hope! I dont want to send you to the HJT Team, because they have a 2 week backup right now. Try this:
Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 AM

Posted 08 March 2008 - 07:41 AM

In addition to the Kaspersky scan, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 08 March 2008 - 09:42 AM

are you going to help me through this O neal?

I hope! I dont want to send you to the HJT Team, because they have a 2 week backup right now. Try this:
Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



it wont let e use anything with security...cant use that sdfix....combofix....vundofix...(i have a vundo trojan....in system32 geede.dll)...hijackthis.....superantispyware....nothing with anyof that..i did do an A2 web antimware scan and it removed some things...the eset scanner u told me to use could not remove the trojans

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 AM

Posted 08 March 2008 - 09:57 AM

Some types of malware will disable SDFix and other security tools. If SDFix will not run, try renaming it to myfix.exe or something else. If needed, change the .exe extension to .bat, .com, .pif, or .scr and then double-click to run.

If that works, then do the same with VundoFix and rename it as well. Again, if needed change the .exe extension.

Do not do this with ComboFix as CF should not to be used outside Hijackthis Forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 AM

Posted 08 March 2008 - 10:24 AM

HijackThis logs are to be posted in the HijackThis Logs and Malware Removal forum but due to the ongoing issues your dealing with I have moved it there for you. Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users