Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unremovable Vundo Variant Virtumonde And Lop Etc


  • This topic is locked This topic is locked
16 replies to this topic

#1 thewinkingtiger

thewinkingtiger

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 March 2008 - 05:29 PM

I've been struggling for the past 10 days or so to rid my system of various parisites including vundovariant Virtumonde winfixer and lop.

All are getting identified by agv (free) spybot and superantispy - but none seem to be able to clear it. they will run clear or quarantine the infection but then after a reboot and access to the internet it starts again. Ad-aware is not picking anything up.

I've had it in to the shop for repair twice and they haven't managed to clean it - and seem to know less than me. relying on Agv professional to clear it.

I am running a dell laptop on windows xp. I use Firefox mostly - but this 'thing' keeps trying to launch ie and placing inappropriate ads on webpages instead of the real ones that should be there.


Could anyone help me please or am i looking at having to get my system wiped clean?


thanks in advance
Debs

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 15 March 2008 - 05:39 PM

Welcome to Bleeping Computer.

Please follow these removal steps:
  • Download VundoFix onto your desktop.
  • Open VundoFix and select Scan for Vundo.
  • After the scan, select Remove Vundo.
  • Follow the prompts to delete the files. If your screen goes blank, please remain calm.
  • After the cleaning, your will be prompted to restart.
After the restart, please post back with the scan results.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 15 March 2008 - 05:49 PM

First Welcome to the forum. Is this an xp machine? You have run AVG and SAS ,updated and from safe mode already?
If not Please run again. Then post the SAS scan log in your next reply.

While in Normal mode please download Attribune's ATF Cleaner . Save it to desktop ..
DO NOT run yet.

How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

NOW Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 March 2008 - 05:59 PM

I've run the vundofix program and that didn't find anything - although at the time it was running avg get bringing up infections and quarantining them. Maybe I should try it again with avg disabled???/



Re safe mode - for some reason my system will not let me enter safe mode. I pick it from the list and then it just boots up as normal :thumbsup: is there something that is stopping me from entering safe mode?


Thanks again both of you.

debs

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 15 March 2008 - 06:51 PM

try disabling Spybot's TeaTimer And then run all the tools again and post the logs in your next reply.
You can disable TeaTimer 2 ways

To disable TeaTimer and remove its startup entry:
Go into Spybot > Mode > Advanced Mode > Tools > Resident
Uncheck (if checked) the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.


To temporarally close TeaTimer and restart it later:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.
Restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

Reboot is NOT necessary for the change to take effect.

http://forums.spybot.info/showthread.php?t=2827
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 March 2008 - 07:46 PM

I managed to run the vundofix in safe mode and it found three threats

c:\windows\system32\qpwss.ini
c:\windows\system32\qpwss.ini2
c:\windows\system32\ssqpq.dll


I asked it to remove them as suggested - don't know if it has or not.


And here is the log from SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/15/2008 at 01:16 AM

Application Version : 4.0.1154

Core Rules Database Version : 3419
Trace Rules Database Version: 1411

Scan type : Complete Scan
Total Scan Time : 00:57:58

Memory items scanned : 469
Memory threats detected : 2
Registry items scanned : 4929
Registry threats detected : 24
File items scanned : 13537
File threats detected : 33

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\DDABA.DLL
C:\WINDOWS\SYSTEM32\DDABA.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\WVTFSRVV.DLL
C:\WINDOWS\SYSTEM32\WVTFSRVV.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{40ECA94B-F830-484A-B1B5-EB3212701AF6}
HKCR\CLSID\{40ECA94B-F830-484A-B1B5-EB3212701AF6}
HKCR\CLSID\{40ECA94B-F830-484A-B1B5-EB3212701AF6}\InprocServer32
HKCR\CLSID\{40ECA94B-F830-484A-B1B5-EB3212701AF6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWVVU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40ECA94B-F830-484A-B1B5-EB3212701AF6}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{7CE22257-A10E-4ABD-A94C-2CA6E5B5BD89}
HKCR\CLSID\{7CE22257-A10E-4ABD-A94C-2CA6E5B5BD89}
HKCR\CLSID\{7CE22257-A10E-4ABD-A94C-2CA6E5B5BD89}\InprocServer32
HKCR\CLSID\{7CE22257-A10E-4ABD-A94C-2CA6E5B5BD89}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D80D4A59-4A5F-4BFB-83B3-F3FD61F5568E}
HKCR\CLSID\{D80D4A59-4A5F-4BFB-83B3-F3FD61F5568E}
HKCR\CLSID\{D80D4A59-4A5F-4BFB-83B3-F3FD61F5568E}\InprocServer32
HKCR\CLSID\{D80D4A59-4A5F-4BFB-83B3-F3FD61F5568E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCCC.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CE22257-A10E-4ABD-A94C-2CA6E5B5BD89}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D63FB738-B02F-4787-ADC6-F55F82BDA466}
HKCR\CLSID\{D63FB738-B02F-4787-ADC6-F55F82BDA466}
HKCR\CLSID\{D63FB738-B02F-4787-ADC6-F55F82BDA466}\InprocServer32
HKCR\CLSID\{D63FB738-B02F-4787-ADC6-F55F82BDA466}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTTT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80D4A59-4A5F-4BFB-83B3-F3FD61F5568E}

Adware.Vundo-Variant/Small-A
HKLM\Software\Classes\CLSID\{ef77c1a2-0448-45c6-bf00-3add6b2b31a1}
HKCR\CLSID\{EF77C1A2-0448-45C6-BF00-3ADD6B2B31A1}
HKCR\CLSID\{EF77C1A2-0448-45C6-BF00-3ADD6B2B31A1}\InprocServer32
HKCR\CLSID\{EF77C1A2-0448-45C6-BF00-3ADD6B2B31A1}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef77c1a2-0448-45c6-bf00-3add6b2b31a1}
C:\WINDOWS\SYSTEM32\LXENFVWV.DLL
C:\WINDOWS\SYSTEM32\TNIDIJYX.DLL
C:\WINDOWS\SYSTEM32\WXFBQAOJ.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Debs\Cookies\debs@questionmarket[2].txt
C:\Documents and Settings\Debs\Cookies\debs@doubleclick[1].txt
C:\Documents and Settings\Debs\Cookies\debs@serving-sys[2].txt
C:\Documents and Settings\Debs\Cookies\debs@www.clash-media[2].txt
C:\Documents and Settings\Debs\Cookies\debs@statsgod[1].txt
C:\Documents and Settings\Debs\Cookies\debs@ehg-pcsecurityshield.hitbox[1].txt
C:\Documents and Settings\Debs\Cookies\debs@cpvfeed[1].txt
C:\Documents and Settings\Debs\Cookies\debs@hornymatches[2].txt
C:\Documents and Settings\Debs\Cookies\debs@advertising[1].txt
C:\Documents and Settings\Debs\Cookies\debs@interclick[1].txt
C:\Documents and Settings\Debs\Cookies\debs@hitbox[1].txt
C:\Documents and Settings\Debs\Cookies\debs@www.admedia365[2].txt
C:\Documents and Settings\Debs\Cookies\debs@adrevolver[2].txt
C:\Documents and Settings\Debs\Cookies\debs@bs.serving-sys[1].txt
C:\Documents and Settings\Debs\Cookies\debs@atdmt[1].txt
C:\Documents and Settings\Debs\Cookies\debs@tradedoubler[2].txt
C:\Documents and Settings\Debs\Cookies\debs@media.adrevolver[1].txt
C:\Documents and Settings\Debs\Cookies\debs@1067766890[2].txt
C:\Documents and Settings\Debs\Cookies\debs@adviva[2].txt
C:\Documents and Settings\Debs\Cookies\debs@carphonewarehouse.112.2o7[1].txt
C:\Documents and Settings\Debs\Cookies\debs@ad.yieldmanager[1].txt
C:\Documents and Settings\Debs\Cookies\debs@adopt.euroclick[2].txt
C:\Documents and Settings\Debs\Cookies\debs@statcounter[1].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ABADD.INI
C:\WINDOWS\SYSTEM32\UVVWA.INI





What do I need to do next? (think it will probably be tomorrow now as it's late here!)

Thanks in advance

#7 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 16 March 2008 - 02:41 PM

I just had a thought. This trojan or whatever it is - is obviously replicating after being found by avg sas vundofix etc etc. Could it be because my system boots directly to my account rather than giving me the chance to log in as an administrator? And if so how to I swap to the administrator account?/ (I can do it in safe mode as it comes up as an option - but not in normal mode.)


Thanks again - and sorry if that's noob question - I am just trying hard to get to the bottom of this :thumbsup:


Debs

Edited by thewinkingtiger, 16 March 2008 - 02:41 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 16 March 2008 - 04:20 PM

Right now we are better in your account. Safe mode for these tools and scans is better especially when you know you have malware. Now lets run a NoLop tool. This can run from normal mode.


Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media


Be sure to reboot when done.

Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
  • First close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled "Search and Destroy"
    <>
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the "REBOOT" button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log in your next reply.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..

Edited by boopme, 16 March 2008 - 04:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 17 March 2008 - 02:40 PM

Hi Boopme - thanks again for the response.

I ran nolop as suggested but it didn't find any infections apparently.

I've attched the log anyway.

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Debs\Desktop
[17/03/2008]
[19:26:36]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Superantispyware.com
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Bigfishgamescache
C:\Documents and Settings\All Users\Application Data\Dell
C:\Documents and Settings\All Users\Application Data\Downloaded Installations -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Floodlightgames
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Jollybear
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Mailfrontier -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Supportsoft
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Debs\Application Data\Adobe
C:\Documents and Settings\Debs\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Debs\Application Data\Avg7
C:\Documents and Settings\Debs\Application Data\Big Fish Games
C:\Documents and Settings\Debs\Application Data\Cyberlink
C:\Documents and Settings\Debs\Application Data\F-secure
C:\Documents and Settings\Debs\Application Data\Floodlightgames
C:\Documents and Settings\Debs\Application Data\Forgottenriddles
C:\Documents and Settings\Debs\Application Data\Google
C:\Documents and Settings\Debs\Application Data\Grisoft
C:\Documents and Settings\Debs\Application Data\Gtek
C:\Documents and Settings\Debs\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Debs\Application Data\Identities
C:\Documents and Settings\Debs\Application Data\Intel
C:\Documents and Settings\Debs\Application Data\Ispnews
C:\Documents and Settings\Debs\Application Data\Jasc
C:\Documents and Settings\Debs\Application Data\Jasc Software Inc
C:\Documents and Settings\Debs\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Debs\Application Data\Leadertech
C:\Documents and Settings\Debs\Application Data\Macromedia
C:\Documents and Settings\Debs\Application Data\Magic Academy
C:\Documents and Settings\Debs\Application Data\Microsoft
C:\Documents and Settings\Debs\Application Data\Mozilla
C:\Documents and Settings\Debs\Application Data\Nokia
C:\Documents and Settings\Debs\Application Data\Openoffice.org2
C:\Documents and Settings\Debs\Application Data\Pc Suite
C:\Documents and Settings\Debs\Application Data\Playfirst
C:\Documents and Settings\Debs\Application Data\Real
C:\Documents and Settings\Debs\Application Data\Secondlife
C:\Documents and Settings\Debs\Application Data\Skype
C:\Documents and Settings\Debs\Application Data\Sonic
C:\Documents and Settings\Debs\Application Data\Spintop
C:\Documents and Settings\Debs\Application Data\Sun
C:\Documents and Settings\Debs\Application Data\Sunbelt Software
C:\Documents and Settings\Debs\Application Data\Superantispyware.com
C:\Documents and Settings\Debs\Application Data\Symantec
C:\Documents and Settings\Debs\Application Data\Template
C:\Documents and Settings\Debs\Application Data\Toshiba
C:\Documents and Settings\Debs\Application Data\Yahoo!
C:\Documents and Settings\Debs\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Symantec
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver

The infection seems to be spreading more quickly now as even Firefox is trying to open up second tabs etc. I am also getting back messages from AVG of infection in my ie temporary internet files - even when I haven't used ie and emptied out those files. :thumbsup:

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 17 March 2008 - 02:49 PM

Regarding running using VundoFix:
Yes you should always disable any security programs before running fix tools. Not doing so could mean the fix tool's effectiveness and accuracy being reduced.

You may also want to re-run the NoLop with security disabled.

#11 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 17 March 2008 - 03:52 PM

Thanks Panda

ok - I re ran nolop in normal mode without any security programmes running and no internet connection and it still didn't find anything.

Under the same system conditions ie no security or internet connection.
Vundofixer is having a harder time -it found the same three files as before - although their file names had mutated to
c:\windows\system32\ststv.ini
c:\windows\system32\ststv.ini2
c:\windows\system32\vtsts.dll
when attempting to clean - it couldn't remove vtsts.dll - so asked me to reboot to try again
On reboot I clicked to clean again - it paused for a long time and then asked for a reboot. although this time i didn't get a message to say it couldn't fix the files.
after that reboot i got an RUNDLL message
"error loading c:\windows\system\mdwuufxv.dll The specified module could not be found. and a Work offline pop up message. "No connection to the internet is currentlay available etc etc"

Do i need to run something else?

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 17 March 2008 - 04:27 PM

Wow mutations!! And not wow in a good way.

Please run SDfix.
  • Download SDfix setup onto your desktop.
  • Run the installer. Leave the install location at your system root.
  • After the install, boot into Safe Mode.
  • Click your Start Menu. Click Run. Type in c:\sdfix\runthis.bat. Hit OK.
  • The prompt window will open. Type Y and hit Enter.
  • Wait for the scan to finish.
  • You will be prompted to restart. Press anykey to do so. Allow Sdfix to boot the computer into normal boot.
  • At reboot, the prompt window will popup, along with a log shortly after. Copy the contents of the log back in your next reply.


#13 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 17 March 2008 - 05:45 PM

I ran the sdfix as suggested and now my computer is worse than hopeless. i can't post you the log as i can't get anything to work now :thumbsup:


On reboot avg was detecting lop virus again. i have had drwatson debugger errors and a message saying my computer is trying to recover from a serious error. I really am at a loss of what to do next?

Sorry this is becoming a nightmare

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:56 AM

Posted 17 March 2008 - 07:45 PM

Please proceed on to this Tutoririal.. Preparation Guide For Use Before Posting A Hijackthis Log. You may skip to Step 9 now,creating the log.
If using Windows Vista, be sure to Run As Administrator

After having created it post that log in this forum >>> HijackThis Logs and Malware Removal , NOT in this Topic thanks. Do so by clicking New Topic, give it a title as the one you have here. Post the whole log and then a HiJack expert will be along to tell what to do next.

If you have any questions or problems PM me or any moderator or ask in this topic ONLY.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 thewinkingtiger

thewinkingtiger
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 17 March 2008 - 08:01 PM

ok thanks will try this tomorrow. at the moment i can't get my computer to hold an internet page. (using my old laptop right now ) :flowers:



i'm feeling a total wipe coming on :thumbsup:

Debs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users