Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating System Corrupted


  • Please log in to reply
22 replies to this topic

#1 ohsosmooth75

ohsosmooth75

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 19 March 2008 - 10:34 PM

Hi everyone, hoping someone can give me some advice. I hope this is the right forum, if not I apologize.

I've had trouble opening up many programs on my computer including internet browsers and sypware and adware programs. My computer asks "what program do I want to use" for many basic things that it used to open with no problem. Including solitare! I called McAfee support and they told me my operating system has been corrupted by a virus and I should call Dell to re-install. Has anyone gone through this before? What can I expect to have to do?

If anyone can offer any advice I would appreciate it! Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 19 March 2008 - 10:48 PM

You still need to post a HiJackThis log for cleaning.
Please see instructions in post # 10
http://www.bleepingcomputer.com/forums/ind...mp;#entry749657
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 20 March 2008 - 09:29 AM

I wish I could but my computer won't let me run the program to create a Hijackthis log. Any other advice on what I should do? I tried to post over on the Hijack forum but I think it was deleated.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:27 PM

Posted 20 March 2008 - 09:35 PM

Hello ohsosmooth75,

Try renaming HiJackThis to something like this: leapfrog.exe If that still doesn't work, then change .exe to .bat

If that also doesn't work, let us know. There is another trick up our sleeves to get a HiJack This log.

Incidentally, I am removing your topic, Computer Won't Open Firefox, because it is a duplicate of this one. That is called double-posting and isn't allowed on the forums. Just wanted to let you know about that.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 20 March 2008 - 09:38 PM.
Change URL to thread title ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 21 March 2008 - 09:50 AM

Hi Orange Blossom, thanks for the help.

I renamed the file leapfrog.bat and it finally let me download the hijackthis program. however, it still won't let me run it. Once again it asks what program do I want to use to open it.

If you have any other advice or suggestions I would appreciate them.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:27 PM

Posted 21 March 2008 - 11:45 AM

Hello ohsosmooth75,

Let's give this a try.

Download and install WinPatrol.
  • During installation, it will create "Scotty the dog" icon in your system tray.
  • Right click on the icon and choose Options.
  • Under the Options tab click on Hijack Log.
  • WinPatrol will scan your system and create a hijackthis log for you.
  • When the scan is complete, notepad will open with a file named HijackPatrol.log
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
  • Exit WinPatrol when done and let us know if you were successful.
Also let us know if you had any problems.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 21 March 2008 - 09:09 PM

Thanks for the reply Orange Blossom.

I tried to download and install Winpatrol but once again my computer won't let me run the program. It will create an icon on my desktop, but once I click on that it asks me what program to use to open the program.

Any other ideas?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 21 March 2008 - 09:39 PM

See is you can run these online scans...require NO installation
ESET Online Scanner

BitDefender Online Scanner

Panda ActiveScan?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 22 March 2008 - 10:52 AM

Hi Boopme thanks for your advice. I ran ESET but it didn't find anything. However, when I ran BitDefender it found plenty. I posted the report below and hopefully, it can shed some light on the problem. I still can't open any programs (including HiJackThis log) without it asking me what program to use to open it. If you guys have any other suggestions on where to go from here I would appreciate it!

Statistics

Time
01:13:23

Files
396715

Folders
9193

Boot Sectors
4

Archives
4635

Packed Files
15091




Results

Identified Viruses
5

Infected Files
15

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
15




Engines Info

Virus Definitions
1021480

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP902\A0069057.exe
Infected with: Trojan.DNSChanger.RA

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP902\A0069057.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP902\A0069057.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074932.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074932.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074932.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074933.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074933.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074933.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074934.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074934.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074934.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074935.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074935.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074935.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074937.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074937.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074937.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074938.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074938.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074938.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074939.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074939.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074939.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074940.exe
Infected with: Trojan.Peed.IYS

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074940.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074940.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074941.exe
Infected with: Trojan.Peed.IYX

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074941.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074941.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074942.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074942.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074942.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074955.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074955.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074955.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074956.exe
Infected with: Trojan.Peed.IZD

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074956.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074956.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074986.exe=>:exe.exe
Infected with: Dropped:Backdoor.Agent.ZCI

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074986.exe=>:exe.exe
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074986.exe=>:exe.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP983\A0074986.exe
Updated

C:\WINDOWS\eqpm.exe
Infected with: Trojan.Peed.IYX

C:\WINDOWS\eqpm.exe
Disinfection failed

C:\WINDOWS\eqpm.exe
Deleted

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 22 March 2008 - 05:47 PM

Arrgghh 1!! Do you have access to another PC. That one and this one will need a CD drive that is READ / write. I think I can find a way to make it install off a disk.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 23 March 2008 - 09:19 AM

Yes I do have access to another computer with those requirements. At this point I'm willing to try anything!

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 23 March 2008 - 11:31 AM

Ok here we go. I hope I can relay this clearly. As I needed to get an explanation of how to do it :thumbsup:
We really just need to get a log posted, Once there the HJT people are trained to get you the rest of the way.
I'll rewrite this later for clarity,but I know you are waiting so.........

Basically ..Copy to disk
Install to new folder on infected PC
Then run,HijackThis.exe
Copy the complete log.
Post it here and I'll move it.

ITEM 1
Go the the other PC and download HJT form the link below. Save to desktop. DO NOT extract
Copy that to the CD.
Use the self-extracting version that is linked to in the prep guide (HJTInstall.exe) is used it is not a problem. HijackThis.exe will be decompressed/extracted and copied to Program Files in a subfolder
Here's that link See Step 9 ... HJT Prep guide

ITEM 2
Make a folder on the infected computer and copy the hijackthis.exe file into that folder and run it from there so backups are made. If you run it off of the CD, the backups wont be made.

ITEM 3
If it has already been extracted and burned to CD, it should be copied to the hard drive.
Same if the person burned HijackThis.zip--it needs to be copied then extracted before any items are fixed.
It's a lot easier to use a writable drive, like USB Flash or floppie, if available.

Hope you can follow this for now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 25 March 2008 - 09:57 AM

Hey Boopme-

I tried to follow your directions but it didn't work. I saved the file to the other computer but didn't run it. Then I copied it to the disk and created a new file on my infected computer and transferred it. But when I went to run it, once again it asked me for a program to open it. I'm not sure if I just did something wrong or if it's more problems with my computer.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 25 March 2008 - 10:23 AM

OK, I'm going to see if Someone else can check my plan and/or provide you a means.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:27 PM

Posted 25 March 2008 - 11:00 AM

Hi again see if one of these will run,

DrWeb Online

OR

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Edited by boopme, 25 March 2008 - 11:04 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users