Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nwizsrv.exe Has Taken Over


  • Please log in to reply
41 replies to this topic

#1 imfiremedicjoe

imfiremedicjoe

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 03:33 PM

Today I picked up this virus and it has created lots of problems. I have Widows XP media edition service pack 2. I am using McAfee and it is not working correctaly with an error message of "One or more problems cannot be fixed because of an error." I also have PC Tools Spyware Doctor which found 6 threats and 61 infections which it did clean. I am unable to open task manager with an error message of Administrator has disabled access. I have searched forums and have done the following.

1. Downloaded and ran HijackThis. But I don't know what to do with it and do not feel comfortable deleting anything myself without direction.
2. Downloaded SmitfraudFix and ran in safe mode
3. I used combofix and followed prompts
4. I downloaded a trial version of superantispyware and was unable to use it due to the following error message "The system administrator has set policies to prevent this installation."

Currentaly I am operating in safe mode.

What do I do now?
Thanks

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 07 May 2008 - 04:42 PM

welcom to this site :thumbsup:

a few points need clarification please

for how long has the macaffee been 'misfunctioning'?

which version of PC Tools Spyware Doctor do you have on board?


'I used combofix and followed prompts' was this done under , as the instructions specify ,the direct instructions of a malaware expert


did the computer reboot successfully after running the combofix

is the computer now stuck IN safe mode?

one HOPES you have NOT done irrepareable damageTO your computer by running combofix unsupervised;

and according to this search

http://www.google.co.uk/search?hl=en&q...earch&meta=

unless I am mistaken , your computer security could be compromised

do you have any other computer you can use?

Edited by ruby1, 07 May 2008 - 04:48 PM.


#3 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 05:06 PM

McAfee has been misfunctioning since the problem was discovered today. McAfee has completed a full scan and was able to detect 3 problems. I was unable to run a full scan before I used Spydoctor.
Under potentially unwated programs
1. PrcViewer
2. Generic PUP.g
The third item I do not see after pressing view results from McAfee

Spydoctor version 5.5.1.321

I had to manually reboot sytem. When logged in normally it is very slow and I am unable to do anything due to such slow response. In safe mode I have 2 option. Log on as administrator or my usual account.

I am able to reastart the computer not in safe mode, but like I said I can't do much with it.

I am able to use other computers until this is fixed.

#4 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 05:28 PM

Also I am unable to restore to an earlier date. There are no dates available. I think the virus wiped them out. additionally the background has changed to a blue screen and after a few minutes of nonuse, bugs crawl all over the screen like a screen saver.

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 07 May 2008 - 05:33 PM

please try this; just to see what IS going on on there you could run a superantispyware program check to see what IT flaggs up


Superantispyware; guide on how to install and run

If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispyware
Superantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

then stay OFF line with the infected computer to communicate with the forum until the log is examined and we can see more fully what might be happening

also; I think you have TWO antivirus program on there now and suggest you uninstall spyware doctor

#6 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 05:43 PM

Thank you very much for your prompt response but i have the following problem and m unable to continue with your instructions.
I am unable to install superantisyware.
I get the following message. "the system administrator has set policies to prevent this intallation."

#7 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 07 May 2008 - 05:48 PM

Thank you very much for your prompt response but i have the following problem and m unable to continue with your instructions.
I am unable to install superantisyware.
I get the following message. "the system administrator has set policies to prevent this intallation."


I downloaded a trial version of superantispyware



this is not a trial version
(pst; from where DID you download the 'trial' version?)?this is the main one ; can you try it and see how far it WILL let you get with it ?

#8 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 05:53 PM

I followed the link provided. The version number is 4.0.0.1154. I will uninstall and try again.

#9 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 06:01 PM

The program never installed. I was able to find it in the downloads folder and I did try to intall/setup it again with the same result. I also unintalled spydoctor per your recommendation.

#10 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 07 May 2008 - 06:09 PM

try asuqared http://download6.emsisoft.com/a2FreeSetup.exe
again download to your new folder; click on the exe to install; then fully update the definitions, reboot your computer and go for a full deep scan ; this too may take a while IF it will let you get that far.....

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 AM

Posted 07 May 2008 - 06:10 PM

have you installed sdfix before?
Chewy

No. Try not. Do... or do not. There is no try.

#12 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 06:19 PM

No I have not installed sdfix before.

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 AM

Posted 07 May 2008 - 06:20 PM

can you run an .exe in safe mode

are you transfering files from a good computer to the infected one?

Edited by DaChew, 07 May 2008 - 06:21 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#14 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 06:24 PM

A-squared was able to download and intall, download updates, and is currentaly running a deep scan.

#15 imfiremedicjoe

imfiremedicjoe
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 May 2008 - 06:32 PM

can you run an .exe in safe mode?

Yes



are you transfering files from a good computer to the infected one?

Yes I transferred files I downloaded with the links that were given. However I did manually type in the link to A-squared on the infected computer and downloaded to the downloads folder then ran the setup from there. I had previously tried this process with the superantispyware but had the same result eighther way.

As of now A-squared is scanning and has detected 10 objects




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users