Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Help Please.


  • Please log in to reply
13 replies to this topic

#1 kenja536

kenja536

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 06:55 PM

Hello Everyone,

I am new here. My name is Ken. I would love to post in the introduction but my PC has a huge virus right now and I am freaking out. I dont even know if this will get on the post. SO I apologize for not writing in forum first. Here is my problem.
I downloaded a program this morning as a free trail for DVD Decoder. Unfortunatly doing this got the virus. Here are my major problems.

1. I can download programs. But I cant open any sort of application after the download is done

2. I cant go onto taskmanager. I get the message taskmanager is dissabled by administer error message

3. I cant use the run command prompt when I type in a command it says it does not exist and make sure its styped correctly.

4. I can do system restore in windows or win safe mode.

Sorry for the type errors guys. Im trying to post as fast as i can so I can get help and my computer dont lock up.
I am running win xp homne. I totally appreciate anyones help and I am willing to donate some money for your help. Thank you guys

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:04 AM

Posted 11 May 2008 - 07:40 PM

Can you try this online scan ,..There is no install needed and post back a scan log if possible.
Are you running XP or another operating system?

ESET Online Scanner

Uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
When done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
Please post that log in your next reply.

NEXT: if possible run this

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Edited by boopme, 11 May 2008 - 07:41 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 08:18 PM

Hi Therer. Thank you very much for sending me that information. I hope you will be up for awhile. Looks like the Eset is working. It's been running for the last 17 minutes and found so far 4 threats and is about 1/3 of the way finished. I just wanted to keep you posted and wanted to thank you. I will post the results when its done. thanks again.
Ken

#4 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 09:06 PM

Here is the log from the Eset log file.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3090 (20080509)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=5aab15e8d8689646814d45bf80555b27
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-05-12 02:01:35
# local_time=2008-05-11 07:01:35 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 1
# scanned=236069
# found=10
# scan_time=3677
C:\Documents and Settings\Owner\Local Settings\Temp\csrssc.exe probably a variant of Win32/TrojanDownloader.Small.CYF trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Local Settings\Temp\winlogan.exe probably a variant of Win32/TrojanDownloader.Small.NTQ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FD0S1WL0\SystemDefender_Installer[1].exe Win32/Adware.UltimateDefender application (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-1708537768-1644491937-682003330-1003\Dc113.bat probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-1708537768-1644491937-682003330-1003\Dc114.exe Win32/TrojanDownloader.Small.IWH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\mrofinu1535.exe probably a variant of Win32/TrojanDownloader.Agent.BLS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\jfiehayd.dll a variant of Win32/TrojanDownloader.Small.NTQ trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\mn.n Win32/Agent.NKM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ssqnlmk.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

#5 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 09:13 PM

I have completed the first part. The 2nd part listed below I was not able to open. Suggestions? Eset should I buy this? Will this solve it?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:04 AM

Posted 11 May 2008 - 09:14 PM

have you rebooted and tried to install malwarebytes?
Chewy

No. Try not. Do... or do not. There is no try.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:04 AM

Posted 11 May 2008 - 09:19 PM

I have completed the first part. The 2nd part listed below I was not able to open. Suggestions? Eset should I buy this? Will this solve it?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

They are alternative links to download the same software,if the main link did not work.

NO there is no need to buy anything.

Edited by boopme, 11 May 2008 - 09:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 10:16 PM

Hi guys,

I tried all the links you sent me. None of them will allow me to open the site. C:/Documents and Setings/Owner/Local Settings/Temporary Internet Files/Content.IE5/FD0S1WLO/MMBAM-SETUP1.EXE Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

#9 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 10:19 PM

I also keep getting this pop up on my computer screen. Its a eror message from "worm.win32.netbooster"

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:04 AM

Posted 11 May 2008 - 10:25 PM

Is this XP? can you boot into safe mode With networking and try to download again.
Actually if you can download from safe mode then also grab this and it is a better safe mode performer.
SuPERAntispyware
http://www.superantispyware.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 May 2008 - 10:41 PM

So should I donwnload this now and save to desktop then open from safe mode with network or should I try and download from safe mode and open it? I am running windows xp home edition.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:04 AM

Posted 11 May 2008 - 11:45 PM

when the download option starts do not choose run, use the save option, to your desktop
Chewy

No. Try not. Do... or do not. There is no try.

#13 kenja536

kenja536
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 May 2008 - 10:10 PM

I tried that as well. My system crashed hardcore last night. I just got a new pc. I totally appreciate your guys help on this. Thanks again. My system ate it BIG TIME. Oh well. You guys are great! Thanks for trying.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:04 AM

Posted 13 May 2008 - 04:14 PM

Sorry to hear that.

You're welcome from all of us at BC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users