Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


A Major Virus Problem

  • Please log in to reply
5 replies to this topic

#1 retinchet


  • Members
  • 24 posts
  • Local time:09:28 PM

Posted 27 May 2008 - 12:03 AM

Greetings everybody

As of now, I have a huge virus problem. This has not happened to me in years, and boy, I now remember how annoying viruses can be. You see, for the longest while, my computer was completely free of viruses and was super fast with no problems at all(my computer was at it's peak, it was so fast it was not even funny), until last Thursday. It all began when I disabled my antivirus software because I wanted to see how much antivirus programs imapct performance (Sadly, I forgot to re-enable it); I was using is KAV 6.0, the best AV on the market I believe. I was surfing the net until my comp began to slow down big time and froze. I restarted it and ran my KAV scan which I realized that I never enabled after closing it. It detected a couple of trojans, which I deleted. Next I ran Spyware Doctor 4.0, which picked up 16 more infections. I restarted my pc, and it was still slow, which is when I found out my task manager was disabled because of the infections, so I enabled it. Next, I downloaded AVG 8.0 free, which detected over 400 infected registry keys!!! I removed these and my pc sped up drastically, it felt like its old self again, until the next reboot. I scanned agin with AVG, and it detected the same viruses, they somehow keep reappearing. My pc is just the way I like it and I don't want to erase my harddrive and reinstall windows. Is there anyway I can get rid of these viruses once and for all? Thanks for your help. (I wish I had system restore enabled.)

Here's a screen shot of my virus problem: http://s295.photobucket.com/albums/mm141/retinchet/?action=view&current=vir.jpg

Only a portion could be shown because there were so many.

Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 27 May 2008 - 12:46 AM.

BC AdBot (Login to Remove)


#2 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:02:28 AM

Posted 27 May 2008 - 09:17 AM

your posting does not say your windows version ; however; FROM your entry it would appear you now have TWO antivirus programs installed?

KAV 6.0

(?kasperspy )

and AVG8.0?
if so you need to remove ONE as to have more than one is making the programs r fight themselves and NOT the viruses

until last Thursday. It all began when I disabled my antivirus software because I wanted to see how much antivirus programs imapct performance

ANY computer NEEDS AN installed antivirus program (its a MUST have); some antivirus programs are more hungry on resourses than others as many computer users have discovered!!!!

try this program
Superantispyware; guide on how to install and run

If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


Download to the Downloads folder the free exe to superantispyware from here


you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure

please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’

A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu

If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

see what that gives?

also CAN you enable system restore?

#3 retinchet

  • Topic Starter

  • Members
  • 24 posts
  • Local time:09:28 PM

Posted 27 May 2008 - 09:53 AM


Sorry I forgot to mention my OS; it is Windows XP Professional SP2. Here are the results from the SUPERAntiSpyware scan.

SUPERAntiSpyware Scan Log

Generated 05/27/2008 at 01:20 AM

Application Version : 4.1.1046

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Quick Scan
Total Scan Time : 00:07:47

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 387
Registry threats detected : 13
File items scanned : 5688
File threats detected : 5

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}

Adware.Tracking Cookie
C:\Documents and Settings\mr. bigglesworth\Cookies\mr. bigglesworth@adbrite[2].txt
C:\Documents and Settings\mr. bigglesworth\Cookies\mr. bigglesworth@tacoda[2].txt
C:\Documents and Settings\mr. bigglesworth\Cookies\mr. bigglesworth@tribalfusion[1].txt
C:\Documents and Settings\mr. bigglesworth\Cookies\mr. bigglesworth@insightexpressai[1].txt
C:\Documents and Settings\mr. bigglesworth\Cookies\mr. bigglesworth@questionmarket[1].txt

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#pxgdslro [ {22FC7D73-04C4-4154-9CEB-A12AA34E9A1A} ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#gnowmebk [ {9DD15744-405C-41BE-A3A6-DEDD92899136} ]


I did another scan on reboot, and nothing was detected. I think this program might have done the trick. Thanks for mentioning it.

#4 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:02:28 AM

Posted 27 May 2008 - 10:07 AM

you still do you say how may antivirus programs you have installed?
suggest take a system restore point NOW

try this other program for 'completeness'?

you need to be ON line to start this process and please run the scan in computer's NORMAL mode
download the exe from

alternate download link 1

alternate download link 2


suggest; download the exe to your downloads folder so you know where to find it;

create from that folder a shortcut to your desktop

Double-click on the exe to install the application.
The installation is relatively straight forward; just follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
The Program will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, you may manually download them from

On the main interface you will see different tabs at the top of the program?

Select each to see what they ask of you and what they each represent;
When you are ready to scan you will be asked to select the drives you wish to scan? The program should recognise ALL your drives ; if it does not I suggest you select all drives

You will be asked to select either a quick scan or a full computer scan my recommendation is to do a full scan so your search does not miss anything

Click the start button and let the scan run; it will show you how it is progressing, what section it is on and the elapsed time I ran a full trial scan on my relatively empty XP for a ‘sampling ‘ ;your scan may take about an hour or so to run

When the scan is complete a message box will say "The scan completed successfully. Click on 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
On the Main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Ensure everything is checked,

click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log should be saved automatically and can be viewed by clicking the Logs tab in MBAM.
it would be helpful to see that report and what, if anything the program ahs found ;Copy and paste the contents of that report and close the program

Note: please be aware ;

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

good hunting !! :thumbsup:

#5 retinchet

  • Topic Starter

  • Members
  • 24 posts
  • Local time:09:28 PM

Posted 28 May 2008 - 11:41 AM

I did a scan with Malwarebytes, and it detected nothing at all. Thank you so much for your help Ruby; because of you I did not have to erase my harddrive and reinstall everything everything. If push came to shove though, I have an external 500 GB harddrive with everything backed up anyway. Well. thanks once again.

Edited by retinchet, 28 May 2008 - 11:41 AM.

#6 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:02:28 AM

Posted 28 May 2008 - 03:14 PM

thsi is good news :thumbsup:

may I suggest you rerun the scans for compelteness then
follow these instructions from this thread to sort out system restore

quietmasn 7 global mod

If there are no more problems or signs of infection, you should see here http://bertk.mvps.org/html/createrp.html
Create a New Restore Point
to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup http://bertk.mvps.org/html/diskclean.html to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users