Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Many Services...cannot Start Manually


  • Please log in to reply
6 replies to this topic

#1 Mossat

Mossat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 06 June 2008 - 12:50 PM

I had posted in another thread at this site and was advised to post here. I'll try to keep it short. I know I caught some malware. I ran spybot, adaware and Kaspersky anti-virus. I had thought that they were neutralized but I don't think they are. I restarted my computer and have no taskbar. Most services are no go such as system restore, rpc and adaware. Will not restart manually in services.msc. Also will not let me see the properties in those services. If I run msconfig the system .ini is blank and all services are stopped. I'm in safe mode right now and Kaspersky has detected 23 items. And is still scanning but so far here's what I have...
adware.win32.virtumonde.wwr
win32.small.wfv
win32.virtumonde.wpv
win32.virtumonde.wpu
win32.monder.gen
win32.agent.byy
win32.zenosearch.bg
win32.vb.epp
win32.renos.cqi
win32.homles.bs
win32.inject.mf
win32.small.buy
win32.agent.plz
wma.wimad.n

and it's only 9% into the scan. Please help Internet explorer won't launch either so I can't do f secure scan

Edited to add link to other topic for additional information. ~ OB

http://www.bleepingcomputer.com/forums/t/150879/lost-most-servicescannot-manually-start/

Edited by Orange Blossom, 06 June 2008 - 08:04 PM.


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:59 AM

Posted 07 June 2008 - 07:31 PM

Do you have another computer and a usb drive we could use to fight this set of infections?
Chewy

No. Try not. Do... or do not. There is no try.

#3 Mossat

Mossat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 08 June 2008 - 12:35 AM

Yes i have access at work...so this may take some time between work and home and back and forth but we can proceed. The only other option is to do a HP recovery which sets the computer back to the way i bought it. But I'll lose everything and updating xp is a pain because we go back to 5 years ago and it needs to update from that time.

Edited by Mossat, 08 June 2008 - 12:37 AM.


#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:59 AM

Posted 08 June 2008 - 12:43 AM

http://www.bleepingcomputer.com/forums/ind...mp;#entry839950

try this first online if it will let you, at some point the infection may require you stay offline and fight it

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

this might be necessary later
Chewy

No. Try not. Do... or do not. There is no try.

#5 Mossat

Mossat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 08 June 2008 - 08:51 PM

Thanks Chewy....first I no longer have internet access at home but it did before. i'm on a wireless adapter "borrowing" from my neighbor. The link light is continously flashing and the cpu is at 100%. I downloaded malwarebytes but i keep getting somekind of error of some dll file. I can't remember exactly. I re-installed it again same thing. Adaware had same problem. So i guess I'm going to have to use fix#2. I'll try it tomorrow and let you know. By the way i know the exact date I got infected which was june 2 through limewire so i was looking in my system 32 folder and found a couple of exe file that were created that day. All giberish names.

#6 Mossat

Mossat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 14 June 2008 - 06:46 AM

Ok all the above was not working so I assumed there must be something corrupt. I did a system restore. Looks like all malware is gone except for this...portsv.exe. I looked it up and it is malware and it's new. I deleted it. And it hasn't come back. I ran these...malwarebytes, Combofix and Hjt. Do I copy and paste logs here or attach??

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:59 AM

Posted 14 June 2008 - 07:55 AM

MBAM logs can go here

you are supposed to use HJT after giving a try at cleanup here and then if selfhelp tools don't work you post in the HJT forum

Read the top of the page regarding combofix

regarding old computers and outdated recovery disks, you would be obligated to ask the manufacturer first, but I have been using a generic set of disks which I have updated with the latest service pack

In a few extreme case I have just wiped the hard drives and reinstalled windows, you get no extra software, in most cases it was all bad anyway

I use the numbers that came with the computer, I wasn't sure it would work when I first tried it, it seems to be a common enough practise now that XP is so old.

Edited by DaChew, 14 June 2008 - 08:29 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users