Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Red Screen With Red Biohazard Symbol


  • Please log in to reply
24 replies to this topic

#1 rappwash

rappwash

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 17 June 2008 - 05:08 PM

When i power on my computer after windows loads my screen changes to red and there is a red biohazad symbol on screen i get three new desktop icons(antivirus 2008pro; privacy protector, error cleaner; spyware&malware protection. The follwing messages come up: Your computer may be at risk automated updates is turned off click this ballon to fix the problem and the second one is windows has detected a internet attack attempt somebody trying to infect your pc with spayware or harmful viruses run full system scan now to protect your pc from internet attackes hijacking attempts and spyware. Click now to download spyware remover for total protection. I x out this mesage and it and pops over and over again. Trying to sell me this programs. I look at some posts and they told me to go into safe mode and down load adv and superantispyware. Neither one will comeplete execution in safe mode and in normal mode everthing i select freezes. i was able to run spyware doctor only in safe mode it found a worm that dealt with yahoo messenger which i deleted but the same messages persist. I can not connect to internet on normal mode. I hope this was detailed enough. First time i used a forum. Not very computer savvy. And if i cannot connect in normal mode i do not have any idea how i will be able to post anything

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 PM

Posted 17 June 2008 - 06:45 PM

How to remove Windows Antivirus 2008 (Removal Guide)
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 June 2008 - 10:56 PM

I haved try the malwarebytes in the safe mode as suggested it found over 9,000 infected objects and when i select to remove them it runs for a while and then i get the message Run-time error'6': overflow

What should i do now

#4 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 11:54 AM

i had posted a previos message about red biohazard screen a person dirrected me to a person that had same problem. i went there and downloaded malwarebytes in safe mode and installed and ran the program it ran for about 1 hour and half and found over 9,000 infected files. i click to remove thses and after about 2 minutes an error popped up Run-time error'6': over flow

please need help to removr this virus have been trying to fix for over a week!!!

Mod Edit:Topic Error Using Malwarebytes Antimalware merged for continuity ~TMacK

Edited by TMacK, 21 June 2008 - 12:18 PM.


#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 PM

Posted 21 June 2008 - 12:20 PM

Would you download ATF cleaner and SAS, install it and update it and then run them from safe mode according to these directions

http://www.bleepingcomputer.com/forums/ind...mp;#entry634693
Chewy

No. Try not. Do... or do not. There is no try.

#6 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 12:47 PM

i downloaded the atf cleaner and it ran fine. the trouble with superantspware i can not download in in normal mode so i down loaded it in safe mode and when i run superantspyware it says it cannot be run in safe mode. i thanking for you good suggestions i was thinking of buying new computer i hope i can get this fixed

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 PM

Posted 21 June 2008 - 01:02 PM

You will need to be in normal mode when you install SAS and update it, reread the directions, they are complicated.

Removing a bad infection is hard and takes a lot of work, that's why most end up reloading their computers
Chewy

No. Try not. Do... or do not. There is no try.

#8 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 03:10 PM

Ok i was abke to install sas in normal mode and was able to runatf and sas in safe mode about 68 infections were found and i they were delted then when i rebooted in normal mode there is still a virus alert near the clock in military time and ad popo to buy antirvua 2008pro. after the reboot tried to ope n up sas it just sits there. But the red screen is gone and the biohazard screen is gone making some progress i think what should i do now?

#9 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 03:14 PM

check that i was able to open up sas to look at the log file so what do i do now?

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 PM

Posted 21 June 2008 - 03:27 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

see if MBAM will update and then run a scan in normal mode and post that log and the SAS one please
Chewy

No. Try not. Do... or do not. There is no try.

#11 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 06:42 PM

i have been running MBAM in normal mode is has been over two hours because the malware thats on my computer greatly slows it down. SHould i contiue to let it run it is up to over 1,000 infected objects and if is going to go to 9,000 like before it wwill be running for 12 hours!!!!!!!!!

#12 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 June 2008 - 06:48 PM

it has been in C:\Documents and Settings\All users\Application Data\QTSBandwidthChache for over an hour it is at 3,381 infections and counting

#13 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 22 June 2008 - 01:25 AM

i ran the MBAB in normal mode it took over 7 hours and found over 8,000 infected objects i selected to remove them half way through removal process i got the same error as before run-time error '6' overflow Here is a copy of the sas log file and the next message will be MBAB

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2008 at 03:56 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 01:04:21

Memory items scanned : 250
Memory threats detected : 2
Registry items scanned : 6235
Registry threats detected : 42
File items scanned : 120930
File threats detected : 25

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\XXYXWVVO.DLL
C:\WINDOWS\SYSTEM32\XXYXWVVO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBD828BB-57CA-48CF-9F40-9C3C2BCE4BEB}
HKCR\CLSID\{FBD828BB-57CA-48CF-9F40-9C3C2BCE4BEB}
HKCR\CLSID\{FBD828BB-57CA-48CF-9F40-9C3C2BCE4BEB}\InprocServer32
HKCR\CLSID\{FBD828BB-57CA-48CF-9F40-9C3C2BCE4BEB}\InprocServer32#ThreadingModel

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBSLBRP.DLL
C:\WINDOWS\SYSTEM32\GEBSLBRP.DLL

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17F75949-1435-4CBE-950C-15E05B512FB1}
HKCR\CLSID\{17F75949-1435-4CBE-950C-15E05B512FB1}
HKCR\CLSID\{17F75949-1435-4CBE-950C-15E05B512FB1}\InprocServer32
HKCR\CLSID\{17F75949-1435-4CBE-950C-15E05B512FB1}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{17F75949-1435-4CBE-950C-15E05B512FB1}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxyxwvVO
C:\WINDOWS\SYSTEM32\MLJAPOEV.DLL
C:\WINDOWS\SYSTEM32\YAYYWMNE.DLL

Trojan.Net-MSV/VPS-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93B4431E-B732-4728-B784-6A3449AFE7DF}
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\InprocServer32
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\InprocServer32#ThreadingModel
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\ProgID
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\Programmable
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\TypeLib
HKCR\CLSID\{93B4431E-B732-4728-B784-6A3449AFE7DF}\VersionIndependentProgID
C:\WINDOWS\KVSDPFEAKGW.DLL

Trojan.Unclassified/GTS
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{4564780C-A9CF-47BF-A268-BB081BB8EE9A}
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\InprocServer32
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\InprocServer32#ThreadingModel
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\ProgID
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\Programmable
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\TypeLib
HKCR\CLSID\{4564780C-A9CF-47BF-A268-BB081BB8EE9A}\VersionIndependentProgID
HKCR\rtsplgob.1
HKCR\rtsplgob
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}\1.0
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}\1.0\0
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}\1.0\0\win32
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}\1.0\FLAGS
HKCR\TypeLib\{F1CA42BB-4E05-41A5-9899-3C08D4D6E2B4}\1.0\HELPDIR
C:\WINDOWS\RTSPLGOB.DLL

Adware.MyWebSearch
HKU\S-1-5-21-1172941282-3818927863-664168281-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-09-2007-18-48-48\10013.QIT\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-09-2007-18-48-48\10013.QIT\BAR\2.BIN\MWSOEMON.EXE

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1172941282-3818927863-664168281-1007\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ]

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Chad Rapp\Desktop\Error Cleaner.url
C:\Documents and Settings\Chad Rapp\Desktop\Privacy Protector.url
C:\Documents and Settings\Chad Rapp\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Chad Rapp\Favorites\Error Cleaner.url
C:\Documents and Settings\Chad Rapp\Favorites\Privacy Protector.url
C:\Documents and Settings\Chad Rapp\Favorites\Spyware&Malware Protection.url

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1172941282-3818927863-664168281-1007\Software\Microsoft\rdfa

Trojan.Unknown Origin
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\14-12-2006-20-25-07\10022.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\14-12-2006-20-25-07\10024.QIT

Adware.Vundo-Variant/J
C:\WINDOWS\RNOPBFGT.DLL

Adware.VideoAccessCodec/Gen
C:\WINDOWS\XKEFQTGS.DLL

#14 rappwash

rappwash
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 22 June 2008 - 01:31 AM

the MBAB filed is there but shortcut missing maybe that over flow has something to do with not being able to have a log?

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 PM

Posted 22 June 2008 - 05:32 AM

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Would you run Sdfix please, you might want to print out these directions, follow them exactly.

Edited by DaChew, 22 June 2008 - 05:33 AM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users