Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I Have Been Infected With A Virus Or Trojan


  • Please log in to reply
19 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 03:13 PM

Infected!!! I have restored my Windows Vista system at least 6 times. THe problem is that no services can be stopped or started. Everything is grayed out with passwords, that I did not create. Once restored I create a admin password then a standard password. Once thats done I am locked out of the admin account that I created. I have Norton Antivirus 2008, which is not catching this what ever this is. Once logged on at start up a black screen appears for about 2 seconds then flickers then a blue circle starts twirling around. I get a message thats says"Configuring Updates" but cant download updates. When I look back at the updates everyone has failed. Something is wrong here. Also, I downloaded Avira Antivirus software and it told me that I had 2 virus found (1) c:\HP\HPQWARE\BTBHOST\SETACL.exe (2) c:\HP\BIN\KILLIt.exe., couldnt remove, so then I decided to download spybot search and destroy didn't find anything but cookies. But told me that a launcher is starting up with system: %WINDIR\SMINST\launcher.exe tried to remove but to no avail. Cant restore system because there are not restore points avaible for me. I am doing everything in safe mode with networking. Not sure this is good but this is the only way, I can get to anything. Please someone help. I have hijack logs and a deckard scan log. I have tried everything but just dont know what to do. I have already downloaded combofix to my desktop in safemode but have not ran the program until I can get some professional help. I am getting a lot of views but no replies?! On this website. Why!

Edited by kymberly, 22 July 2008 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:11 PM

Posted 22 July 2008 - 05:45 PM

Hello is it possible for you to run a scan with malwarebytes?
Run from normal Mode and as Administrator

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 07:47 PM

I was able to download this program. Once download it told me that the program was corrupt. Then I tried to run a scan and it found nothing. Dont believe this. Something is shutting my computer down when it gets ready.
Malwarebytes' Anti-Malware 1.22
Database version: 972
Windows 6.0.6000

07:41:34 7/22/2008
mbam-log-7-22-2008 (07-41-34).txt

Scan type: Quick Scan
Objects scanned: 34726
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 July 2008 - 07:52 PM

Your computer shutting down may not be a malware problem.

In Windows XP, the default setting is for the computer to reboot automatically when a fatal error occurs. An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message (which is also known as the Blue Screen Of Death (BSOD)).

To change the recovery settings and Disable Automatic Rebooting, right-click on My Computer and select Properties > Advanced tab. Under "Startup and Recovery", click on the "Settings" button and go to "System failure". Make sure that "Write an event to the system log" is checked and that "Automatically restart" is unchecked. Click "OK" and reboot for the changes to take effect.

This will not cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with information displayed that will allow you to better trace your problem. Next time your computer crashes copy down the entire error message (including all the numbers) and post it back here.

Also, you could run a full system scan with SuperAntiSpyware in Safe Mode as a double check for malware.

How to start Windows in Safe Mode
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 08:00 PM

Malwarebytes' Anti-Malware 1.22
Database version: 972
Windows 6.0.6000

07:41:34 7/22/2008
mbam-log-7-22-2008 (07-41-34).txt

Scan type: Quick Scan
Objects scanned: 34726
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Corrupt file one finally got downloaded but it let me run this scan. Scan looks suspicious two me.

#6 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 08:12 PM

Its not just my computer shutting down its among other things. Read first post please. I have downloaded the superantispyware but wont let me update it. I running a complete scan anyway.

Its not just my computer shutting down its among other things. Read first post please. I have downloaded the superantispyware but wont let me update it. I running a complete scan anyway.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:11 PM

Posted 22 July 2008 - 08:23 PM

I merged the last topic you started with this one.
Starting 2 topics, about the same problem, is called double posting, and is not allowed on this board.
Please keep all of your replies in this one topic.
The members helping you, will be looking for your responses to their questions, in the topic they replied to.
Posting it elsewhere, will cause a delay in the help you receive, and neither one of us, wants that. smile.gif
When you start several topics, for the same problem, it becomes very confusing to follow, for all of those involved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 08:29 PM

ok, thanks

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 July 2008 - 08:29 PM

You could try running a scan with Dr.Web CureIt! in Safe Mode. This tool does not require updating. You can download it on another computer and transfer it to the problem one on a CD or pen drive if required.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 08:39 PM

ok, will try this in safe mode

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:11 PM

Posted 22 July 2008 - 08:55 PM

Can you update the Malware bytes??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 10:45 PM

Ran Dr. Cure It in safe mode and it found several things will post here. I could not cure it or delete anything. It was grayed out were I couldnt. Please inform me on what to do here.
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\Desktop;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\kkkkkkkkkkkkkkkkkkkk\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
ACSSETUP.EXE\data008;C:\Program Files\Online Services\Aolus\COMPS\ACS\ACSSETUP.EXE;Probably BACKDOOR.Trojan;;
ACSSETUP.EXE;C:\Program Files\Online Services\Aolus\COMPS\ACS;Archive contains infected objects;Moved.;

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 July 2008 - 10:52 PM

As boopme asked, can you now update Malwarebytes (in Normal Mode)?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 10:56 PM

should i try to boot in normal mode know. Has these items been deleted yet from my computer?

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 22 July 2008 - 11:01 PM

The log said those items have been moved, so they will be in a quarantine now.

Yes, reboot into normal mode and try to update Malwarebytes. If the update is successful, run a full system scan and post the log back here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users