Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Pleaseee


  • Please log in to reply
4 replies to this topic

#1 GEGABYTE

GEGABYTE

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 02 August 2008 - 03:21 PM

A few days ago, I think I possibly got infected by downloading Counter-Strike. Now, I am unable to start windows correctly. I also have antivirus xp 2008 and I have heard that it was possibly a virus. I ran Malware antivirus scan and also ran Ad-Aware, scanned, and deleted all the viruses. It prompted me to restart my computer and when I restarted it, when it loaded the bottom toolbar and when the time/mini-clock loaded, it stopped/froze. It wouldn't load anymore. I can only start windows correctly in safe mode. what should i do?

i also cannot access the internet using the computer.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 02 August 2008 - 10:08 PM

Do you have Safe mode with Networking?

If so download the free version of SuperAntiSpyware Install update and scan from safe mode.
Also download and scan with Malwarebytes Anti-Malware
Post back the scan logs if you can.

EDIT:
If you cannot download off your PC you will need to access another PC. Then down load those appplications to a CD,flash drive or another portable device. Then install them to the infected PC.

Edited by boopme, 02 August 2008 - 10:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 GEGABYTE

GEGABYTE
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 03 August 2008 - 12:00 AM

ive already done a scan with the malware anti bytes, and will try to download the superantispyware.
malware anti bytes restarted my computer so it could not start up correctly without safe mode.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 03 August 2008 - 09:33 AM

OK let's see where it goes. SUPER runs better from safe so that is a good thing.
try to post back the scan logs from both.

SUPER:
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

MBAM:
Open the program, click the Logs tab.
Right click on the newest log, click the OK button.
Select the Edit tab on the browser page and click Select All.
Right click in the blue field,select copy.
In your new reply ,right click and select Paste.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 GEGABYTE

GEGABYTE
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 03 August 2008 - 04:58 PM

Okay I'll give you my log for Malwarebytes and I'll scan with super later.

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

11:22:55 AM 8/2/2008
mbam-log-8-2-2008 (11-22-55).txt

Scan type: Quick Scan
Objects scanned: 46858
Time elapsed: 27 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 30
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcpp7j0etfe (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcpp7j0etfe (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Skra (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\simon chan\Application Data\rhcpp7j0etfe\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\rhcpp7j0etfe\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Rick Chan\Local Settings\Temporary Internet Files\Content.IE5\1IQOUCMO\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Skra\Skra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\rhcpp7j0etfe.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\rhcpp7j0etfe.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcpp7j0etfe\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xd.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1001186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphctp7j0etfe.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phctp7j0etfe.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphctp7j0etfe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick Chan\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\!update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


when i tried installing super, it said "the system administrator set up policies to prevent this installation."

so i dont know.

Edited by GEGABYTE, 03 August 2008 - 05:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users