Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Have A Nasty Virus Or Trojan Horse On My Pc


  • Please log in to reply
9 replies to this topic

#1 CHE13

CHE13

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 13 September 2008 - 08:19 PM

Hi, yesterday I made a mistake and attempted to run a free system scan from a website. During the installation the software said I needed to install Microsoft .Net framework 3.5 so I gave permission. I noticed the program was taking a very long time to install and did not give me the option to cancel or end the installation so I powered off my PC by pressing the power button and restarted it again.

When the pc restarted I noticed my AVG 8.0 icon was no longer in the toolbar. I clicked on the desktop icon and received the following message:

This application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem.

So I uninstalled AVG and tried to reinstall it again but I am unable to install it. Just when it looks like installation is about to finish the AVG software rolls back the installation and I get the following message:

AVG

Local machine Installation failed

Installation:
Error: Action failed for file avgwdsvc.exe
Starting Service
Error 0x800736b1

I went on the AVG website and downloaded their VCleaner software as well as some of the other antivirus software they have and tried to use them in safe mode but the scans end abruptly without telling me anything.

I also attempted to install the Microsoft .Net Framework 3.5 from Microosft's website. The installation also fails.

I then tried install Norton 360 trial, Trojan remover trial etc. they all have the same problem. I can't finish installing them on my pc.

I ran Trend Micro Housecall free scan it found some spyware I deleted that after a message popped up saying:

Since infections have been detected on your machine, we recommend that you perform a full scan again

But when I do the scan finds nothing.:thumbsup:

I tried to run the free AV and security scan on Norton's website when I ran the security scan I received the following message:


The following checks did not run due to an error on the server. Hacker exposure check. Windows vulnerability check. Trojan Horse check.

Malwarebytes anti malware does not find anything either.

I am pretty sure this is some kind of virus or trojan horse since it disabled my AVG and does not allow me to reinstall any antivirus software.

I use Comodo Firewall Pro, I had a paid subcription to AVG 8.0 and checked for updates multiple times each day, I made sure to download all the latest Windows XP SP2 updates. I thought I was protected.

Please help me.

Thanks in advance.

Edited by CHE13, 13 September 2008 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 AM

Posted 14 September 2008 - 07:08 AM

Hi, yesterday I made a mistake and attempted to run a free system scan from a website. During the installation the software said I needed to install Microsoft .Net framework 3.5 so I gave permission.


Without posting an actual link to a suspect maliscous website could you tell us what the name of it was?

http://forums.techguy.org/general-security...vg-8-0-won.html

reading thru this thread it would seem avg doesn't need any malware to have your problem with it
Chewy

No. Try not. Do... or do not. There is no try.

#3 CHE13

CHE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 15 September 2008 - 10:04 AM

I was looking to speed up my pc a bit by removing unnecessary startup programs. I clicked on my task manager and googled each process. I found a site called process library when I ran a search there was a link to a site that offered a free performance scan to help speed up my pc.

Thanks for the reply and the link. I downloaded the AVG removal software soneone in that thread recommended but like the other software I downloaded off the AVG site the process ends abruptly and nothing changes.

Yesterday I noticed my Adobe Acrobat software is no longer working. I cannot open files in PDF format when I try to use Adobe I get the same error message I got when I clicked on my AVG desktop icon.

This application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem.

I checked the Windows event viewer when I clicked on Applications and System I noticed a bunch of Warnings and Errors reported.:thumbsup:

Edited by CHE13, 15 September 2008 - 10:07 AM.


#4 CHE13

CHE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 15 September 2008 - 10:12 AM

One other thing I noticed is when I run an antivirus scan with Comodo Firewall Pro the scan ends very quickly. Four minutes to ten minutes long. Before the Comodo antivirus scan would take twenty five to thirty minutes to scan my pc.

The same prolem with Hijack This. When I click scan my pc the scan ends very quickly I remember it taking a bit longer to scan my pc.

Edited by CHE13, 15 September 2008 - 10:13 AM.


#5 dhants20

dhants20

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 15 September 2008 - 10:15 AM

upgrade your RAM if you want to speed up your computer.

#6 CHE13

CHE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 15 September 2008 - 10:19 AM

I did just that. I maxed out my PC's memory 4 GB DDR PC3200 dual channel from 512 MB last week but I noticed my PC was still not as fast as I thought it would be. That is why I was looking to remove unnecessary startup programs.

Edited by CHE13, 15 September 2008 - 10:20 AM.


#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 AM

Posted 16 September 2008 - 07:47 AM

Let's try a couple of things to see what might be going on

1.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.



2. Install, update and run a quick scan with MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry944365

we'll test for malware and see how quick your computer is
Chewy

No. Try not. Do... or do not. There is no try.

#8 CHE13

CHE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 September 2008 - 12:23 PM

Thank you very much. I downloaded the Smitfraudfix software and this is the result of the scan. I edited the name in the C: \Documents and Settings\ to show my initials not my name


SmitFraudFix v2.352

Scan done at 13:10:29.25, Tue 09/16/2008
Run from C:\Documents and Settings\C H\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\C H


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\C H\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\guard32.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#9 CHE13

CHE13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 September 2008 - 12:24 PM

This is the result of the Malwarebytes Anti-Malware quick scan

Malwarebytes' Anti-Malware 1.28
Database version: 1161
Windows 5.1.2600 Service Pack 2

9/16/2008 1:21:48 PM
mbam-log-2008-09-16 (13-21-48).txt

Scan type: Quick Scan
Objects scanned: 63883
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 AM

Posted 16 September 2008 - 12:57 PM

I saw another poster who couldn't get a process list with smithfraudfix, I suspected some conflict with installed security software

he had a version of zonalarm with similar enhanced features like comodo

Host Intrusion Prevention System stops malware from being installed


I hope this is not a trend where security software becomes the problem instead of the cure
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users