Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have some random virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 errr

errr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 19 November 2008 - 06:46 AM

Hey,

The comp has been having some probs, finally got start menu, task manager and msconfig back after lots and lots of scans etc.. Anyway I'm still unable to turn off System restore via the tab, says theres an error and try after I reboot, doesn't work in safe mode either or via msconfig. Be awesome if someone could help :D

Attached Files



BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:23 PM

Posted 01 December 2008 - 11:02 PM

Hello, errr

Boot mode: Safe mode

Please run the following instructions in Normal Mode, rather than Safe Mode.

:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 errr

errr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 02 December 2008 - 06:08 AM

Hey Bill, did as you said. Thanks for the help :thumbsup:

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:23 PM

Posted 02 December 2008 - 07:30 PM

Hello, errr

I don't see any malware in those logs. Can you describe your symptoms in detail?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 errr

errr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 02 December 2008 - 08:45 PM

Hey Bill, I'm unable to remove older versions of java since Windows installer doesn't seem to be working, says it can't be accessed at this time, and might because the system is running in safe mode etc.. etc...

Tried still running the scanner except that nothing comes up after i check the box and press start. I was using IE 6, so I tried dling 7 but then installation couldn't be finalised because apparently the Cryptographic service wasn't running. Went into Services and double clicked on it and an error came up saying it had been marked for deletion... I figured perhaps it was due to Active X being disabled, so then I enabled in via internet options, but still nothing comes up.

Symptoms I'm having: No sound,
can't copy and paste,
windows installer doesn't work,
can't turn off system restore,
slow boot up
when I minimise programs, they don't minimise onto the task bar

When I go into msconfig there's a few dodgy looking start up exes: RTHDCPL.exe KHALMNPR.exe ALCMTR.exe
Checking Task manager, there's multiple svchost.exes running.

Edited by errr, 02 December 2008 - 08:51 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:23 PM

Posted 02 December 2008 - 09:29 PM

Those problems sound like hard drive failure rather than a malware problem.

RTHDCPL.exe <-- From your sound card
KHALMNPR.exe <-- From your keyboard/mouse (It is a logitech item)
ALCMTR.exe <-- Not good, but installed by realtek. (Sound Card). See here:
http://www.systemlookup.com/Startup/596-ALCMTR_EXE.html

Checking Task manager, there's multiple svchost.exes running.


That is normal.

I would get the hardware gurus over in the internal hardware forum to look at this (start a new thread):
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

I've got some things that may fix it but I want them to see first. What I have will make the problem worse if hard disk is dieing.

Billy3

Edited by Billy O'Neal, 02 December 2008 - 09:29 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:23 PM

Posted 07 December 2008 - 01:12 PM

Since this issue has been verified as non-malware, this topic is closed.

If you still need help, please feel free to send me a PM.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users