Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This must be a virus


  • Please log in to reply
11 replies to this topic

#1 shurik

shurik

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 24 November 2008 - 07:16 PM

hallo you all,

so, today my computer started to act strangely, at first NOD32 said "unable to load file system monitor", so this basicly means its not working. Then I tried to scan with Adaware - cant update, some file is corrupted, tried to reinstall, also cant do, during installation also some file is corrupted. the same with Spybot, AVG etc - you just cant install them - file corrupted or invalid..
tried also several online scanners, Trendmicro, Panda, Bit Defender, Eset, none of these work because at some point there is some error. also, there was one blue screen allready and that windows has gone through serious error, this is not good I can tell, so is there any ideas what to do now :thumbsup:

thanks in advance

Edited by shurik, 24 November 2008 - 07:18 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 AM

Posted 24 November 2008 - 09:16 PM

Next time you get a blue screen copy down the error message (including all the numbers) and post it back here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 shurik

shurik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 November 2008 - 03:05 AM

ok, will do next time, if there will be a next time with this computer :thumbsup: I did a scan with Malwarebytes which you recomend here alot, it didnt find anything, any ideas ?

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 PM

Posted 25 November 2008 - 07:00 AM

You might not have any active malware if there are no other signs or history of infection

There's a good chance you have corruption in windows, let's take a closer look at what's running


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Your time may get changed to military time

My apologies
Chewy

No. Try not. Do... or do not. There is no try.

#5 shurik

shurik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 November 2008 - 09:56 AM

thanks DaChew, nice little programs you have here :thumbsup:

here's the log:

SmitFraudFix v2.378

Scan done at 16:35:16,82, T 25.11.2008
Run from C:\Documents and Settings\x\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\x\My Documents\Downloads\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\x\My Documents\Downloads\xampplite\apache\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\x\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 mpa.one.microsoft.com

C:\


C:\WINDOWS

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 PM

Posted 25 November 2008 - 10:09 AM

Well you don't have that much running? I would try to uninstall and/or disable the web server applets first to isolate the problem.
Chewy

No. Try not. Do... or do not. There is no try.

#7 shurik

shurik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 November 2008 - 10:39 AM

xampp turned off

SmitFraudFix v2.378

Scan done at 17:43:23,18, T 25.11.2008
Run from C:\Documents and Settings\x\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\x\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\x\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 mpa.one.microsoft.com

C:\


C:\WINDOWS

Edited by shurik, 25 November 2008 - 10:44 AM.


#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 PM

Posted 25 November 2008 - 10:47 AM

C:\Documents and Settings\x\My Documents\Downloads\xampplite\apache\bin\apache.exe


that's usually a sign of a problem or bad programming when an applet won't behave

that part might load at bootup

reboot, no need for a log, task manager should show if it shut off
Chewy

No. Try not. Do... or do not. There is no try.

#9 shurik

shurik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 November 2008 - 11:31 AM

yes, its loading at bootup...

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 PM

Posted 25 November 2008 - 03:49 PM

http://www.bleepingcomputer.com/startups/

http://www.bleepingcomputer.com/startups/M...nager-2675.html

I see a lot of problems with computers trying to run this

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe


here's an example of the bare core xp services, anything else is suspect
Chewy

No. Try not. Do... or do not. There is no try.

#11 shurik

shurik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 November 2008 - 05:21 AM

I did Eset online scan yesterday - finally I could install necessary program for that but still found nothing suspicious...

interesting, still cant install any of the antivirus / malware programs, firefox crashes all the time

not many ideas I have, could it be some hardware conflict ? would format c help ?

DaChew, you say everything whats not in your list is suspicious, should I just stop the other ones ?

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:39 PM

Posted 26 November 2008 - 07:27 AM

laptops and fancy keyboards have extra drivers that run as processes, some can conflict but usually are safe and well tested

Old malware infections and a bad mix of security programs can cause a lot of damage

Unfortunately there are no jedi masters with this kind of problem, sometimes running windows as a repair disk might help, often you have to reload

There just aren't enough clues for me to make an educated guess
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users