Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Undetected Infection?

  • Please log in to reply
1 reply to this topic

#1 darking


  • Members
  • 5 posts
  • Local time:07:04 PM

Posted 24 January 2009 - 03:16 PM

Hello all,

I have an XP Proffesional Desktop on Service Pack 3 and I recently got infected with a virus.
At the time I had Norton 360 installed. Which rose to my suspision because it was no longer showing up on the taskbar. I manually went to all programs menu and tried to start it up but nothing.

So i uninstalled it and downloaded AVG. Same deal. It told me Installation was succesful but nothing. No task bar, nor program response whn I opened it up.
Finnaly a friend gave me AVG Pro and that worked well. Installed, the program worked fine, I did an update and full system scan that day. Came back with a couple viruses, supposedly "Succesfully Removed", a few tracking cookies (no biggy).. And yheah it went good for a while but..

A few days later I went to start Internet Explorer. (version 7) It did not start. I tried reisntalling the program but nothing. AVG did a full scan but nothing was found. So i uninstalled it and download Mozilla. Now Firefox worked great. For a day. Next startup SAME deal. It did not startup and I am prompted that it Crashed. I tried to start it up in safe mode but it still wouldnt start. So (let me make this shorter) I uninstalled Firefox, tried IE8, same deal. No browser work.

I'm on the net just fine because i can ping and managed to connect to my server via ftp.
But whats strange is that i have a few programs that i dont know of running in task manager processes. For example svchost.exe seems to appear more than often. Also avgemc.exe(multiple), avgscanx.exe, TMBMSRV.exe and jqs.exe.

I accessed cmd and did Netstat and i found some foreign addresse's connected. AND every now and then AVG pops up with a warning of some virus name even though i did a full scan like 5 mins ago.

I have tried alot and no longer know what to do.

Please Help,
Thanks in advance,


P.S. "Undetected Infection" i guess would'nt be correct.. seeing as how AVG seems to somewhat detect it... [Screenshot]

Edited by darking, 24 January 2009 - 03:41 PM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:04 PM

Posted 24 January 2009 - 08:30 PM

Multiple svchost.exe can be normal. avgemc.exe and avgscanx.exe are for AVG. TMBMSRV.exe is Norton and jqs.exe. is JAVA which could possibly be corrupt or infected
How did you remove Norton? You should use the Norton Removal tool to get everything:
To update Java:
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

After doing that. try running mbam

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

Edited by garmanma, 24 January 2009 - 08:31 PM.

Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users