Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Many Problems


  • Please log in to reply
7 replies to this topic

#1 StickDude101

StickDude101

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 February 2009 - 12:29 PM

Ok heres what happened, i downloaded a program. Then i scanned it with Avira antivir, and it picks up nothing. SO then i launch the file, and when its bout to install avira decides to pick it as a virus, i think it was called a patcher virus or something like that. So i click delete. But it doesn't delete the original file i downloaded, i guess it deleted something that was in the file. SO i delete the file manually, and then run Ccleaner. Also, my security alert pops up and says, Windows Firewall has been turned off. Now when i go to put it back on, i get "Start the Firewall/ICS service?. I click yes, but then it says "Can not be started", Sometimes i even get "Error 5 Access is Denied. SO then i do a full scan with avira, and it picks up nothing. here are some more problems:.

when i click my computer, and then click local disc C:. i get " Windows cannot find RECYCLER/2-15. (it has more but i dont feel like typing it ;) ). so i cant even access C drive, unless i goto command line (RUN), and type C:. Then im getting weird things saying that svchost has problems... WTF.... SO i download ZOne Alarm and install in and im getting alerts from the same IPs every time. one says that its going from my computer to another ip. and the other way is coming from another copmuter to my computer. i traced the ip and it gives me a website, that i cant remember right now.
Any help guys? OO, and i cant run system restore either, cuz it says some error message, thats not giving me access. i am also the admin of the computer. and my account is pw protected. Thanks!!

Thanks

~StickDude101

Edited by StickDude101, 26 February 2009 - 12:30 PM.


BC AdBot (Login to Remove)

 


#2 StickDude101

StickDude101
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 February 2009 - 12:42 PM

Anyone?

#3 StickDude101

StickDude101
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 February 2009 - 12:47 PM

This is what i downloaded:

MOD EDIT: Removed link to malicious file.

Yeah i know, not to download bad software, well if avira would have picked it up, i would not have......


Im sooooooooooooooooo uninstalling Avira now.

Edited by usasma, 26 February 2009 - 04:15 PM.


#4 StickDude101

StickDude101
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 February 2009 - 01:03 PM

Ok now i the option at the start menu that said "Connect TO". doesn't exist anymore, its gone. .............

Why isn't anyone helping?

#5 Eric RBA

Eric RBA

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:07:49 PM

Posted 26 February 2009 - 01:07 PM

I have two suggestions, but you'll need more help than this I'm sure.

1. Have some patience. You're not likely to get help in the 13 minutes that you waited.
2. Run "cmd" and enter this command: rd /s /q c:\recycler

That command will delete the Recycler folder, which as much as I can tell may be a suspect in your computer's crimes.

3. Wait for more help.

#6 StickDude101

StickDude101
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 February 2009 - 03:07 PM

Ok well i ran the malware anti bytes program. And it detected 6 thing. Im not sure if it deleted it but, heres the log.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/26/2009 2:55:45 PM
mbam-log-2009-02-26 (14-55-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 95170
Time elapsed: 1 hour(s), 1 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.93,85.255.112.14 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c8fc12a3-1c8a-4129-9517-175c1dc87475}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.93,85.255.112.14 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gaopdxhxybwwbv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxfqpxmphw.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxrowomyid.sys (Trojan.Agent) -> Quarantined and deleted successfully.

But yet when i goto the quartanied files, they're in there?. But it says its deleted it?

Thanks

StickDude101

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:49 PM

Posted 26 February 2009 - 04:24 PM

Did you reboot the computer?

Please update mbam and select FULL Scan
Run the scan, Remove selected and reboot
Post the log for review
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Eric RBA

Eric RBA

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:07:49 PM

Posted 26 February 2009 - 04:44 PM

StickDude,

Malwarebytes is quite effective at removal of infections, to a certain extent. You can go the Quarantine tab and manually delete any items, but the threat is minimal if items are quarantined. If you haven't already run the command I suggested for deleting the C:/Recycler folder, then you should do so now. It hosts "deleted" items that are cleaned out of your recycling bin, but acts as a hidden haven for potentially harmful items.

So you still have work to do. Open the Command Prompt and type this: rd /s /q c:\recycler

press enter, then close that and follow these steps...

1. Download Spybot S&D and run but don't restart yet.
http://www.download.com/Spybot-Search-amp-...4-10122137.html

2. Install AVG and run that, it will give a second opinion for Avira since that wasn't any help for you. Don't restart yet.
http://www.download.com/AVG-Anti-Virus-Fre...&tag=button

3. Install Spyware Blaster - it's legit and really helps for realtime protection. Don't restart yet.
http://www.download.com/SpywareBlaster/300...cdlPid=10852839

4. Run Malwarebytes one more time. After you're done scanning, disconnect your network connection and then restart. Don't plug your network connection in yet. When the computer reboots, run Malwarebytes again. Restart one more time, THEN reconnect your network cable.

After you accomplish all of this, paste a HJT log with a note of your original issue here:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Edited by Eric RBA, 26 February 2009 - 04:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users