Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop will start up but i cant hit any icons or start button but mouse works and safe mode works


  • This topic is locked This topic is locked
6 replies to this topic

#1 danyuls

danyuls

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 06 March 2009 - 02:15 PM

laptop will start up but i cant hit any icons or start button but mouse works and safe mode works

also installed spybot and it wont start... and when i could still go to webpages it didnt let me go to spybot webpage.

im guessing this is the place for help? thank you in advance for any advice...

im not sure if it matters but i can only do the hjt from safemode


DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Administrator at 17:56:42.17 on Thu 03/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============


============== Pseudo HJT Report ===============

BHO: c:\windows\system32\hsfd83jfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hsfd83jfdg.dll
BHO: {fbd90755-ac58-4c67-9835-32aa912e83fa} - c:\windows\system32\fuvatozi.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [SemanticInsight] c:\program files\rxtoolbar\semantic insight\SemanticInsight.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [Lwowaliy] rundll32.exe "c:\windows\Vteluni.dll",e
mRun: [jsf8uiw3jnjgffght] c:\docume~1\susanl~1\locals~1\temp\winlognn.exe
mRun: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
mRun: [Bdamatepinukon] rundll32.exe "c:\windows\aveqodih.dll",e
mRun: [Explorer] c:\windows\system32\msrstart.exe
mRun: [DeskTopSrv] c:\windows\system32\grcrt.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lidazedivu] Rundll32.exe "c:\windows\system32\gavedewu.dll",s
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [hgcheck] c:\windows\system32\hgcheck.exe
mRun: [982203f9] rundll32.exe "c:\windows\system32\zufajudi.dll",b
mRun: [CPM9b113065] Rundll32.exe "c:\windows\system32\bodadabe.dll",a
mRunOnce: [svchost.exe] "c:\windows\system32\3361\svchost.exe"
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\svchost.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {cafeefac-0016-0000-0011-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E004CDC6-FCE8-4FF4-AA81-5EEBC83F54FB} = 68.28.58.92 68.28.50.91
Notify: crypt - crypts.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: snovly.dll c:\windows\system32\junobuvo.dll c:\windows\system32\jezemimu.dll vuevbo.dll c:\windows\system32\bodadabe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodadabe.dll
STS: c:\windows\system32\hsfd83jfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hsfd83jfdg.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\bodadabe.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnmmNhF
LSA: Notification Packages = scecli c:\windows\system32\junobuvo.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {23C6DCB7-4765-433B-8271-C538EC790373} - c:\documents and settings\dan\local settings\application data\{23C6DCB7-4765-433B-8271-C538EC790373}

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-03-03 17:30 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 17:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-02 22:43 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-02 22:43 1,409 a------- c:\windows\QTFont.for
2009-03-02 22:37 47 a------- C:\xcclstecj.bat
2009-03-02 22:17 143,047 a--sh--- c:\windows\system32\vuevbo.dll
2009-03-02 22:16 1,547,009 ---sh--- c:\windows\system32\idujafuz.ini
2009-03-02 20:52 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-03-02 20:45 50 a------- c:\windows\system32\work.ini
2009-03-02 20:44 313,654 a------- c:\windows\system32\hguest.exe
2009-03-02 20:44 107,756 a------- c:\windows\system32\hgcheck.exe
2009-03-02 20:44 228 a------- c:\windows\system32\hgset.ini
2009-03-02 20:43 90,112 a------- c:\windows\system32\200934330.dll
2009-03-02 20:43 48,640 a------- c:\windows\system32\sopidkc.exe
2009-03-02 20:43 388,608 a------- c:\windows\system32\tmpxccacj0.exe
2009-02-25 10:36 77,824 a------- c:\windows\system32\u102589036.dll
2009-02-25 10:35 32,768 a------- c:\windows\system32\umtcdtw.sys
2009-02-19 12:06 143,986 a--sh--- c:\windows\system32\qzncau.dll
2009-02-19 12:06 1,533,175 ---sh--- c:\windows\system32\ubakiwod.ini
2009-02-18 13:10 376,320 a------- c:\windows\system32\w.exe
2009-02-18 12:10 40,960 a------- c:\windows\system32\grcrt.dll
2009-02-18 12:10 80,384 a------- c:\windows\system32\grcrt.exe
2009-02-18 12:10 26,624 a------- c:\windows\system32\grcrt2.exe
2009-02-13 11:18 131,584 a------- c:\windows\aveqodih.dll
2009-02-13 11:10 <DIR> --dsh--- c:\windows\$ntunistalls
2009-02-13 11:08 <DIR> --d----- c:\windows\system32\3361
2009-02-13 11:08 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-02-13 11:07 106,496 a------- c:\windows\system32\fejokt.dll
2009-02-13 11:07 19,214 a------- c:\windows\system32\sf.ico
2009-02-13 11:07 13,942 a------- c:\windows\system32\m3.ico
2009-02-13 11:07 13,942 a------- c:\windows\system32\c.ico
2009-02-13 11:07 11,062 a------- c:\windows\system32\p.ico
2009-02-13 11:07 7,662 a------- c:\windows\system32\m.ico
2009-02-13 11:07 4,286 a------- c:\windows\system32\s.ico
2009-02-13 11:07 3,182 a------- c:\windows\ios.dat
2009-02-13 11:07 90,119 a------- C:\xyephkl.exe
2009-02-13 11:07 32,256 a------- c:\windows\system32\crypts.dll
2009-02-13 11:06 195 a------- c:\windows\system32\xcchit32.ini
2009-02-13 11:06 82,432 a------- C:\dykhyp.exe
2009-02-13 11:06 99,696 a------- c:\windows\system32\drivers\26876ed0.sys
2009-02-13 11:06 2 a------- C:\-1742601386
2009-02-13 11:06 251,392 a------- c:\windows\xccdf32_090131a.dll
2009-02-13 11:06 36,352 a------- c:\windows\xccdf16_090131a.dll
2009-02-13 11:06 155,156 a------- c:\windows\system\xccef090131.exe
2009-02-13 11:06 681 a------- c:\windows\xccwinsys.ini
2009-02-13 11:06 <DIR> --d----- c:\windows\system32\inf
2009-02-13 11:05 15,000 a------- c:\windows\system32\hsfd83jfdg.dll
2009-02-13 11:05 40,448 a------- c:\windows\Vteluni.dll
2009-02-13 11:05 40,448 a------- C:\cwxwwgtl.exe
2009-02-13 11:05 83,968 a------- c:\windows\system32\vjtwroaa.dll
2009-02-11 14:57 125,440 a------- c:\windows\system32\snovly.dll
2009-02-11 14:57 125,440 a------- c:\windows\system32\qmtdjdqp.dll
2009-02-11 14:54 1,537,172 ---sh--- c:\windows\system32\qqnoayek.ini
2009-02-09 15:16 1,575,748 ---sh--- c:\windows\system32\xweibcbp.ini
2009-02-09 15:16 86,016 a------- c:\windows\system32\pbcbiewx.dll
2009-02-09 15:13 128,000 a------- c:\windows\system32\bcxuhu.dll
2009-02-09 15:13 128,000 a------- c:\windows\system32\ldjmwqca.dll
2009-02-08 11:15 1,569,641 ---sh--- c:\windows\system32\vsibepnx.ini
2009-02-08 11:12 126,976 a------- c:\windows\system32\qrrtrk.dll
2009-02-08 11:12 126,976 a------- c:\windows\system32\arkfigtb.dll
2009-02-07 09:31 126,976 a------- c:\windows\system32\bvkfsx.dll
2009-02-07 09:31 126,976 a------- c:\windows\system32\ovcsayac.dll
2009-02-07 09:28 1,572,739 a--sh--- c:\windows\system32\ixgpkpjl.ini
2009-02-07 09:28 84,992 a------- c:\windows\system32\ljpkpgxi.dll
2009-02-05 17:40 1,558,506 a--sh--- c:\windows\system32\hmgxowut.ini
2009-02-05 17:40 128,512 a------- c:\windows\system32\cvvfsw.dll
2009-02-05 17:40 128,512 a------- c:\windows\system32\ajmsrden.dll

==================== Find3M ====================

2009-03-03 21:36 234 a------- C:\sccfg.sys
2009-03-02 22:17 143,047 a--sh--- c:\windows\system32\tedegeru.dll
2009-03-02 22:16 109,810 a--sh--- c:\windows\system32\jezemimu.dll
2009-03-02 22:16 95,319 a--sh--- c:\windows\system32\zufajudi.dll
2009-02-19 12:06 143,986 a--sh--- c:\windows\system32\vuzagama.dll
2009-02-19 12:06 110,303 a--sh--- c:\windows\system32\bodadabe.dll
2009-02-19 12:06 95,334 -------- c:\windows\system32\dowikabu.dll
2009-02-13 11:02 31,663 a--sh--- c:\windows\system32\FhNmmnmp.ini2
2009-01-28 17:26 406,490 a--sh--- c:\windows\system32\uFOYxGgh.ini2
2009-01-28 15:52 84,992 a------- c:\windows\system32\puvyrjlp.dll
2009-01-28 15:52 124,928 a------- c:\windows\system32\hgwryj.dll
2009-01-28 15:52 124,928 a------- c:\windows\system32\enjjnamc.dll
2009-01-28 15:32 124,928 a------- c:\windows\system32\tjorhd.dll
2009-01-28 15:32 124,928 a------- c:\windows\system32\quiwqdoa.dll
2009-01-28 15:31 25,088 a------- c:\windows\system32\drivers\vzcnjeia.sys
2009-01-26 22:06 25,088 a------- c:\windows\system32\drivers\xwdfxqjg.sys
2009-01-26 18:29 124,416 a------- c:\windows\system32\xbvxmdqj.dll
2009-01-26 18:29 124,416 a------- c:\windows\system32\ithbdh.dll
2009-01-26 18:27 89,088 a------- c:\windows\system32\sgaxnxcv.dll
2009-01-26 18:26 302,080 a------- c:\windows\system32\pmnmmNhF.dll.vir
2009-01-26 18:26 25,088 a------- c:\windows\system32\drivers\alcvbufs.sys
2009-01-26 17:37 25,088 a------- c:\windows\system32\drivers\phqghume.sys
2009-01-26 17:36 25,088 a------- c:\windows\system32\drivers\ypffofzd.sys
2009-01-26 11:53 124,416 a------- c:\windows\system32\shnczp.dll
2009-01-26 11:53 124,416 a------- c:\windows\system32\drgcyweg.dll
2009-01-26 10:34 25,088 a------- c:\windows\system32\drivers\djlrwwyw.sys
2009-01-23 22:19 25,088 a------- c:\windows\system32\drivers\hykykoyf.sys
2009-01-23 17:45 90,112 a------- c:\windows\DUMP9555.tmp
2009-01-23 17:45 34,816 a------- c:\windows\system32\senekapepxmybx.dll
2009-01-23 15:07 5,684 a------- c:\windows\system32\senekaiqjpyapm.dat
2009-01-23 13:24 0 a------- c:\windows\system32\drivers\seneka.sys
2009-01-23 13:23 48,640 a------- c:\windows\system32\fcccbxxX.dll
2009-01-23 13:22 123,392 a------- c:\windows\system32\xkhatk.dll
2009-01-23 13:22 123,392 a------- c:\windows\system32\hghkvvlq.dll
2009-01-23 13:20 25,088 a------- c:\windows\system32\drivers\zjqvzyuv.sys
2009-01-23 13:20 304,640 a------- c:\windows\system32\hgGxYOFu.dll
2009-01-23 13:14 14,848 a------- c:\windows\system32\senekauhwhvdyl.dll
2009-01-23 13:14 48,128 a------- c:\windows\system32\hgGvsqoP.dll
2009-01-23 13:14 52,224 a------- c:\windows\system32\drivers\senekatfuwpdqb.sys
2009-01-23 13:14 49,664 a------- c:\windows\system32\wvUmkhgD.dll
2009-01-23 13:14 60,054 a------- c:\windows\system32\prunnet.exe
2009-01-15 17:34 410,984 a------- c:\windows\system32\deploytk.dll
2003-07-28 06:16 36,864 a------- c:\windows\inf\i386\Vizmicro.dll
2003-07-28 06:16 172,032 a------- c:\windows\inf\i386\viceo.dll
2003-07-28 06:01 36,207 ac------ c:\windows\inf\i386\9320FW.bin
2003-07-28 06:01 274,432 a------- c:\windows\inf\i386\9320LLD.dll
2003-07-28 06:01 155,648 a------- c:\windows\inf\i386\rtscan.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\Usbscan.sys
0000-00-00 00:00 72,743 a--sh--- c:\windows\system32\fuvatozi.dll
0000-00-00 00:00 72,743 a--sh--- c:\windows\system32\gavedewu.dll
0000-00-00 00:00 72,743 a--sh--- c:\windows\system32\junobuvo.dll

============= FINISH: 18:10:38.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:01 AM

Posted 06 March 2009 - 03:28 PM

Hello, danyuls

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


I need some time to look over your log, I will post back soon.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 danyuls

danyuls
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 06 March 2009 - 03:47 PM

hello jat

i still need help so when ever youre ready... im ready

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:01 AM

Posted 07 March 2009 - 06:57 AM

:thumbup2: VIRUT :)

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Edited by Jat90, 07 March 2009 - 06:58 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 danyuls

danyuls
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 09 March 2009 - 01:54 PM

ok so youre saying dont even try anything?

just format and reinstall...

thanks

#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:01 AM

Posted 09 March 2009 - 02:06 PM

Yes, sorry.

You have the Virut file infector virus. As explained above it infects legitimate files which can not be disinfected and even though we can try and combat it, we will never actually clean your pc of it.

It's much better to reinstall and start fresh. Make sure you save any important information before you do.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:01 AM

Posted 09 March 2009 - 05:03 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbup2:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users