Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run any anti spyware


  • Please log in to reply
1 reply to this topic

#1 dll2002dll

dll2002dll

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 14 March 2009 - 11:54 AM

Hey Guys,

I think I am infected, I started getting browser redirects and google searches were going to stopzilla.com from my firefox browser. I tried running Ad-aware lavasoft and it didn't detect a lot, I then tried downloading and running spy bot search and destroy, I was able to install it but when I click on spy bot to run, nothing happens. I tried running scan using my Mcafee it detected some infected files which it delete, then I started getting svchost.exe error messages.

I then formatted my harddrive and installed a fresh copy of windows XP, thought it is over, but its not. I had multiple partitions (C: and D:), I formated C drive but not D, may be D drive is also infected which caused the virus to re appear.

When I click on any drives C or D it gives me weird messages access denied or sometimes "windows cannot find 'recycles\<whateversomething>.com'. make sure you typed the name correctly and then try again."

I started getting all sorts of weird problems, I downloaded spy bot again and tried running it, still nothing happnes, it installs fine but i am not able to run.

I tried download malware bytes anti-malware, tried renaming it and running it, it also wont run. I tried it running from safe mode, still no luck.


here is the log of my hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:08 AM, on 3/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\temp\HiJackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{96CC647B-911D-44FB-A20E-C1C8EF7E6693}: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.22,85.255.112.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 2970 bytes


Any help would be highly appreciated

BC AdBot (Login to Remove)

 


#2 dll2002dll

dll2002dll
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 14 March 2009 - 07:21 PM

Ok, since nobody responded, I will respond myself.......:thumbsup:

I was able to clean this thing up, I have a C drive (OS) D Drive (Data) and a E Drive (USB) 500Gig external drive.

I booted my computer with a BART PE CD and then I went to command prompt, I removed these files and folders from D drive and E drive:

- There was a hidden file autorun.inf and a hidden RECYCLE folder, changed the attributes for autorun.inf "attrib -r -h -s autorun.inf" delete the file. Delete all the hidden and systems folders rmdir /s/q RECYCLE, etc etc.

Reloaded the OS, I had a backup of my OS using DriveImageXML, which I loaded from within BART PE, rebooted the computer and installed antispyware and updated my anti virus..........

All good now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users