Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows:Virut, Trojan-gen, JunkyPoly, Small-dj(trj), Gamona, Agent, Klez


  • Please log in to reply
5 replies to this topic

#1 joe_49er

joe_49er

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 05 May 2009 - 10:54 AM

I have a virus problem recently. When the desktop is about to appear, it holds and only mouse cursor can be seen. Ctrl+Alt+del can be accessed but not helpful since no application is running. So i format C drive and setup a fresh copy of windows and works fine after i setup and then left it. But when i tried to use my computer again the same problem again. So i have to setup windows again. I scanned with avast and symantec and found these viruses - win32:Virut, Win32:Small-DJ(Trj), win32:Trojan-gen, Win32:JunkyPoly, Win32:Gamona, Win32:Agent-xwf, win32:klez-h, Win32:agent-roa, win32:nvy. It could not be repaired, so i have to quarantine/viruschest or delete. some could not be deleted, only virut could be cleaned. Again I run clrav and klwk from kaspersky and virus removal tool for win32.Klez.gen@mm from symantec but no virus was found by them. Symantec was fully updated and virut was shown clean, but it popups again and again saying it detect.

I have to setup windows again and again. its works for sometime but not for long, about 2/3 used only. After full setup windows classic logon screen was always enable after 2 or 3 times restart which i dont enable. i look the user account from control panel but Use the Welcome screen was enable which should have not display classic logon prompt. I used to log off the user and then welcome screen appear and then click the same user and works fine, sometime. Even in working condition some program could not run e.g. Klitecodec was installed and works for sometime then problem will occur later. I don used internet with this computer but USB drive maybe the source. And Data Execution Protection and Windows file Protection popup frequently.

Also i could not play Warcraft Dota. While playing the monitor goes black and displayed message No Signal Detected. I have check all the cables and it works fine. Like this never happen in other software/application/program. I have check the settings in the game control and resolution is fine. I have test the monitor with other comp and works fine too. Could it be the Display card onboard?

BC AdBot (Login to Remove)

 


#2 joe_49er

joe_49er
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 07 May 2009 - 09:49 AM

no reply yet, am waiting?

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 07 May 2009 - 05:35 PM

What do you mean by "I have to setup windows again and again"?

Are you reinstalling Windows?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 joe_49er

joe_49er
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 11 May 2009 - 06:25 AM

yes, reinstalling.

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 11 May 2009 - 03:48 PM

If you are formatting and reinstalling Windows then the virus is gone. You must be reinfecting yourself somehow.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:53 PM

Posted 11 May 2009 - 04:55 PM

While you're at that, there's a couple of things that may help determine why you're getting reinfected.

Are you transferring any of these file types:

.exe, .scr, .ini, .php, .asp, .html? Are there any zipped files that have those file types inside them?

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users