Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Help


  • Please log in to reply
47 replies to this topic

#1 eyeam

eyeam

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 July 2009 - 06:55 PM

Hello

I have some kind of virus that will not allow Avira to do a scan, it shuts the computer off as soon as Avira starts to scan, I reinstalled it several times. It did mess up AVG also were AVG would find stuff but not remove it but after downloading Avast and removing Win32:DNSChanger-VJ and Win32:Rootkit-gen(rtk) AVG seems to scan alright now and does not come up with anything.


I have the same problems as above - I have some kind of virus that will not allow Avira to do a scan, it shuts the computer off as soon as Avira starts to scan. Also when I open any of my music programs, my computer shuts down. I also get black screen freeze when i boot my computer up, this happens two out of every three times i start it? I installed AVG which found some viruses, however it now wont let me scan my hard drives?

please help

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 22 July 2009 - 07:02 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 July 2009 - 05:51 AM

Thanks, ok - I installed malwarebytes.

Now i can't run a scan, every time i click the icon nothing happens, I've tried right click open, programs ..... nothing?

also. my screen saver keeps vanishing.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 PM

Posted 23 July 2009 - 08:12 AM

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not run, try renaming it first.
  • Open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on the mbam.exe file and rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on the mbam.exe file, rename it to myscan and change the .exe extension to .scr, .com, .pif, or .bat.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

If you still cannot run MBAM or complete a scan in normal mode, then try performing a Quick Scan in "safe mode".

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM but in some cases, there is no alternative but to do a safe mode scan. If that is the case, after completing a scan, it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 July 2009 - 12:39 PM

so far... not good? none of the above worked! I' am going to try reinstalling Malwarebytes

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 23 July 2009 - 12:49 PM

Hello let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 July 2009 - 01:59 PM

no luck .... I uninstalled Malwarebytes and then tried to reinstall it .... guess what! wouldn't let me reinstall. I clicked ... nothing.

this is a nightmare

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 23 July 2009 - 03:00 PM

OK one more try..Un and reinstall
NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 July 2009 - 04:43 PM

tried again - no luck. changed the name of the file, same result

also. after booting up my computer a phantom US radio station just started (I'm in the UK)

#10 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 July 2009 - 01:10 PM

Thanks guys, but the above just doesn't want to work

Avast descovered this virus: c:\windows\system32\uacpsivbvpvkr.dll But can't seem to remove it, anyway of deleting this myself?

also....is it worth trying "spybot search and destroy"? I don't have a lot of money at the moment, and don't really want to fork out if not.

am I going to have to wipe my system and start from zero? (I'm temped)

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:11 PM

Posted 24 July 2009 - 02:07 PM

This should allow you to reinstall MBAM and kill that rootkit

You can do it the simplier way or the more advanced way

Let's look for rootkits

http://rootrepeal.googlepages.com/

http://rootrepeal.googlepages.com/RootRepeal.zip

Just use the file tab at the bottom, scan and paste the report into a reply here please

Posted Image

the more advanced

http://www.malwarebytes.org/forums/index.php?showtopic=12709

Either way we need to see all the logs
Chewy

No. Try not. Do... or do not. There is no try.

#12 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 July 2009 - 03:08 PM

DaChew Thanks - I tried the above more than 20 times, these are the results:

firstly I very rarely (if ever) seem to be able to connect to the net, often my computer shuts down on me or I can't open a page.

I tried to run rootrepeal. these are some of the messages that appeared: "could not read the boot sector" "could not find module file on disc" then "initalising please wait" >>>>> this goes on forever and nothing happens or I'll run a scan, I can hear it running through my files and then my computer shuts down again > back to square one.

I searched my programs for files ending with sys, there are dozens (looks like 50 or more) however I could not delete any of them.

#13 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 July 2009 - 03:40 PM

-

Edited by eyeam, 26 July 2009 - 08:27 AM.


#14 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 July 2009 - 03:43 PM

-

Edited by eyeam, 25 July 2009 - 09:22 PM.


#15 eyeam

eyeam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 July 2009 - 03:45 PM

-

Edited by eyeam, 25 July 2009 - 09:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users