Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A few viruses that I want to get rid of PERMANENTLY


  • Please log in to reply
11 replies to this topic

#1 Genix

Genix

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 02 February 2010 - 10:02 AM

Well people, these viruses are on the school computer and I want to get rid of it.
It's been almost 6 or 7 months now and the only person that is trying to clean the computer is me.
Help me out people, thx.
BTW: MBAM doesn't work and using IE is impossible now (I can use the calculator to surf the web though)
EDIT: Safemode doesn't work; when start up normally, the desktop will freeze and nothing but the pointer will move (I got around that from "Last known good configuration" when I pressed f8 rapidly).

Possible Virus/Worm in startup (msconfig)

NWTRAY
cuebud.exe
duecuf.exe
gaigaen.exe
golen.exe
lsass.exe (it could be capital case "i" or lower case "L")
lvqiox.exe (it could be capital case "i" or lower case "L")
lvrioy.exe (it could be capital case "i" or lower case "L")
lwrioy.exe (it could be capital case "i" or lower case "L")
udaterui.exe
msa.exe
mgqih.exe
nhsij.exe
qlviis.exe (it could be capital case "i" or lower case "L")
qttask.exe (it could be quick time)
smax4pnp.exe (don't know what that is)
jusched.exe
b.exe
zeebei.exe
zentray.exe

oh yeah, that's alot. there MAY be more, but i'm not risking it.

Edited by Genix, 02 February 2010 - 10:31 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 02 February 2010 - 02:49 PM

Hello the best way now with a few of those is by posting an HJT log.

You will need to run HJT/DDS.
Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Genix

Genix
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 03 February 2010 - 09:07 AM

BTW: I must fix the IE first because it says "Windows cannot access teh specified device, path, or file. You may not have teh appropriate permissions to access the item."
or I can't download anything

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 03 February 2010 - 11:57 AM

Please try this..
FixPolicies
Download FixPolicies.exe,by Bill Castner, MS-MVP to your Desktop.

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar. This will create a new folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close.
The active malware may revert these changes at your next startup. You can safely run the utility again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Genix

Genix
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 04 February 2010 - 09:05 AM

FixPolicies.exe failed

some virus is doing some serious annoying issue, because hijackthis failed to do its thing after i clicked the scan button (same thing happend to MBAM)
good news is that RootRepeal works

Edited by Genix, 04 February 2010 - 09:11 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 04 February 2010 - 11:52 AM

hmmmm.. plan B

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Genix

Genix
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 05 February 2010 - 09:10 AM

RSIT.exe failed
error message: "Windows cannot access teh specified device, path, or file. You may not have the appropriate permissions to access the item."
I think a virus is corrupting the anti-malware/anti-virus

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 08 February 2010 - 04:48 PM

Ok,then.....
How about this it should go...

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open and are at your Desktop.
  • Double click on the OTL Posted Image icon on your desktop.
  • Select 30 days from the File Age: drop down menu.
  • Click the "Scan All Users" checkbox.
  • Click the Posted Image button to start.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTL.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy the contents of OTL.txt to the clipboard by highlighting everthing and pressing Ctrl+C or after highlighting, right-click and choose Copy and then paste it into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
  • Also copy and paste the contents of Extras.Txt in your next reply as well. If the Extras.Txt log is too long, you may need to add a second reply to your thread.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Genix

Genix
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 09 February 2010 - 09:14 AM

OTL failed, same way DDS and RSIT.exe failed too.
and sorry for the late reply, it was the weekend.

Edited by Genix, 09 February 2010 - 09:14 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 09 February 2010 - 12:01 PM

OK, I found one more way.. Whatta workout LOL
If you cannot get DDS to work, please try this instead.

Please download runscanner.zip and save to your desktop.
  • Create a new folder on your hard drive called Runscanner (C:\Runscanner) and extract (unzip) the file there. (click here if you're not sure how to do this.)
  • Double-click Runscanner.exe to launch.
  • Select Beginner mode and click Ok.
  • Select Do a full scan and save a log file (default is Full Scan) to start.
  • Please be patient and do not use your computer during the scan.
  • When the scan is complete, a window will open asking you to save runscanner.run. Click Cancel.
  • Another window will open asking you to save runscanner.log.
  • Save it to your desktop and "Save as type: Runscanner log file [*.log].
  • The log file will automatically open in Notepad.
  • Go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  • Copy and paste the contents of the log file into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
  • Exit Runscanner when done.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If Runscanner did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Genix

Genix
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 10 February 2010 - 09:10 AM

uhhh....it started scanning and then it goes *poof* gone! Yeah, it's the same way dds and otl fails.
did i mention that my screen flashes and the error message pops up when i tried to use dds?

error message: "Windows cannot access teh specified device, path, or file. You may not have the appropriate permissions to access the item."

Edited by Genix, 10 February 2010 - 09:22 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 PM

Posted 11 February 2010 - 11:17 PM

I honestly feel then reformatting this machine is your only solution.
Reformatting

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users