Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Terrible virus that I can't remove


  • This topic is locked This topic is locked
25 replies to this topic

#1 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 22 April 2011 - 04:03 PM

I have a terrible Trojan Horse Generic22.OVL that I am unable to remove. A few nights ago AVG alerted me that it found Backdoor.Poison, no problem, I removed it. My computer has been going downhill ever sense, every few minutes now a program attempts to get through my firewall to gain internet access and a Trojan is associated with it each time, I have gotten a screen shot of such incident here: http://img217.imageshack.us/i/viruse.png/ - the second after I posted THAT screen yet another inaccessible Trojan popped up. This one under c:\Windows\Temp\qovc\setup.exe - the other one was ruph instead of qovc. I ran Malwarebytes, it swiftly found 2 notepad errors and 5 trojans, I removed, rebooted and I thought everything was OK. I ran superantispyware which found nothing, Spybot Search And Destroy found a "HijackerC" which was named Click.Giftload. AVG 9's resident shield is now finding these so called temporary folder setup.exe viruses so often to the point that I can't do anything that I need to do on this PC. Is it oversensitive AVG or do I have a major problem here? Adware internet security by Lavasoft was also run and found nothing but the same Backdoor.poison that AVG had detected, which it was then removed. Trend Micro Housecall had a clean report, all of the viruses detected by AVG are ran under svchost.exe with a process ID of 5868. AVG currently has a System32 DLL which is named MFC45.DLL due to it being "suspicious potential unknown virus &or corrupted executable file" it also recently quarantined a Win32:Inject-AFS Malware which was also detected recently. - everything on this PC was fine up until a few days ago, it ran fast and excellent.

I am running windows 7, have Hijackthis ready to run a log, as I was typing this probably three of those - uh, another one just popped up

File name: c:\Windows\Temp\vjkc\setup.exe Threat name: Trojan horse Generic22.OVL - still on svchost.exe but now a process ID of 3,280 - any help you can give me is appreciated, just want to get this PC back to normal. Thanks




Note: I have no disks and there's absolutely no way I will be able to reformat/format this computer, I need you guys to work with me here and I will work with you so I can try to clean this thing up without going to that measure- thanks


Edit: after a rescan of MalwareBytes it has detected Malware.Trace in c:\Windows\System32\winset.ini - I'm removing it now, will reboot and continue running this and other scans to make sure I catch anything I can while I wait for you guys to reply. Thanks again


Edit: rebooted, Malwarebytes came up clean, Adaware Internet Security won't run properly *very slow, about one file every two seconds, I won't sit here for 800K files for that long :P* and SuperAntiSpyware is running full scan yet again with nothing found in Memory or Registry and is now scanning File items.

Edited by Computerproblem101, 22 April 2011 - 04:56 PM.


BC AdBot (Login to Remove)

 


#2 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 22 April 2011 - 06:32 PM

MBAM, AVG, Superantispyware, etc, every single log looks clean now - bump

#3 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 22 April 2011 - 08:08 PM

Bump

#4 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 22 April 2011 - 09:09 PM

How often am I allowed to do this? Bump Bump

#5 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 22 April 2011 - 11:30 PM

And again

#6 zoomzoom

zoomzoom

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 23 April 2011 - 07:13 AM

have you tried windows system restore utility to try and roll back the system state to a few days prior to the apparant infection? Sometimes a virus or malware will prevent system restore from working, or has cleared the restore points, but quite often it is effective in rolling back the system to pre-infection state, and then you can update your software and run antivirus software to clean up any remnants of the infections. Go to Start/accessories/system tools/system restore/ and run the program, and choose to restore the computer to an earlier time, then pick a bold date from the calendar that predates the infection by a few days. If the restore is unsuccessful, dont give up and try another earlier date. You may get lucky.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 23 April 2011 - 07:44 PM

Are they running clean,but you still have giftload?

If so you will need to post your HJT log in a new topic here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 April 2011 - 08:08 PM

The giftload hijacker was removed and the notifications of the setup.exe viruses haven't happened today, but yesterday when all logs ran clean I was getting a crazy resident shield notifying me of a virus very often, everything seems to be OK but I have a feeling the computer is infected still

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 23 April 2011 - 08:15 PM

Then post your HJT log. Itwill take a few days for them to analyze abd reply.

Edited by boopme, 23 April 2011 - 08:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 April 2011 - 08:17 PM

Are they running clean,but you still have giftload?

If so you will need to post your HJT log in a new topic here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

Let me know if that went well.


I attempted to remove a Warm radar IE nav site blocker and Hijackthis told me that something was blocking its access to my hosts file and it couldn't remove anything, it won't work, just runs.l

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 23 April 2011 - 08:21 PM

Is this XP?
You cannot run HJT
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 April 2011 - 08:32 PM

Is this XP?
You cannot run HJT



Windows seven. It worked before but it tells me: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may NOT be able to fix this.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:53 AM

Posted 23 April 2011 - 08:35 PM

That;s OK HJT is really outdated anyway and we use DDS now. As I thought you had I went with it.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 April 2011 - 08:46 PM

DDS is running, not sure I understand fully how to post the log but will try. If it comes out clean I don't post it right?

#15 Computerproblem101

Computerproblem101
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 April 2011 - 08:49 PM

I ran it, I have the two logs but am not sure if it's worth posting, I have been dealing with malware a while and to me the logs look OK, just my personal opinion though. I only attach one log right? The first one?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users