Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Problems after windows diagnostics virus/trojan

  • This topic is locked This topic is locked
2 replies to this topic

#1 Fred111


  • Members
  • 1 posts
  • Local time:09:00 AM

Posted 08 June 2011 - 01:55 AM

Good morning all,

Let me start by thanking you guys at bleepingcomputer for fixing my computer when i had an infection yesterday morning. A trojan (i think) named windows diagnostics was to blame which hid all of my computer files. All i had open was an internet explorer which through google led me to your iexplore.exe/unhide/malwarebytes solution which i followed.

My problem as of now. The last two times i booted up windows it showed my background and the mouse cursor, nothing else. I tried ctrl-alt-del which worked but i am too noob to understand every process. After a power button reset all was back to normal and i ran malwarebytes once more. It asked me to reboot (found 2 more worms) and the above happened again. Not really a massive problem but it is annoying and it did not happen two days ago.

Also my internet explorer sometimes (not always) redirects a search result to askjeeves, a redirect to redirect to a random website and it generates popups (they appear in random intervals or only when i use iexplorer). This is also annoying and it seems a leftover from the windows diagnostics trojan.

I tried using hijackthis to kill abnormal processes (as far as i can tell) but some still stand out and i can use a professional hand in the matter.
In the background there is a highly suspicious Fvajic.exe which drains 50% comp memory and when i google the name i only get chinese character search results (which ofcourse adds to my suspicion). I can end this process in task manager but it pops back in every once in a while and on reboot it is also immediately present. Also there are 2 google update entries in hijackthis which won't fix. I also tried windows anti-malware program. I ran it and it found some worms. After fixing i ended up in a rebootloop and had to use safemode/restore point so i guess something is still amiss on my computer.

The programs i currently have on my computer are hjt, malwarebytes, ccleaner (and the iexplore.exe / unhide programs from before). No other antivirus or similar programs installed.

EDIT: For future reference. It was the salinity virus. Malwarebyte solved it after multiple full scans combined with hijackthis.

Edited by Fred111, 09 June 2011 - 12:22 AM.
Moved to log forum. ~BZ

BC AdBot (Login to Remove)


#2 etavares


    Bleepin' Remover

  • Malware Response Team
  • 15,514 posts
  • Gender:Male
  • Local time:10:00 AM

Posted 16 June 2011 - 04:15 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\*. /mp /s

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators

#3 etavares


    Bleepin' Remover

  • Malware Response Team
  • 15,514 posts
  • Gender:Male
  • Local time:10:00 AM

Posted 23 June 2011 - 04:36 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users