Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP VIRUS/WORM


  • Please log in to reply
3 replies to this topic

#1 cattch08

cattch08

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 26 December 2013 - 10:22 AM

I have been told my computer is beyond repair due to a virus can anyone help thanks.

got a virus worm everything slowed down and when I clear my history then open a page the history fills with hundreds of sites that I have not visited.i keep getting a pop up box saying no drive available have run malware spybot ccleaner but still have the problem now my AVG is not working tried to download  new one wont allow me.i tried to put computer back to an earlier date but wont allow me can anyone help or do I have to try and recover my computer thanks guys Sue



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:06 AM

Posted 26 December 2013 - 11:21 AM

Hello, I moved you to the Am I Infected forum.

Did you know the the Virus' name?


If you cannot run these by downloading to this machine. Then go to another and download these to a Flash drive or CD and run from there.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.
  • [/list]
    >>>>


    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cattch08

cattch08
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 30 December 2013 - 02:33 PM

wont let me paste anything in here



#4 cattch08

cattch08
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 30 December 2013 - 02:57 PM

GMER 2.1.19163 - http://www.gmer.net
 
Rootkit scan 2013-12-26 16:18:30
 
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O 931.51GB
 
Running: c5g00lkm.exe; Driver: C:\Users\alz\AppData\Local\Temp\kfldrpow.sys
 
 
 
---- Threads - GMER 2.1 ----
 
 
Thread  C:\Windows\system32\svchost.exe [380:1392]                      000007fefbb48274
 
Thread  C:\Windows\system32\svchost.exe [380:1736]                      000007fefbb48274
 
Thread  C:\Windows\Explorer.EXE [2316:3968]                             0000000002a99914
 
Thread  C:\Windows\System32\WUDFHost.exe [4256:4312]                    000007fef3cb24a0
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:2728]  000007fefbe42a7c
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:1288]  000007feee7c4830
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:3344]  000007feee7c4830
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:860]   000007feee7c4830
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4200]  000007feee7c4830
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:5516]  000007fefa255124
 
Thread  C:\Windows\Explorer.EXE [5740:6584]                             00000000000f7584
 
Thread  C:\Windows\Explorer.EXE [5740:4632]                             00000000000e8be8
 
Thread  C:\Windows\Explorer.EXE [5740:2512]                             00000000000e8d54
 
Thread  C:\Windows\Explorer.EXE [5740:3096]                             00000000000e9c1c
 
Thread  C:\Windows\Explorer.EXE [5740:6792]                             00000000000f8984
 
Thread  C:\Windows\Explorer.EXE [5740:5376]                             00000000000ebd74
 
Thread  C:\Windows\Explorer.EXE [5740:7296]                             00000000000f8888
 
Thread  C:\Windows\Explorer.EXE [5740:1956]                             00000000000f881c
 
Thread  C:\Windows\Explorer.EXE [5740:1196]                             00000000000e80f4
 
Thread  C:\Windows\Explorer.EXE [8048:6340]                             00000000000f7584
 
Thread  C:\Windows\Explorer.EXE [8048:3004]                             00000000000e8be8
 
Thread  C:\Windows\Explorer.EXE [8048:5592]                             00000000000e8d54
 
Thread  C:\Windows\Explorer.EXE [8048:7620]                             00000000000e9c1c
 
Thread  C:\Windows\Explorer.EXE [8048:7776]                             00000000000f8984
 
Thread  C:\Windows\Explorer.EXE [8048:6432]                             00000000000f8984
 
Thread  C:\Windows\Explorer.EXE [8048:5308]                             00000000000f8984
 
Thread  C:\Windows\Explorer.EXE [8048:3416]                             00000000000ebd74
 
Thread  C:\Windows\Explorer.EXE [8048:7988]                             00000000000ebd74
 
Thread  C:\Windows\Explorer.EXE [8048:6884]                             00000000000ebd74
 
Thread  C:\Windows\Explorer.EXE [8048:5148]                             00000000000f8888
 
Thread  C:\Windows\Explorer.EXE [8048:6096]                             00000000000f8888
 
Thread  C:\Windows\Explorer.EXE [8048:6600]                             00000000000f881c
 
Thread  C:\Windows\Explorer.EXE [8048:7780]                             00000000000f881c
 
Thread  C:\Windows\Explorer.EXE [8048:2108]                             00000000000f8888
 
Thread  C:\Windows\Explorer.EXE [8048:3976]                             00000000000f881c
 
Thread  C:\Windows\Explorer.EXE [8048:4496]                             00000000000e80f4
 
Thread  C:\Windows\Explorer.EXE [8048:1668]                             00000000000e80f4
 
 
---- EOF - GMER 2.1 ----
 
 
kill 2.6.4 by Lawrence Abrams (Grinler)
 
http://www.bleepingcomputer.com/
 
Copyright 2008-2013 BleepingComputer.com
 
More Information about Rkill can be found at this link:
 
http://www.bleepingcomputer.com/forums/topic308364.html
 
 
Program started at: 12/26/2013 09:57:20 PM in x64 mode.
 
Windows Version: Windows 7 Home Premium Service Pack 1
 
 
Checking for Windows services to stop:
 
 
* No malware services found to stop.
 
 
Checking for processes to terminate:
 
 
* No malware processes found to kill.
 
 
Checking Registry for malware related settings:
 
 
* No issues found in the Registry.
 
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 
Performing miscellaneous checks:
 
 
* Windows Defender Disabled
 
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
 
   "DisableAntiSpyware" = dword:00000001
 
 
Checking Windows Service Integrity:
 
 
* Windows Defender (WinDefend) is not Running.
 
   Startup Type set to: Automatic
 
 
Searching for Missing Digital Signatures:
 
 
* No issues found.
 
 
Checking HOSTS File:
 
 
* No issues found.
 
 
Program finished at: 12/26/2013 10:14:41 PM
 
Execution time: 0 hours(s), 17 minute(s), and 27 seconds(s)
 
 
EDIT: unrequested HJT log removed to prevent topic from getting moved.

Waiting for other logs.


Edited by boopme, 30 December 2013 - 04:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users