Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Dont Know Which Kind Of Infection


  • Please log in to reply
4 replies to this topic

#1 deedrit

deedrit

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 18 December 2006 - 03:18 AM

Logfile of HifjackThis v1.99.1
Scan saved at 10:07:50 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\o2flash.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dan\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
C:\WINDOWS\System32\Cidaemon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE03} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
02 - BHO: SSVHelper Class - {7614 } - C:\Program Files\Java\Jre1.5.0_06\bin\ssv.dll
04 - HKLM\..\Run: [IgfxTray] C:/WINDOWS\System32\igfxtray.exe
04 - HKLM\..\Run: [HotKeysCmds] C:\WINDOW\System32\hkcmd.exe
04 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
04 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
04 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
04 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
04 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
04 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetwireless\NCS\PROSet\PRONoMgr.exe
04 - HKLM\..\Run: [Cingular Communication Manager] C:\Program Files\Cingular\Communication Manager\CingularCCM.exe -a
04 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160609073\ee\AOLSoftware.exe
04 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windowns Defender\MSASCui.exe" -hide
04 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
04 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgscc.exe /STARTUP
04 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messsenger\msmsgs.exe" /background
04 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
04 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
04 - Global Startup: Bluetooth.lnk = ?
04 - Global Startup: Microsoft Office.lnk = ?
08 - Extra Context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\OSA.EXE
08 - Extra Context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
09 - Extra button: (no name) - { } - C:\Program Files\Java\Jre1.5.0_06\bin\ssv.dll
09 - Extra 'Tools' menuitem: Sun Java Console - { } - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra button: @btrez.dll,-4017 - { } - C:\Program Files\WIDCOMM\Bluetooth
software\btsendto_ie.htm
09 - Extra 'Tools'menuitem: @btrez.dll,-4017 - { } - C:\Program Files\WIDCOMM\Bluetooth
software\btsendto_ie.htm
09 - Extra button: (no name) - { } - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
09 - Extra 'Tools'menuitem: @xpsp3res.dll,-20001 - { } - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
09 - Extra button: Messenger - { } - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - { } - C:\Program
Files\Messenger\msmsgs.exe
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Broken Internet access because of LSP provider 'bmnet.dll' missing
011 - Options group: [INTERNATIONAL] International*
016 - DPF: { } (PerfTestClient) -
http://gamer.ubicom.com/benchmarks/PerfTes...oj_20060127.cab
016 - DPF: { } (MUWebControl Class) -
http://update.mirosoft.com/microsoftupdate...b?1161124988892
020 - winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
020 - winlogon Notify: sebring - C:\WINDOWS\SYSTEM32\LgNotify.dll
021 - SSODL: WPDShServiceObj - { } - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
023 - Service: AVG7 Alert Manager Server (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\A\avgamsvr.exe
023 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
023 - Service: AVG Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
023 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
023 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\Systemk32\bmwebcfg.exe
023 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
023 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
023 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
023 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
023 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
023 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division SOftware - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by deedrit, 18 December 2006 - 03:20 AM.


BC AdBot (Login to Remove)

 


#2 deedrit

deedrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 20 December 2006 - 12:18 AM

Update:

Wanted to give some more information about what is going on with my computer. This all started after I downloaded a copy of AVG Anti-Virus. I downloaded it from a link my buddy gave me (Not sure if he tried it himself). But, after I installed it, I rebooted according to the installation instructions. After booting to windows the whole computer started very slow, then the Windows tool bar disappeared, I cant access it. I cannot move any icons on my desktop. When I start any program, IE, Firefox, etc. they just open and close instantly. I cannot get on the internet to update the anti-virus either. I tried using Safe Mode but then the virus put a counter on my screen and said windows will reboot in :60. This happens in Normal mode, but the counter stops working at :40 and says (Not Responding), then the ZCfgSvc.exe crashed also and asks me to send an error report to MS. I really think I need to use Hackthis to stop whatever the viral copy of AVG is doing, but I don't know EXACTLY what to do. So, I just need someone to tell me what to do, then if I can get the internet working and my programs, I can probably just remove the virus or at least get my essential files off the computer and then do a clean install of windows. The virus is so hostile to any program running, that I had to actually type my HackThis log file by hand on another computer because the virus prevented me from burning the file to a CD.

:thumbsup:

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:17 PM

Posted 22 December 2006 - 01:39 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.

#4 deedrit

deedrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 22 December 2006 - 10:48 PM

This all started after I downloaded a copy of AVG Anti-Virus. I downloaded it from a link my buddy gave me (Not sure if he tried it himself). But, after I installed it, I rebooted according to the installation instructions. After booting to windows the whole computer started very slow, then the Windows tool bar disappeared, I cant access it. I cannot move any icons on my desktop. When I start any program, IE, Firefox, etc. they just open and close instantly. I cannot get on the internet to update the anti-virus either. I tried using Safe Mode but then the virus put a counter on my screen and said windows will reboot in :60. This happens in Normal mode, but the counter stops working at :40 and says (Not Responding), then the ZCfgSvc.exe crashed also and asks me to send an error report to MS. I really think I need to use Hackthis to stop whatever the viral copy of AVG is doing, but I don't know EXACTLY what to do. So, I just need someone to tell me what to do, then if I can get the internet working and my programs, I can probably just remove the virus or at least get my essential files off the computer and then do a clean install of windows. The virus is so hostile to any program running, that I had to actually type my HackThis log file by hand on another computer because the virus prevented me from burning the file to a CD.




Logfile of HifjackThis v1.99.1
Scan saved at 10:07:50 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\o2flash.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dan\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
C:\WINDOWS\System32\Cidaemon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE03} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
02 - BHO: SSVHelper Class - {7614 } - C:\Program Files\Java\Jre1.5.0_06\bin\ssv.dll
04 - HKLM\..\Run: [IgfxTray] C:/WINDOWS\System32\igfxtray.exe
04 - HKLM\..\Run: [HotKeysCmds] C:\WINDOW\System32\hkcmd.exe
04 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
04 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
04 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
04 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
04 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
04 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetwireless\NCS\PROSet\PRONoMgr.exe
04 - HKLM\..\Run: [Cingular Communication Manager] C:\Program Files\Cingular\Communication Manager\CingularCCM.exe -a
04 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160609073\ee\AOLSoftware.exe
04 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windowns Defender\MSASCui.exe" -hide
04 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
04 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgscc.exe /STARTUP
04 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messsenger\msmsgs.exe" /background
04 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
04 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
04 - Global Startup: Bluetooth.lnk = ?
04 - Global Startup: Microsoft Office.lnk = ?
08 - Extra Context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\OSA.EXE
08 - Extra Context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
09 - Extra button: (no name) - { } - C:\Program Files\Java\Jre1.5.0_06\bin\ssv.dll
09 - Extra 'Tools' menuitem: Sun Java Console - { } - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra button: @btrez.dll,-4017 - { } - C:\Program Files\WIDCOMM\Bluetooth
software\btsendto_ie.htm
09 - Extra 'Tools'menuitem: @btrez.dll,-4017 - { } - C:\Program Files\WIDCOMM\Bluetooth
software\btsendto_ie.htm
09 - Extra button: (no name) - { } - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
09 - Extra 'Tools'menuitem: @xpsp3res.dll,-20001 - { } - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
09 - Extra button: Messenger - { } - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - { } - C:\Program
Files\Messenger\msmsgs.exe
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Unknown file in Winsock LSP: C:\Windows\System32\avgfwafu.dll
010 - Broken Internet access because of LSP provider 'bmnet.dll' missing
011 - Options group: [INTERNATIONAL] International*
016 - DPF: { } (PerfTestClient) -
http://gamer.ubicom.com/benchmarks/PerfTes...oj_20060127.cab
016 - DPF: { } (MUWebControl Class) -
http://update.mirosoft.com/microsoftupdate...b?1161124988892
020 - winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
020 - winlogon Notify: sebring - C:\WINDOWS\SYSTEM32\LgNotify.dll
021 - SSODL: WPDShServiceObj - { } - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
023 - Service: AVG7 Alert Manager Server (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\A\avgamsvr.exe
023 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
023 - Service: AVG Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
023 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
023 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\Systemk32\bmwebcfg.exe
023 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
023 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
023 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
023 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
023 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
023 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division SOftware - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:17 PM

Posted 23 December 2006 - 06:29 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

Let me just start by saying I've had the exact same infection that you've had on my own PC. I'll get straight to the point and say the only way I was able to fix the infection was with a complete wipe of my computer, reinstalling the operating system and starting all over again. You've been infected with a virus that overwrites all your exe files with malicious script - although I can't be sure it's probably a Parite infection, or a bloodhound infection. I think a few of your theories on how and why you got this infection are wrong, so I think I'll patch those up before we continue. Firstly, I'm 99% sure that the AVG you downloaded was "viral". I think that you've had this infection on your PC for a while, before you even downloaded AVG, then when AVG scanned the files on your PC it detected the infections. The program did what it was meant to and try to repair the malware files straight away, but the executables were simply killed by AVG meaning your system went into meltdown and nothing worked. The exact same thing happened to me on a computer I used to test malware - I infected the computer then tried running AVG which simply destroyed all .exe files on the PC, including internet, core windows files, more or less everything.

You talked of a virus placing a shutdown box on your screen, but I think this is actual a legitimate warning from windows. You can actually stop that reboot from happening manually the next time it popups up. Click on start, then click run and type "shutdown -a" and hit enter. That should abort the shutdown. Again this is caused by the infection you have, but is most likely a perfectly legitimate box from Windows. I see that you typed the Hijackthis log out, but it's clean - I don't see any problems at all.

What I really need to know from you before we continue is if you have the XP re installation CD that came with the computer. We need to replace all core windows executables that have been removed, and we will need the XP CD for this. Without the XP CD there isn't much we can do - There is no known way to disinfect the files I'm afraid. If you don't, we can try a system restore, but I have a feeling the system restore executable will be infected too. I don't want you to reformat just yet, as I know you want to save some of the important files from your PC.

So, let me know if you have an XP reinstallation CD and we can work from there.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users