Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virushelpzone.exe


  • Please log in to reply
7 replies to this topic

#1 B34R

B34R

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 19 February 2007 - 07:09 PM

Hey there!

I was wondering if anyone could help me out. Recently I went to go visit my parents and they asked me to have a look at my sisters computer, since they were having problems connecting to the internet. I spent a short while resetting the router and checking the physical connections, but to no avail. However whilst checking IE and mozilla I noticed both were loading the page virushelpzone.exe. Having experienced homepage hijacks before and having similar connectivity issues I decided to check virushelpzone.exe on google. I was not suprised to see that it was linked to a virus. So I immediatly came here, since I know you guys are hot on your stuff. So yeah, can you help me out? Also just so you know I can't get onto the internet with the other computer, the infected one, will this cause problems?

Any help would be most appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,095 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:43 AM

Posted 19 February 2007 - 08:16 PM

Welcome to BC B34R :thumbsup:

I suggest you follow the directions in this guide. In following the guide, you can download the software programs you need to a disk or flash drive, then install them on the infected computer from there. Don't worry about the on-line scans. Then create an HJT log, you will find the directions in the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 19 February 2007 - 09:28 PM

It may be a couple of days before the Hijack This team can get to you because of the backload. If you would like to try to remove whatever malware you have on your computers I would suggest the two programs below. Allow them to quarantine or remove whatever they find. Make sure they are updated before scanning. If you have an antivirus or antispyware programs already installed on the computers, update them and run them in safe mode as well.

http://www.bitdefender.com/scan8/ie.html
http://www.superantispyware.com/

If you can get more info on what trojan or virus is on the computers, let us know and we may be able to point you to tool to remove them.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 20 February 2007 - 01:40 PM

Thanks for the speedy reply. I'd just like to say any help is better than none and you guys have always helped me fix my comp, so I'm cool to wait. Cheers. :thumbsup: Will post a HJT log asap.

There's just one thing I'd like to ask. I was under the impression that HJT didn't work in conjunction with this virus and that it only functioned under safe mode. However from what I gather HJT needs to be running in a normal operating environment to be useful. Can you direct me to any resources which would allow me to run HJT sucessfully in normal mode.

Edited by B34R, 20 February 2007 - 01:45 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 20 February 2007 - 03:15 PM

You will have to rename Hijack This to get it to work in regular mode. The malware is blocking you.

Open the HijackThis Folder, find the HijackThis.exe file, right click on the file and select rename. Type Analyze.exe and hit "Enter". Double-click on Analyze.exe (which is still hijackthis) to run the program. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Analyze.bat or Analyze.com
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 21 February 2007 - 06:33 AM

OK thanks :thumbsup: Once again cheers for the speedy reply.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 AM

Posted 21 February 2007 - 01:52 PM

See if this helps.

Please download MsnVirRem.exe and save to your desktop.
  • First close any other programs you have running as this will require a reboot.
  • Double click MsnVirRem.exeto run it.
  • Once open, click the button labelled "Search and Destroy".
  • Your computer will now be scanned for Infected Files.
  • When scanning is finished you will be prompted to reboot only if infected. Click OK
  • Now click the "REBOOT" Button.
  • After the reboot, you may receive file not found errors - please acknowledge them and continue.
  • A Message should popup from MsnVirRem if not, double click the program again and it will finish.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 16 March 2007 - 04:09 PM

Hey there, I came back to parents and tried running MSNVirRem. The program reported no issues and did not give the option for reboot. I am now going to run HJT and make a log asap.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users