Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help Asap!


  • This topic is locked This topic is locked
7 replies to this topic

#1 athbaseball23

athbaseball23

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 June 2007 - 04:22 PM

I have somehow recieved the virus Trojan.Pandex. It is in the C:\WINDOWS\system32\drivers\ip6fw.sys file (or so it says on the Symantic pop-up). I am not able to send a hijack this file because my computer runs so slow and wont let me get even on line. I look at the systems processes under crtl+alt+delt and some ttask.exe is running 100 % of the computer. A couple files that looked odd on the hijackThis log i ran were startdrv.exe, and ctfmon.exe. CAN anyone tell me what to do?. Or even tell me where to start so i can get online to post a hijackThis log. NEED HELP ASAP.

BC AdBot (Login to Remove)

 


#2 rlprlp

rlprlp

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 June 2007 - 05:04 PM

I saw several things here http://www.google.com/search?hl=en&q=t...amp;btnG=Search that claim it removes in safe mode. Good luck!

#3 athbaseball23

athbaseball23
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 June 2007 - 05:31 PM

While in safe mode, is there any way to make the windows smaller so i can see the entire window when i open a program? This would help a lot.

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:05:48 AM

Posted 17 June 2007 - 08:22 PM

You may be able to, though it's a bit of a pain. Once booted into Safe Mode, right click on an empty area of your desktop, select Properties, then in the Display Properties window select Settings. If the resolution slider is not grayed out, move it to the setting you want. Then click Apply, OK. You will have to restart the computer and go into Safe Mode again, but you should then have a more satisfactory screen resolution. I have my computer set for 1024 x 768 in Safe Mode, which is adequate for the programs I run there.

Most antivirus and antispyware programs do not open in full screen mode, and they usually have a fairly small window. This makes it easier to run them in Safe Mode, even at the default 800 x 600 resolution.

#5 Gear300

Gear300

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 18 June 2007 - 12:19 AM

The most I can say is go into safe mode and open the taskmanager...delete any unfamiliar processes under the processes tab and go to the C:\WINDOWS\system to see if the processes you deleted are there; if they are, then you could solve the problem by deleting them. If this does not work, then use the antivirus and antispyware options to isolate them. Of course, once you're done with this, install as many of the updated patches under Microsoft and your computer brand (example, emachines has patches for emachines as bigfix or just going to emachines.com). These patches work to prevent these things from occuring. In fact, you could use another computer to retrieve patches and install them on yours right now while in safe mode; in this sense, its more likely that the infectious process will be identified under the processes tab. When deleting any unfamiliar processes, I'm not too sure exactly what processes those are, and its also possible that they wont even show; something like this happened to me earlier and ended up losing all my data. I'm not all too knowledgeable about this field, so I can not guarantee so much as 80% efficiency.

Edited by Gear300, 18 June 2007 - 12:21 AM.


#6 athbaseball23

athbaseball23
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2007 - 06:02 PM

Ok... Heres where i stand.
I went into Safe Mode and ran my antispyware and antivirus programs. They found a few things one being a high risk spyware, so i deleted everything. I thought that was it but when i run my computer in regular mode it goes really slow and in the processes tab the qttask.exe is still running at 99-97 % of the computer usage. I looked up on this and it has something to do with a plug-in for windows media player. It also said i could delete it but how do i do this? Need help.

#7 rlprlp

rlprlp

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 20 June 2007 - 08:48 PM

I'm not seeing WMP; I'm seeing Apple QuickTime.

Does this help?: http://www.computing.net/security/wwwboard/forum/6026.html

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:48 AM

Posted 23 June 2007 - 10:03 PM

athbaseball23,

I moved your HijackThis log to the appropriate forum.
Here is the link:
athbaseball23's HJT log

NOTE:
Please, DO NOT make another post in the HijackThis Logs and Analysis forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might think someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Also, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Since you now have a HJT log posted, I'm going to close this topic.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.
If you have any questions, don't hesitate to send me a PM.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users