Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses & Trojans Shutting Down Computer?


  • Please log in to reply
6 replies to this topic

#1 kip123

kip123

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 20 June 2007 - 12:39 PM

Hi. Norton found various items: Trojan.Pandex, Trojan.Pandex!inf, Trojan Horse, Downloader, Backdoor.Mydopam, Trojan.SpamThru. Also "windows/system32/koos.exe" is attempting to access internet every 5-10 seconds.
Repaired above items and deleted from Quarantine; then proceeded to follow instructions on how to prepare before posting to your log. Followed all the steps through the initial scan of Adaware (Adadware 2007). Adaware scan found an item (unfortunately I didn't write down the description, but it had a TAI value of 10!). Fixed the problem w/Adware and restarted PC to rescan with Adaware. Big surprise, when Windows (XP) didn't restart, but I got a screen with starting options (last configuration, last knownworking configuration, safe mode, etc.) Chose last configuration -> Windows XP screen showed and then cursor on black screen, but stopped there. I then shut-off computer and restarted in "last known good configuration" and was able to load through desktop. When I attempted to re-scan with Adware, I received an Error 1810 and a runtime error on Norton. Also received an error message indicating that Adaware was corrupted and that Norton Anitvirus did not load properly or was not found. I then uninstalled Adaware (probably not one of my brightest moments) and attempted to reinstall. Windows Installer started, but then computer shut down. Restarted computer and attempted to scan with Spybot - Spybot found "Win32.VB.atz", which it fixed. We then were successful in reinstalling Adaware and scanning computer, it only found a neglibile item "MRU..." item. I restarted computer and now it shuts itself down when attempting to open Adaware, Spybot, etc. Also we have no internet connection at this time.
What a mess. Please help. Thank you.

Edited by kip123, 20 June 2007 - 12:44 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:52 PM

Posted 20 June 2007 - 01:08 PM

Go ahead and post your Hijack This log in the Hijack This Forum. Do Not post it in this forum. Hopefully you can do that. You can also try downloading onto another medium and installing Super Antispyware onto the infected computer. It may remove enough malware to allow you to use the internet.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Good luck to ya
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 20 June 2007 - 01:13 PM

Hi buddy215. Thanks for the quick response. Have downloaded Super Antispyware to a flash drive and will attempt to install onto my problem machine. I'm at work at the moment, so I won't be able to do anything until later on today.
Thanks again.

#4 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 20 June 2007 - 06:16 PM

HI, I'm back:
Took better part of an hour to get Super Antivirus installed on the problem machine (HP Pavillion 513N, XP SP1, 512 MB) - Desktop kept shutting down and restarting. Then it got stuck on the Windows Installer.........it finally installed and I restarted in Safe Mode. Scanned entire computer, but Super AV did not find anything. Restarted computer in normal mode and attempted to go online - hour glass appeared, but nothing happened - no lights on the CPU (other than power light). Then it shut itself down after 1 min. and restarted. Tried again with IE and email - same thing: hour glass appears, but nothing else happens. Also no reaction to mouse clicking on "start", etc. Where do we go from here? Thank you for your help.

#5 buddy215

buddy215

  • Moderator
  • 13,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:52 PM

Posted 20 June 2007 - 06:57 PM

Try to get a Hijack This log posted. You may have to rename Hijack This.exe. Go to the program file and right click and choose to rename something like lastchancescan. You have completed the prelims just post the log in the Hijack This Forum.
Good Luck to ya.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 22 June 2007 - 11:18 AM

I was unable to unzip HJT on my computer - will do it on another machine. I ran AVG in safe mode and it found 19 signatures and 14 items, which I quarantined. Unfortunately, I was unable to safe the report (Save Report was greyed). I also ran Ad-Aware 2007 again and found an additional item. I have the Ad-Aware log. I "print-screened" a copy of the AVG quarantine.

I still have no internet connection - get message that TCP/IP is not loading correctly or ist not installed ("An error occurred loading TCP/IP. Account: 'xxxxxxxxx@cox.net', Server: 'pop.west.cox.net', Protocol: POP3, Port: 110, Secure(SSL): No, Error Number: 0x800CCC44").

P.S. Is there a way to move this topic to the HJT Log forum so that there is some continuity when I get ready to post the logs? Thanks.

Edited by kip123, 22 June 2007 - 11:25 AM.


#7 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:52 PM

Posted 22 June 2007 - 11:22 AM

When you post your log, include a link to this topic, explaining that additional information about your problems can be found, here.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users