Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Infected...


  • Please log in to reply
5 replies to this topic

#1 david gonzo

david gonzo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 20 June 2007 - 05:47 PM

Hello,

I have posted once today but have since found out my infection is much more severe than I had thought originally. I have been researching the posts here for HJT, VundoFix, and others. It seems that anytime I try and download these programs, something terminates the download prematurely, and it closes the webpage. I had installed HJT but it will not open something is terminating it. Could this be some type of high level virus or trojan? What should I do if I can't even download these programs.

I am running Windows XP SP2 on a Dell Latitude Laptop D610. I am running my computer in safe mode because it is the only way it will run with out freezing. If I start it regular, it comes to a crawl. Please Help Me...

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:06 PM

Posted 20 June 2007 - 09:36 PM

Can you perform an Online scan? Post the results if it works.

http://housecall.trendmicro.com/

If not Post an HJT log
Preparation Guide for use before posting a HijackThis Log

Post that HERE, by clicking new topic
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 david gonzo

david gonzo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 21 June 2007 - 08:11 AM

Hello,

I ran a scan with the online panda product and here is the log. I cannot run anything with HJT, if I do it automatically closes and/or the webpage will close. If I run a search on Google and include the word hijackthis or hjt, the results show up for a second or two and then the page closes. Normal searches are ok. Seems to me that any kind of product out there that is used for trojans/antivirus are not working anymore. I use AntiVir and it finds viruses but they come back. I have run everything in safe mode. Even my safe mode the triangle now pops up in the task bar but at least I get networking in safe mode.


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\ibebcvol.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\rurcpapy.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\qvmtmbap.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User1\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\User1\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/UltimateFixer Not disinfected C:\fbksrfbj1.exe
Potentially unwanted tool:Application/UltimateDefender Not disinfected C:\fbksrfbj2.exe
Adware:Adware/UltimateCleaner Not disinfected C:\fbksrfbj3.exe
Hacktool:HackTool/Cain.B Not disinfected C:\Program Files\Cain\Abel.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{DCF06CDB-063B-1033-0201-051114200001}\services.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{DCF06CDB-063C-1033-0201-051114200001}\services.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\urgbmlqj.exe

#4 david gonzo

david gonzo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 21 June 2007 - 08:13 AM

I tried your links and they will not work just like I explained earlier. I am guessing I will have to format :thumbsup:

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 21 June 2007 - 08:14 AM

Sometimes if you rename the hijackthis.exe file to something else (eg. abcd.exe) it will run correctly.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 david gonzo

david gonzo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 21 June 2007 - 09:23 PM

Hello,

I was discovering as time went on how serious my infection was. Many of the programs like HJT, SmitFraud, Eiwdo, and others do not open. When I tried to open the topics under HJT in this forum it let me post but right after that I could not even open the topic; it would simply close the webpage. I did a search on google for HJT and as soon as the results propogated the webpage would close. I am finally able to read and post research because I am off duty (I am a firefighter) and am now on another laptop. Someone suggested changing the name of the HJT .exe file, I had already tried that. I did not try closing explorer and then trying to open it, my guess is it won't work but I am going to try. I was considering trying to get a virus scanner on my knoppix live distribution and see if that will work but that will take a while because I have to get my laptop screen to work and have the hardware detected correctly so I can have internet access to download the virus scanner fprog. The yellow triangle is still on my task bar in safemode. My laptop freezes (cpu overload) when I try normal mode. I would appreciate any help and if you know someone who is really expirienced with these gnarly viruses/trojans, if you could ask them to help.

I was already corrected for posting in several topics and the reason I did this was soon after I posted in the HJT the webpage would close if I tried opening to see any advice and I had no other computer at the time. I did have all shift (I work for the fire department) to try and cure this infection and tried like hell for about a good six hours with no improvement.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users