Spyware, Viruses, & Security forum

General discussion

Virus Problem(Details Inside)

by TBDM5678 / March 12, 2011 1:51 PM PST

I have been having a virus(obviously) problem. I am running Windows 7 and the current problems i am aware of include:
I can not right click on my desktop or windows explorer
I can not access my registry
I could not access task manager, i was able to get around this
The control panel is not in the start menu, I remember getting to it but I do not remember being able to do very much on it
I can not click on the image in the top right of my start menu
When I try to do these things, I see a restrictions message saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact you administrator"
I have had command prompt appear right as I log in, with a message, i was able to catch it once, it said "[SC] OpenService Failed 1060: The specified service does not exist as an installed service"
I have gone through http://windows.microsoft.com/en-us/Windows7/How-do-I-remove-a-computer-virus in an attempt to remove the virus, I had 4 reported threats that cant be removed

I have full administrative rights assigned on this computer, obviously I should be able to access these things. I hope I have provided sufficient information, I will try to provide any more information if needed. Thank you in advance for your help.

Discussion is locked
You are posting a reply to: Virus Problem(Details Inside)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Virus Problem(Details Inside)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
What are the threats that you
by roddy32 / March 12, 2011 10:49 PM PST

say can not be removed and what programs have you scanned with so far?

Collapse -
Scanned with
by TBDM5678 / March 13, 2011 7:04 AM PDT

I have scanned with microsoft security essentials and the thing I mentioned in the link, my normal virus protection expired a while ago

Collapse -
Then Please Try This..
by Grif Thomas Forum moderator / March 13, 2011 7:14 AM PDT
In reply to: Scanned with

If you can download the tools below on your current computer, and get them to work, then fine, but frequently the problem malware prevents the programs from running correctly. If that's the case, then download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

____________________________

First, after transferring it to the problem machine, run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 3 different versions. If one of them won't run then try to run the other one. Be patient.... as a black window should open, then close after finding all the background programs.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill.com
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr

_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://data.mbamupdates.com/tools/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________

And after that, if everything's fine by you can't connect to the internet, then follow the procedures below to check your network "proxy" settings.

Open Internet Explorer and go to Tools-Internet Options-Connection Tab. Click on the LAN settings button. IF there is a check mark next to "Use a proxy server for your LAN", uncheck it. Click OK. Then OK, again.
__________________

Hope this helps.

Grif

Collapse -
I will try this
by TBDM5678 / March 13, 2011 1:59 PM PDT
In reply to: Then Please Try This..

Thank you, I will try this ASAP

Collapse -
Didnt fix the original problem
by TBDM5678 / March 14, 2011 10:58 AM PDT
In reply to: Then Please Try This..

It did pull off a bunch of files the other programs has missed, but the problems that brought me here are still persisting.

Collapse -
Then The Next Steps To Fix Those Issues
by Grif Thomas Forum moderator / March 15, 2011 3:30 AM PDT

First, run full system scans with BOTH of those programs repeatedly in "Safe Mode" and "normal" Windows till nothing is detected..

Next, fix the registry changes that were made by the malware which are blocking Task Manager, regedit, etc.

First, try Fixing the desktop problem like this:

* Right click on your Desktop and select Properties.
* Then click the Desktop tab
* then click the Customize Desktop button.
* Now in the next window that comes up click the Web tab.
o Make sure at the bottom that Lock desktop items is unchecked.
* Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too.
* Then click OK.
* Click Apply. And click OK.


Next, download and run the registry editor fix from the link below. You'll want to "enable" registry editing tools.:

RIGHT click on the link below, choose "Save Target As", then direct it to your desktop.
http://www.dougknox.com/security/scripts/regtools.vbs

Once you run the regtools.vbs file, assuming you don't get an error, restart the computer.. Once restarted, then open "regedit" from Start-Search window and check for the following registry entries which are blocking Task Manager, Control Panel, etc.

Navigate to each of the keys listed below and look for the specific registry entries I've shown below. Delete those specific registry values when found:

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Remove these items:
"DisableRegistryTools" delete any entries found
"DisableTaskMgr" delete any entries found
"NoDispCpl" delete any entries found


Hope this helps.

Grif

Collapse -
One issue With Those Steps
by TBDM5678 / March 27, 2011 6:12 AM PDT

My apologies for not being able to get back to you, I was away on a family matter.

I am unable to access my desktop through right clicking. Will I be able to do this in safe mode? I will continue scanning as you said


Thank You

Collapse -
Desktop Properties Can Be Accessed In Control Panel And...
by Grif Thomas Forum moderator / March 27, 2011 8:34 AM PDT

..the registry fix still needs to be run. You should be able to perform those steps.

Hope this helps.

Grif

Collapse -
Grif . i has a virus problem ..
by DJDWAFFLES / July 15, 2011 1:50 AM PDT
In reply to: Then Please Try This..

a virus eats up my space and appearly nobody on this site wants to help me... i got a hjt log if it helps.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:40:28 AM, on 7/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60194
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 212.95.49.93 www.google.be
O1 - Hosts: 212.95.49.93 www.google.ca
O1 - Hosts: 212.95.49.93 www.google.com.mx
O1 - Hosts: 212.95.49.93 www.google.dk
O1 - Hosts: 212.95.49.93 www.google.gr
O1 - Hosts: 212.95.49.93 www.google.com
O1 - Hosts: 212.95.49.93 www.google.co.za
O1 - Hosts: 212.95.49.93 www.google.nl
O1 - Hosts: 212.95.49.93 www.google.es
O1 - Hosts: 212.95.49.93 www.google.se
O1 - Hosts: 212.95.49.93 us.search.yahoo.com
O1 - Hosts: 212.95.49.93 www.google.no
O1 - Hosts: 212.95.49.93 www.google.ch
O1 - Hosts: 212.95.49.93 www.google.co.uk
O1 - Hosts: 212.95.49.93 www.google.co.jp
O1 - Hosts: 212.95.49.93 www.google.com.au
O1 - Hosts: 212.95.49.93 www.google.pt
O1 - Hosts: 212.95.49.93 www.google.at
O1 - Hosts: 212.95.49.93 www.google.it
O1 - Hosts: 212.95.49.93 www.google.fr
O1 - Hosts: 212.95.49.93 www.google.ie
O1 - Hosts: 212.95.49.93 www.google.de
O1 - Hosts: 212.95.49.93 uk.search.yahoo.com
O1 - Hosts: 212.95.49.93 www.google.com.br
O1 - Hosts: 212.95.49.93 search.yahoo.com
O1 - Hosts: 212.95.49.93 www.google.fi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.52\coIEPlg.dll
O2 - BHO: NCH - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNCH.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: quixley_v2 - {e6103d7b-6052-4575-a010-59037765e87a} - C:\Program Files\quixley_v2\prxtbquix.dll (file missing)
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNCH.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: quixley_v2 Toolbar - {e6103d7b-6052-4575-a010-59037765e87a} - C:\Program Files\quixley_v2\prxtbquix.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FB1C9BD4-54A9-4996-9FAA-579DCC4204DF} (ParentWatchLive_3_01 Class) - https://www.parentwatch.com/centers/video/push-3-01-00.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 11780 bytes

Collapse -
CNET does not analyze HJT logs but
by roddy32 / July 15, 2011 2:29 AM PDT

below is a list of some of the forums that do. You will have to join to post as you did at CNET.


Download HijackThis from http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Save it in your desktop. Double-click HijackThis.exe
Click Scan and save log.

Please post a log at ONE of the below forums. Please be patient with them they are busy.

1. http://www.lognrock.com/forum/index.php?showforum=5
2. http://forum.securitycadets.com/index.php?showforum=2
3. http://www.temerc.com/forums/viewforum.php?f=12
4. http://www.malwarebytes.org/forums/index.php?showforum=7
5. http://www.bleepingcomputer.com/forums/forum22.html

Good luck and please let us know how you are doing.

Collapse -
Yep, Follow Roddy's Instructions..But...
by Grif Thomas Forum moderator / July 18, 2011 6:45 AM PDT

...if we want to ignored the HJT log, try starting the check for malware by following the instructions below:

Unfortunately, you've not told us WHY you think it's a virus and where the space is being used..

In the meantime....

If you can download the tools listed below on the problem computer, great, but you may need to use a separate, clean computer, download the tools, copy them to a flash drive or CD, then transfer them to the infected computer.
_______________

Once that's done, then restart the computer into "Safe Mode with Networking" and use the instructions below. If you can't start in Safe Mode, then run all the tools while in "normal" Windows first, then run them in Safe Mode afterward.:

After downloading or transferring it to the problem machine, run the
following tool to help allow the removal programs below to run.
(courtesy of Grinler at BleepingComputer.com)There are 3 different
versions. If one of them won't run then try to run the other one. Be
patient.... as a black window should open, then close after finding all
the background programs.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.

Rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill.com
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and
SuperAntispyware installer and update files from the links below which
you've also copied to a CD or flash drive, and transfered to the problem
machine. Do NOT restart the computer after running Rkill.Once
downloaded and before transferring Malwarebytes and SuperAntispyware to
the problem machine, rename the program installer "mbam-setup.exe" file
to something else like "Gogetum.exe", then copy the installer file and
the update file to a CD or flash drive.. Transfer the file to the
problem machine, then install the "Gogetum.exe" file, then run the
update to get the program current.. After that, run a full system scan
and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://data.mbamupdates.com/tools/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program
and the manual updater from the links below. As before, you may need to
rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/SuperAntispyware

Manual Update
rhttp://www.superantispyware.com/definitions.html
____________


And after that, if everything's fine by you can't connect to the internet,
then follow the procedures below to check your network "proxy" settings
again.Open Internet Explorer and go to Tools-Internet
Options-Connection Tab. Click on the LAN settings button. IF there is a
check mark next to "Use a proxy server for your LAN", uncheck it. Click
OK. Then OK, again.
__________________

Hope this helps.

Grif

Collapse -
not a virus
by archiehenderson / September 29, 2011 7:29 AM PDT
In reply to: Then Please Try This..

i have had this on a toshiba laptop and change the hard drive with a new operating system and bios etc. and still ended with the same problem (motherboard or keyboard)?

Collapse -
Are you TBDM5678 ?
by R. Proffitt Forum moderator / September 29, 2011 7:42 AM PDT
In reply to: not a virus

If not, I'd start a new discussion with all the details.

Collapse -
Thanks so much!!
by Sherryjohnson-ashby / January 26, 2013 3:15 PM PST
In reply to: Then Please Try This..

Hopefully this is the answer. I truly appreciate the step by step instructions cause like I say, I am not very good with computers. I will give this a try and if it works I will post and let anyone else know who may have this issue too. Again thanks so much.

Sherry

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.