Computer Help forum

General discussion

really wierd virus or malware

by mikesmtx / April 5, 2009 2:46 AM PDT

I'm running xp media edition. Ok now to the fun stuff, I for the life of me can not figure this out.

Symptoms:
Get redirects, mostly to google search pages

can't get to certain sites(all dealing with anti virus stuff)

can't download new definitions for adaware

can't install spybot(tried reinstalling after it wouldn't load)

can't get malwarebytes to run

it's now telling me mcafee needs to be reinstalled

can't do a system restore

can't open in safe mode(it gets most of the way through the process and then shuts my computer off)

after restarting within about 5 min. get a window that pops up called jucheck.exe with this in the msg box
"the procedure entry point ??_V@YAXPAX@Z could not be located in the dynamic link library MSVCRT.dll"
and once that happens I can't open my C: drive through my computer and get another strange msg saying
"windows cannot find recycler\s-6-3-93-100017378 -100017858- 100021141-1744.com"
but can access through windows explorer

all my files are fine and can access everything else

I have no Idea what to do at this time I've scoured the net trying to find out what this thing is so I can get rid of it. But have found nothing that really resembles this. If anyone has any advise at all I would really appreciate it, this thing is starting to drive me crazy.

Discussion is locked
You are posting a reply to: really wierd virus or malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: really wierd virus or malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Same situation
by jdjackson04 / April 5, 2009 10:14 AM PDT

My wife's laptop is doing some similar things as well. Ad-Aware says it finds things and removes them, and Spybot finds things but locks up when we try to fix the problems. And the Microsoft Malware Removal Tool won't even start to run, the window keeps closing before I can click continue. System Restore won't work either and keep getting redirects to weird sites, and even weird pop ups when opening other windows or programs.

Now it won't even boot up, keeps hanging on the desktop but there's nothing there, wont' even go into Safe Mode.

Basically all that I'm interested in doing now is getting onto the computer and backing up files off of it. Any suggestions on how I can back up the files at least or even get the computer back up and running?? Thanks!

Collapse -
Boot In safe mode with Networking.
by Techie_Master / April 5, 2009 8:11 PM PDT

Try to boot your computer in "SAFE MODE WITH NETWORKING" . In safe mode with networking scan your computer by using Malwarebytes Software after Fully update.

Collapse -
use combofix
by ferhatkt / April 6, 2009 2:55 AM PDT
Collapse -
Please DON'T Use Combofix Without A Helper...
by Grif Thomas Forum moderator / April 6, 2009 3:52 AM PDT
In reply to: use combofix

As stated in the link you provided: "You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer."

The use of ComboFix is generally supervised by a trained person during cleanup of a computer with HijackThis and such.. Incorrect use of ComboFix could cause the computer to stop functioning correctly.

Hope this helps.

Grif

Collapse -
PLease Try This...
by Grif Thomas Forum moderator / April 6, 2009 3:59 AM PDT

Please follow the instructions below. In regards to the redirect, although both of the items below may, or may not be present, please check for them.. If you find one, remove it as directed.. On the other hand, if the "bad" file isn't there, just move on to the next step.:

Look for the file below and if there...:

C:/Windows/system32/wdmaud.sys

Delete it (or move/rename) and Reboot.
_____________

Next,
1.Click on the Start button, select "Run", then type "devmgmt.msc" in the blank area, without the quotes, then click on OK.
2. Once in Device Manager, click "View" in the upper left, select "show hidden devices/drivers".
3. Then click on "non plug and play drivers/devices", and find TDssserv.sys
4. If it's there, right click it, then select disable, then restart the computer.
5. Then check if the problem still persists.


____________

And finally, to make sure other trojans aren't on the computer:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe" or "Gogetum.com" then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well and rename the installer files as indicated above.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder...
____________________

Hope this helps.

Grif
Post 6 of 6 | Previous

Collapse -
hi griff
by ferhatkt / April 6, 2009 4:11 AM PDT
In reply to: PLease Try This...

what you recommend is not going to work.Because some viruses do not let you to see hidden files.The best way is to use combofix which piece of cake.

Collapse -
Sorry, Wrong...
by Grif Thomas Forum moderator / April 6, 2009 4:25 AM PDT
In reply to: hi griff

First, apparently you haven't READ the Combofix instructions that you linked to and if you did, you CHOSE to ignore some of the most important points...Using ComboFix without the proper knowledge is a big risk.. That's why the developers of the program and the BleepingComputer recommend NOT using it without help and to use Combofix ONLY when a competent helper asks for a log.. (It can do strange things including frequently causing the loss of your internet connection.) If YOU choose to use it differently than instructed, use at your own risk.. But I would never recommend to a member here that it's a "piece of cake"..

Next, the tools recommended in my post above have been used here, on these forums and in my personal business, a LOT of times.. They DO clear out most forms of malware, including hidden files, most rootkits, spyware, etc. Obviously, nothing is perfect and there is never a guarantee with these things but I've cleaned out a half dozen similar situations in the last couple of weeks alone.

Hope this helps.

Grif

Collapse -
lets see
by ferhatkt / April 6, 2009 5:00 AM PDT
In reply to: Sorry, Wrong...

Ok.Time will show.
mikesmtx Can you keep us update which way works?

Collapse -
You're Still Recommending Something That's Not Recommended?
by Grif Thomas Forum moderator / April 6, 2009 6:57 AM PDT
In reply to: lets see

It's not important whether ComboFix works.. It clearly does, in the hands of a qualified individual when the tool is actually needed.. Are YOU going to fix the problems if it doesn't work? If the other tools don't work, instead of placing highly technical tools such as Combofix in the hands of an unqualified user, RESPONSIBLE advice instead directs the user toward the various HijackThis forums where qualified users can help and assist the user in their use, IF they need them..

http://forums.cnet.com/5208-6132_102-0.html?threadID=255339

Hope this helps.

Grif

Collapse -
Thanks!
by jdjackson04 / April 6, 2009 6:51 AM PDT
In reply to: PLease Try This...

Thanks Grif and everyone for the advice!! I used malwarebytes on her laptop and was able to remove a ton of things and got the internet back and everything seems to be operating much better now. I was also able to finally run Microsoft's Malware Removal Tool as well just to be safe and it found 1 more object and removed it as well. Haven't ran the SuperAntiSpyware yet but will run it shortly as well just to make sure. But again thanks for all of the help everyone!!!

Collapse -
Good Job & Thanks For Posting Back
by Grif Thomas Forum moderator / April 6, 2009 7:01 AM PDT
In reply to: Thanks!

And yes, be sure to install, update, and run SuperAntispyware.. Run a full system scan with it as well.. As you've found, the recommended tools all find something a little bit different.

One note: After scanning with all the tools, restart the computer into Safe Mode and run a full system scan with them all AGAIN.. Don't stop scanning till all the tools come up with negative results.. Frequently, one scan doesn't do the job fully.

How To Start In 'Safe Mode'

Hope this helps.

Grif

Collapse -
no to need to fight
by mikesmtx / April 6, 2009 7:44 AM PDT

ya I'm going to try a few things right now, I haven't had to use combofix before, but also am fairly competent when it comes to fixing my machine, but this one seems to be a lot harder to get rid of for some reason. If I can't get it figured out by tonight I'm gonna give in, transfer info and reinstall windows. Hopefully it doesn't come to that. But if anything works I'll let you know.

Oh ya, thanks for the advice though. I do appreciate it

Collapse -
No 'Fight' Intended...
by Grif Thomas Forum moderator / April 6, 2009 7:53 AM PDT
In reply to: no to need to fight

This is a "Computer Help" forum.. Just making sure all the facts are known about each tool recommended.. At least as best as possible..

Good luck and let us know how it goes..

Grif

Collapse -
hi
by ferhatkt / April 6, 2009 8:02 AM PDT
In reply to: No 'Fight' Intended...

I respect grif and everyone on this forum. We are just sharing our experiences. we are not fighting.
Have good day

Collapse -
pretty sure it's gone
by mikesmtx / April 6, 2009 8:51 AM PDT

Alright first "grif" looked for those files in sys32 and in device manager and couldn't find anything. And I had already tried getting the new definitions for adaware and malwarebytes from a different comp but those still didn't work. So I decided to try combofix. After it got done doing it's thing went through to check all of the major things that were being affected, and so far so good. Have access through my computer again, my firewall isn't shut off when I start the comp., I've been able to update all of my other programs and no redirects. I'm in the middle of running malwarebytes, I'm gonna run everything I got a couple of time to make sure. But as of right now, I'm gonna have to say combofix is pretty nice. I really do thank you both for giving me advise, cause like I said I was about to format and reinstall. And if anything else happens I will post it here, but lets hope not. So thanks again,

Mike

Collapse -
Oh ya
by mikesmtx / April 6, 2009 8:56 AM PDT
In reply to: pretty sure it's gone

I know no one is fighting I had just been dealing with this for far too long and had gotten to the point where I had to make jokes about it so I wouldn't throw the thing against the wall, anyway........take it easy and thanks a million

Collapse -
A Suggestion.. You Still Need To Use Those Scanning Tools
by Grif Thomas Forum moderator / April 6, 2009 9:10 AM PDT
In reply to: pretty sure it's gone

Here's the problem.. I'm well versed in the use of Combofix and what it finds and removes.. Sometimes, it removes all the problems that are on the computer.. Most of the time, it does not.. So..at this point, continue with the procedures mentioned..

If you still can not install SuperAntispyware and/or Malwarebytes, then the program blocks are still there, you probably still have registry issues to deal with, and you have NOT removed all of the malware on the machine and could easily have a re-occurrence of the problem.. (As mentioned, it's critical to rename the installer files for the updates, the program installation files, etc.. We frequently rename files to anything.scr or anything.com simply to get past the blockage and to get the files to install correctly.

If you've done all the scans and still come up with no problems, you've lost nothing other than a little time..

Good job so far.

Grif

Collapse -
good job
by ferhatkt / April 6, 2009 1:03 PM PDT

Thank you for keeping us update. I dont use anti-virus programs. Because what I can afford is freeware ones and they dont work properly.I use combofix and I run it 1 time in 2 days.So far so good.New Generation viruses are really smart.Almost impossible to delete on win32.There are many bootable cds were created by comp geeks.(hiren boots,knopx ect) If you can`t delete virus or spywares. Use that kind of bootable cds,

Thank you for all guys.

Collapse -
so far so good
by mikesmtx / April 8, 2009 3:26 AM PDT
In reply to: good job

so far so good, everything has been able to load update and run fine. I did a couple of scans with malwarebytes, adaware and the super one. It took until the third time with all of them before they came up clean. Checked everything I could in the registry and so far have found nothing alarming. Thanks again for saving me the hassle of a reinstall.

Mike

Collapse -
"the procedure entry point ??_V@YAXPAX@Z could not be locate
by tidnab / April 17, 2009 8:15 AM PDT

close program that u r tryn 2 run.find program n program folder n c:.
locate folder for that program.open and look 4 (MSVCRT.dll).right
click.click property.click version.write down file ver. & description.
SAVE THIS ON A NOTE PAD U WILL NEED IT LATER.
search 4 (MSVCRT.dll) n c:\windows\system32 DON'T change anything.
COMPARE what u wrote down & save on a note pad.U WILL NEED IT LATER.
HOLLOW back if they don't compare.


I had multiple problems with that.Had 2 move drivers
around 2 fix in SYSTEM 32.INSTANT AUDIO in PINNACLES was one.ALL my
problems gone.Bought $200+ in registry cleaner & repair.NON HELPED.
IT'S IN SYSTEM 32.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?