WiredWX Hobby Weather ToolsLog in

 


descriptionComputer Problems EmptyComputer Problems

more_horiz
Hello,

I've got a bug and can't fix it.

My computer = Toshiba Satellite M115-S3094 laptop running Windows XP

The bug has taken control. Can't --> copy/paste/move files/get on internet/use DVD burner/etc. Task bar/start tab are hidden/unusable. Can access files/folders from Windows Explorer.

Can't use (have tried) AVG/Malwarebytes/Microsoft windows-kb890830-v2.14/FSeasyclean/spyware doctor

Will let me run and install (from usb storage device) IObit - but disappears half way through the scan

Will let me run and install (from usb storage device) HiJackThis - but disappears after scanning without bringing up a second screen as described in your tutorial

Please let me know what/how to post for your help.

Thank you,
Greg

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
Thanks for the response.

1. I downloaded the current version of hijackThis
2. I installed it, accepted the agreement and selected system scan w/ save log file.
3. It scanned and then the program instantly went away/shut down without opening a log file.
4. Now when I click the shortcut to open HijackThis, a screen comes up that says "Windows cannot access the specified device, path or file. You may not have the appropriatepermissionsto access the item"

Thank you,
Greg

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
ok,

1. Downloaded systemlook on computer B and transfered to computer A by removable storage (can't get internet on infected computer A).

2. Can't move files around on infected computer -couldnt get it installed on desktop - only let me make a shortcut on the desktop - Clicked the shortcut and system look came up. I manually entered :filefind, etc and had it "look".

3. No notepad came up, but it did leave the SystemLook notepad icon on the desktop.

4. When I click the notepad icon, a screen comes up that says "C:\Documents and Settings\Greg\Desktop\SystemLook.txt Access is denied"

Thank you for your help,

Greg

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Computer Problems CF_download_FF

    Computer Problems CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Computer Problems Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Computer Problems Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
Ok,

1. Did as instructed above - had to run it from removable storage.
2. Combo fix screen came up and I agreed to the terms.
3. Another screen came up that said "!!ALERT!! IT is NOT SAFE to continue! The contents of the ComboFix package has been comprimised. Please download a fresh copy from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Note: You may be infectedwith a filepatching virus'Virut'"

Thank you,
Greg

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see Here

Instructions how to format and reinstall Windows can be found Here

descriptionComputer Problems EmptyRe: Computer Problems

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum