GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyMAJOR VIRUS PROBLEMS..... HELP

more_horiz
Hi - having only just thanked you guys for helping me fix my mates laptop i have fallen foul of some bad asse virus that seems to ave taken over my desktop ... opened up a file off p2p and got some page pop up saying something about black box flight recorder of something ... the screen went blue and rebooted ... came back with no antivirus (the icon has been removed from the tray and if i try to open it from programs it says exe is not valid win32 application... so itry to run ccleaner ... that does not work ... i happen to have avast on a key as i just put on laptop ... i instal avast .. same message not valid win 32 app .. infact any program gets that response cant open any antivirus or anything ... tried to open hijack this and it wouldnt let me ... please help 😢

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
anybody ? any help would be gratefully received

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Hello,

Please >> read this thread << and post a Hijack This log.

Belahzur will help you later.

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Hello beppeboy. Please be patient, I have college during the day.
Can you post a new Hijack This log please?

[edit] Cross posted. LOL Banner

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Hi Sorry if i seem impatient but i am stressed out . . . i cant post a hijack this as it will not let me open hijack this .. or any other program .. it will not let me open windows in safe mode .. there is just a long scroll of writing and it goes blue screen and crashes .. its stopping me at every angle !

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Hello.
Can you boot to safe mode?

I'm gonna take a guess here, but if you can get into safe mode, do this.
Search for this file.
C:\WINDOWS\system32\drivers\TDSS****.sys <-- the *'s are random letters, but the file begins with TDSS. If it's there, delete it.

Can you run Hijack This now?

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
hiya .. that files not there .. stlil cant open in safe mode ... said something bout
multi(0) system 32 not valid win32 application when tried safe mode then rebooted ... still all antivirus and c cleaner and hijack all come up with same message .exe is not avalid win32 application .

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Is this machine using Norton?
This isn't an exe, so it may be able to run.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
yes norton 2007 was on the pc ... heres the log .. thanks .again for helping ....

http://rapidshare.com/files/163714748/Startup_Programs__HOMEPC__2008-11-14_14.35.50.txt.html

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Was? It's not anymore?

Silent runners says it's still there.
Over the past two days, two machines have failed to start, and that was Norton doing that.
Please uninstall Norton via add/remove programs.

Press Start > Control panel > Add/remove programs
Remove anything with Norton/Symantec in the name.

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
i dont think its to do with norton as i said when i opened the suspect file a window opened which looked like it was installing something ... said black box flight recorder or something i can boot up the pc as normal but no programs work ... it removed norton from the sytem tray but i think its still there .. i will remove it now

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"=-
    "osCheck"=-
    "Symantec PIF AlertEng"=-


  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Delete these two folders:

C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Norton Internet Security
====


  • Now open another new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile]
    @="Application"
    "EditFlags"=hex:38,07,00,00
    "TileInfo"="prop:FileDescription;Company;FileVersion"
    "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon]
    @="%1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open]
    "EditFlags"=hex:00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
    @="\"%1\" %*"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas\command]
    @="\"%1\" %*"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\PifProps]
    @="{86F19A00-42A0-1069-A2E9-08002B30309D}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
    @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
    @=""


  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Can you run exe files now?

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
ok it says the specified file is not a regisry script - you can only import binary registry files"

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
You have to include Windows Registry Editor Version 5.00 at the top of the script. Make sure that is there otherwise the script will fail.

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
ok done as you asked .. still wont open any progs exe .. still wont run in safe mode

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Okay.
Could be rundll32.exe is missing.
Find this file:
C:\WINDOWS\system32\rundll32.exe <-- can you see it in the system32 folder?

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
it went completely last night so im about to reinstal windows as it wont even boot up any more .. id like to try keep the stuff on the d drive do you think it will be uninfected of will i have to lose everything Sad tearing

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
It isn't all that bad. Once you reformat, believe me, you'll find space on your hardrive you never knew you had. LOL Banner

And yes, it should be clean once you've formatted.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
thank you for all your great advice i will be very careful from now on and will certainly follow the advice given regarding prevention -


thanks again Thank You!

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
Since this issue appears resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

descriptionMAJOR VIRUS PROBLEMS..... HELP EmptyRe: MAJOR VIRUS PROBLEMS..... HELP

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum