Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

my laptop has a virus and i need help 2 fix

(New)
(!)

i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
17-Sep-2006, 08:44 PM #1
Exclamation my laptop has a virus and i need help 2 fix
i have my aunts laptop
its got a bad virus. i tryed cleaning the registry like i did 4 mine but it didnt work
when it starts up it says cannot find the file "bootini.exe or any of its components thats about all i know. please help
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
18-Sep-2006, 07:01 AM #2
Hi and welcome to TSG,

If you have taken anything out of startups via msconfig please go to StartRun – type in msconfig – click OK and click on the Startup tab. Click on Enable All then Apply and OK. Then please do the following:

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
18-Sep-2006, 05:21 PM #3
i dont have that file
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
18-Sep-2006, 05:22 PM #4
msconfig. it say it not findit or any of its componants
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
18-Sep-2006, 07:15 PM #5
Please post the HijackThis log.
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
19-Sep-2006, 09:36 AM #6
i will run the scan tonight
it itakes forever
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
19-Sep-2006, 12:33 PM #7
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
19-Sep-2006, 06:05 PM #8
i tryed running hijackthis but every time i opened the file the comp closed it
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
19-Sep-2006, 06:07 PM #9
im not useing the laptop whan im posting thease so plz make it so i can put it on a memory card if ur giving me a program
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
19-Sep-2006, 06:28 PM #10
Download The Hoster from here UnZip the file and press "Restore Original Hosts" and press "OK". Exit Program.

Then try to open HijackThis and scan again.
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
19-Sep-2006, 08:05 PM #11
plz also keep in mind that im doing all this in safen mode because its way way way to slow in normal
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
19-Sep-2006, 08:36 PM #12
yes i got it finally
Logfile of HijackThis v1.99.1
Scan saved at 7:31:39 PM, on 9/19/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [owjyvxoA] C:\WINDOWS\owjyvxoA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ntdll.dll] C:\Program Files\Kztyx\Rkhx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://start.shaw.ca
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157722614147
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9tZQ\command.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Microsoft Windows HDA Service - Unknown owner - C:\WINDOWS\System32\dllcache\svhda.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\owjyvxo.exe
O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
20-Sep-2006, 01:58 PM #13
Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C: or whatever your primary drive is)
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with this yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.


Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows.


Reboot and post a new HijackThis log please. See if you can get one take from normal mode this time.
i like pie's Avatar
i like pie i like pie is offline
Member with 99 posts.
THREAD STARTER
 
Join Date: Sep 2006
Experience: Intermediate
27-Sep-2006, 07:26 PM #14
my laptop cant conect to the internet i cant do any of that and i cant boot it up in normal
mode so none of this helps
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,223 posts.
 
Join Date: Aug 2003
28-Sep-2006, 10:56 AM #15
Click Start - Run - and type in:

services.msc

Click OK.

In the services window find Command Service.
Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Start-up Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


Repeat the above for all of these services:

Microsoft Windows HDA Service
Network Monitor
Windows Overlay Components
Microsoft Windows Spooler Services



Click Here and download Killbox and save it to your desktop but don’t run it yet. Try installing it on the infected computer from a floppy.


Go to Control Panel - Add/Remove programs and remove these, if there:

Internet Optimizer
TheSearchAccelerator

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.


R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll

F2 - REG:system.ini: Shell=Explorer.exe bootini.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe

O4 - HKLM\..\Run: [owjyvxoA] C:\WINDOWS\owjyvxoA.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [ntdll.dll] C:\Program Files\Kztyx\Rkhx.exe

O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9tZQ\command.exe

O23 - Service: Microsoft Windows HDA Service - Unknown owner - C:\WINDOWS\System32\dllcache\svhda.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\owjyvxo.exe

O23 - Service: Microsoft Windows Spooler Services (Windows Spooler Services) - Unknown owner - C:\WINDOWS\wfbmgr.exe


Then boot to safe mode:


How to restart to safe mode


Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\Deskbar
    C:\Program Files\TheSearchAccelerator
    C:\WINDOWS\System32\lssas.exe
    C:\WINDOWS\System32\bootini.exe
    C:\WINDOWS\System32\logon.exe
    C:\WINDOWS\owjyvxoA.exe
    C:\Program Files\Internet Optimizer
    C:\Program Files\Kztyx
    C:\WINDOWS\SG9tZQ\command.exe
    C:\WINDOWS\System32\dllcache\svhda.exe
    C:\Program Files\Network Monitor
    C:\WINDOWS\owjyvxo.exe
    C:\WINDOWS\wfbmgr.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confirmation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.


Boot back to Windows normally and post another HijackThis log please. Let me know if you can connect to the Internet after doing the above.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑