1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer getting trashed by loads of viruses.

Discussion in 'Virus & Other Malware Removal' started by JackHaynes, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. JackHaynes

    JackHaynes Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    3
    Hello.

    Yesterday, about 3 hours after reformatting, i installed a program (which by my fault, I forgot to scan :( )

    Immediatly, i had loads and loads of AVG popups, hundreds of processe's running, the option to view hidden files was disabled, when i click on my computer drive it said it was being used by another program, and basicly my computer is now being overturned by hundreds of different viruses. Every few minutes or a so, a different process will pop up and more viruses will appear.

    When i received this virus, my dad's external hard drive with all our backups was plugged in and has been infected. I have reformated 3 times in 2 days and when i plug it in on a new machine, it infects my pc.

    I have got so many viruse's , i havent managed to write there names down.

    I want to know how i can clear the viruses off this external hard drive, just some info on this:

    • It has the same " being used by other program"
    • There has been no new exe or changes made to it
    • Here is my hijack this log: (btw, this was taken a few mins ago, more malware are added to this everytime that process runs):

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:01:45 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jack\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
    O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
    O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
    O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
    O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
    O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
    O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
    O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
    O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
    O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
    O4 - HKLM\..\Run: [svchostzamj] C:\WINDOWS\system32\svchostzamj.exe
    O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
    O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe
    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 4214 bytes



    Please help me! Thank you so much :D
     
  2. JackHaynes

    JackHaynes Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    3
    I have now solved this problem. I found a value in the registry which manually changed it so that i could view hidden files (because the virus disabled it)

    After i did this, i found an autoplay file which play auto.exe (the trojan) when i click on C:/
    I just removed that.
     
  3. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    I don't think your fixed, but please post a fresh Hijackthis.
     
  4. JackHaynes

    JackHaynes Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    3
    I am fixed.
    I reformatted my pc and plugged in the infected external hard drive again. There was no infection, none of the virus files created, none of the process's added, no virus alerts or anything happening because the auto.exe was removed.

    Jack
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, please mark this thread solved via thread tools. (y)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650599

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice