1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Extremely annoying virus

Discussion in 'Virus & Other Malware Removal' started by thelamecoolguy, Jan 23, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. thelamecoolguy

    thelamecoolguy Thread Starter

    Joined:
    Sep 16, 2006
    Messages:
    79
    I run Windows XP SP2 (WinNT 5.01.2600) on my P4 1.6GHz 128MB RAM (2MB shared with onboard graphics) machine. Recently, my machine has been infected by several worms and viruses (Win32:Dialer-542 [Trj], VBS:Malware [Gen], JS:ClassLoader-7, Win32:Brontok-AA [Wrm], Win32:Sality-O, Win32:Trojan-gen. {Other}, and some more). I used avast! Antivirus v1.7 Home edition (Current version of virus database: 0704-0, 01/08/07) to perform a all-system boot-time system scan. The virus is very annoying. Now that I've deleted all infected files, every time Windows starts, I get a error message that says "C:\WINDOWS\eksplorasi.exe" couldn't start. The virus has also disabled registry editing. The "Folder Options" in Control Panel is also missing (I can't view hidden files now). I have replaced Windows Task Manager with Process Explorer from sysinternals.com. (Before the scan, my computer would automatically shut down after opening "msconfig.exe", "cmd.exe", and some other applications.)

    Please help me out.
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. thelamecoolguy

    thelamecoolguy Thread Starter

    Joined:
    Sep 16, 2006
    Messages:
    79
    Well I've already scanned my computer using HijackThis before I even posted my thread here. Unfornutaly though, I had fixed several ot the things it had shown. Here's the log file earlier this day...

    And here's the log file of now...

     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Are you posting htis log from safe mode as there is virtually nothing in this log!


    you don't appear to have a firewall, even if you have a router you still need
    a software frewall, downlaod the one from the link below!


    Comodo firewall. Sign up it's free!

    http://www.personalfirewall.trustix.com/


    Threads on comodo!

    http://www.wilderssecurity.com/forumdisplay.php?f=31



    go to start/run/type msconfig/tick the radial dial selective startup/click
    the startup tab/ check all the boxes that are unchecked and click ok and then exit and reboot the computer!


    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Download SDFix and save it to your desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

    Please then reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    * Select the first option, to run Windows in Safe Mode, then press "Enter".
    * Choose your usual account.

    * In Safe Mode, right click the SDFix.zip folder and choose Extract All,
    * Open the extracted folder and double click RunThis.bat to start the script.
    * Type Y to begin the script.
    * It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * Your system will take longer that normal to restart as the fixtool will be running and removing files.
    * When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    * Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log



    * Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    * Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    * This will scan the files currently running in memory and when something is found,
    click the yes button when it asks you if you want to cure it. This is only a short scan.
    * Once the short scan has finished, Click Options > Change settings
    * Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
    * Back at the main window, mark the drives that you want to scan.
    * Select all drives. A red dot shows which drives have been chosen.
    * Click the green arrow at the right, and the scan will start.
    * Click 'Yes to all' if it asks if you want to cure/move the file.
    * When the scan has finished, look if you can click next icon next to the files found: IPB Image
    * If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    IPB Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    * After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    * Save the report to your desktop. The report will be called DrWeb.csv
    * Close Dr.Web Cureit.
    * Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    * After reboot, post the contents of the log from Dr.Web you saved previously in your next reply together with a new Hijackthislog and the log from SDfix.


    Also download anti vir, go to add/remove and uninstall Avast, anti vir has better heuristics and can clean infected files better! Once installed update anti vir and do a full system scan!



    Anti-vir

    http://www.free-av.com/


    After running those scans run these ones!


    Download AVG Anti-Spyware

    http://www.ewido.net/en/


    * Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run AVG and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:





    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.





    C:\WINDOWS\eksplorasi.exe



    Run AVG Anti-Spyware!

    # IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
    # Launch AVG Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # AVG will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close AVG and reboot your system back into Normal Mode.


    post another hijack this log, the drweb log, sdfix log,, anti vir and the AVG Anti-Spyware log.
     
  5. thelamecoolguy

    thelamecoolguy Thread Starter

    Joined:
    Sep 16, 2006
    Messages:
    79
    Thanks for your help but unfornately I only have dial-up connection. So I couldn't download all the programs you suggested. Is it okay that I use DeleteDoctor (from http://www.diskcleaners.com/) for the purpose? I've also used Spybot - S&D instead of AVG Anti-Spyware.

    No, I haven't posted this from Safe Mode.

    I've now downloaded Comodo firewall. Thanks.

    Why would I want to make my slower-than-hell system even slower by allowing all the apps to run on Startup? Please explain.

    Thanks for the suggestion. It helped me solve many problems. Here's the logfile:
    It did found some viruses on my system. Though I didn't find the log files made by it. I've saved the drweb-cureit.exe file on E:\Downloads.

    Is it a must? Before using avast! to scan my system, I had AVG. Doing a scan on AVG didn't show a single infected file even when I updated it. As for anti-spyware, I like Spybot. A spyware check showed some problems and I've all fixed it. (Again, I couldn't find the logs created by Spybot - S&D)

    Finally, here's the lof created by HijackThis:
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    yes you must run the scnas to make sure you are clean! If you don't have any security programs running in rela time you'll get infected, you should not see your computer slowing down unless you have little RAM. For running Xp you should relaly have 512 RAM!

    Install anti vir and run a scan with it as it cna clean infected files, please post all the logs requested or your just wasting our time.


    Also please post the logs without putting it into quotes, it makes it harder to read!
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Extremely annoying virus
  1. lanemom
    Replies:
    36
    Views:
    3,055
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537626

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice