1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected computer, help please

Discussion in 'Virus & Other Malware Removal' started by zergbones, May 1, 2010.

Thread Status:
Not open for further replies.
  1. zergbones

    zergbones Thread Starter

    Joined:
    May 1, 2010
    Messages:
    1
    Hello, recently I have been infected with the apmanager.exe virus (which I think I erased since it doesnt show up anymore) and now my computer keeps restarting. I am currently running in safe mode because when it finishes the xp loading bar screen it will reset itself. Here are the hijackthis results.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:47:01 AM, on 5/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe
    D:\setup.exe
    D:\i386\winnt32.exe
    C:\WINDOWS\system32\ahui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Calvin\Local Settings\Temporary Internet Files\Content.IE5\ZO4WRVPZ\HiJackThis[1].exe
     
  2. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hello, zergbones
    Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:

    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    Sorry for the delay in response. If you still need help, please do the following.



    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920376

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice