1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need some quick virus help

Discussion in 'Virus & Other Malware Removal' started by tec_41, Jul 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    I've contracted a virus on my computer and need a little help removing it. I'm running XP Home SP2, and WAS running AVG free edition. All the virus is doing is preventing me from running the anti-virus software. When I click on it it will just close out immediately. I can do a scan, but AVG found nothing. So I downloaded HijackThis and can't install it because the virus kicks in and won't let me run it.

    So I'm thinking that if I can reboot in safe mode I can install and run HijackThis, thus being able to find the virus. However, I can't get into flippin safe mode! I don't know what Im supposed to hit on startup, but I've tried just about everything...I have an ASUS A8n-e motherboard if that helps. Thanks!
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.



    Download the Hoster from:

    www.funkytoad.com/download/hoster.zip

    UnZip the file and press "Restore Original Hosts" and press "OK". Exit
    Program.




    Note: this is a stand alone, it doesn't install to start/programmes.

    Download Mwav,

    http://www.spywareinfo.dk/download/mwav.exe


    double click on it and it will extract to C:\kaspersky. Click
    on the kaspersky folder and click on Kavupd, a black dos window will open
    and it will update the programme for you, be patient it will take 5-10
    minutes to download the new definitions. Once it's updated, click on mwavscan
    to launch the programme.

    Use the defaults of:

    Memory
    startup folders
    Registry
    system folders
    services

    Choose drive , all drives and, click scan all files
    and then click scan/clean. After it finishes scanning and cleaning post
    the log here with a new hijack this log.

    Note: this is a very thorough scanner, it might take anything up to an hour
    or more, depending on how many drives you have and how badly infected your
    pc is.



    Highlight the portion of the scan that lists infected items and hold
    CTRL + C to Copy then paste it here. The whole log with be extremely
    big so there is no way to copy the whole thing. I just need the
    infected items list.



    Post a hijack this log and the Mwav log
     
  3. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    Well I'll try some of the links you posted, but like I said I cannot run hijack this because of the virus. I need help booting into safe mode...
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hit the f8 key repeatedly as your computer starts up and follow the menu for safe mode!

    Are you getting any werror mesages, blue screen, if so write it down exactly and post it here!

    What makes you think it is a virus, it may be a hardware problem?
     
  5. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    I had some friends over and they used my computer as usual, and when I wasn't in the room they clicked on a link some one sent over msn...I didn't know the person either. Then it downloaded and installed something and the window disappeared. Ever since that exact moment AVG hasn't been working. So I'm 100% sure it is a virus...thanks for the help btw!
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    can you boot up to the computer at all? If not you may have to reformat?
     
  7. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    Oh I can boot up the computer fine, in fact there is nothing wrong (as far as I can tell) besides my anti-virus and hjt not working. I'll report back later with my test results.
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Try uninstalling it and then reinstalling it, The Mwav should clean quite a bit of it up!


    Also try running these tools!


    Download ewido!


    http://www.ewido.net/en/


    * Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.



    Run Ewido!

    # IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    # Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close Ewido and reboot your system back into Normal Mode.



    post back with the ewido log and the Mwav scan log!
     
  9. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    All mwav found were 4 errors...my computer was just built a little over a year ago, and I know how to take care of it so there is very little spyware on it. The only thing wrong is this virus.
     
  10. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    Also, when I tap F8 on startup it takes me to the boot menu but all that's there are options like "Boot from CD ROM" and stuff...no safe mode :S
     
  11. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    can you post any of the scan logs, a hijack this?
     
  12. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
    The scan log of mwav has nothing to show, and I can't install hijack this...Whenever I click on the hijack this folder it closes immediately, just like AVG does because of the virus. That's why I'm wanting to get into safe mode. Hopefully I could install HJT and then run it. There's nothing in my motherboard manual about booting into safe mode even so I'm kinda thrown for a loop.
     
  13. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    you just hit the F8 key and tap it repeatedly to get into safe mode, a black screen with safe mode in the four corners, you use the up and down arrow keys from the menu and choose safe mode!
     
  14. tec_41

    tec_41 Thread Starter

    Joined:
    Nov 6, 2004
    Messages:
    332
  15. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    If you post the logs then I would be able to se where it is and we cna delete it either manualy or with the killbox?


    if you know the path of the virus then you can paste it into the killbox and have it remove it?

    it should be somewhere like

    C:\windows\system32\xxxxx where xxxx i.e. (fgjrk.exe ) is the name of the virus or

    C:\windows\xxxxx



    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486782

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice