virus keeps coming back

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Jadan

Thread Starter
Joined
May 10, 2004
Messages
123
hello

I have a virus Worm_RBOT.BCQ found on file C:\windows\system32\micront.exe

I have followed to the letter the removal instruction by Trend

I have deleted the file, deleted all Registry reference to this file, deleted all temp files and Bin , all in safe mode..

The virus seems to have been deleted. but when I connect to the net, after a while , virus is detected and all is back to square one..

Please Help!! how can I get rid of this Virus forever....

Thanx


Jadan
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,941
Hi, Was the Virus scan by Trend an online Virus scan?
Do you have Anti Virus and spyware programs running on your system?
You can post a HJT log to see what is running on your system..
www.thespykiller.co.uk/files/HJTsetup.exe
Close all windows..scan>save to notepad>edit>select all>edit>copy>paste on your thread..
 

Jadan

Thread Starter
Joined
May 10, 2004
Messages
123
i had to reclean my computer.

The files that are reappearing are

micront.exe and msdirectx.sys

These 2 files write themselves in registry and I cannot access the internet.

Here is my HJT log after a clean up.

Logfile of HijackThis v1.99.1
Scan saved at 18:36:52, on 19/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Internet Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "John"
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe


Please help


JAdan
 

Jadan

Thread Starter
Joined
May 10, 2004
Messages
123
Golferbob

I have tried the panda scan, but the virus gets back in my computer before the it ends the online scan and then stops my internet access

please advise

Jadan
 

blues_harp28

Trusted Advisor
Spam Fighter
Joined
Jan 9, 2005
Messages
18,941
Jadan said:
Golferbob

I have tried the panda scan, but the virus gets back in my computer before the it ends the online scan and then stops my internet access

please advise

Jadan


Did you use HJT log to clean you system?
HJT log not complete..
 

Jadan

Thread Starter
Joined
May 10, 2004
Messages
123
Yes I did clean system with HJT..

Why u say its not complete???

Jadan
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top