1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus

Discussion in 'Virus & Other Malware Removal' started by Elluziion, Apr 14, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    My computer has downloaded a program called "security tool" this program is blocking me from using anything in my control panel, or my notepad. The first time i tried to delete the program i went to start and searched the harddrive and when i found it i right clicked it and then a pop up came up and then i got a blank blue screen and my computer shut off. Then when i tried to go to control pannel a pop up came up that said :

    >rundll32.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using rundll32.exe to connect to remote host.

    A similar one pops up for notepad, run, and other things.
    I really need to get rid of this security program so any help given will help. Thanks
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,540
    I'm going to move you to the hijackthis forum. If you do not have a response in 48 hours, please post back in this thread, and I'll flag down a security expert for you. In the meantime;

    1. Welcome to TSG. :)

    2. Please do the following:

    CLICK HERE
    to download the HijackThis Installer:
    1. Save HJTInstall.exe to your desktop.
    2. Double-click on HJTInstall.exe to run the program.
    3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    4. Accept the license agreement by clicking the "I Accept" button.
    5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    6. Click "Save log" to save the log file and then the log will open in Notepad.
    7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
    8. Come back here to this thread and paste the log in your next reply.
    9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  3. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    Thank you i will try that.
     
  4. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    when i tried to install the program my desktop icons dissapeared and then my screen went blue and then my computer restarted. I tried again and the pop up said msiexec.exe then is infected with worm Lsas.Blaster.Keyloger.....
     
  5. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    I finally got HijackThis installed but my desktop icons are still not visable. when i go to the start bar and select the HijackThis it gives me the same error message. Infected by a worm.
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,540
    try renaming hijackthis.exe to puppy.exe and see where that gets you. Sometimes malware will look for specific apps to blow out, and hjt is one of those.

    thanks,

    v
     
  7. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    I tried to save the program as puppie.exe but when i went into the file to open it a black command screen poped up and then dissapeared.


    Then i tried to save it under a different name. and an error message came up that said.
    >A network error occured while attempting to read from the file.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Do you have access to a USB external drive (or a flash drive) that you can use to transfer files to the infected computer?
     
  9. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    yes i do.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    Sorry, I meant to also ask if you have access to another computer.

    We have to download a couple of programs to the USB drive on another computer and then transfer them over.
     
  11. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    yes i have another computer.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    OK, that's good.

    Download both of these files to the USB flash or external drive using another computer. Right-click and save as you don't want to execute them.

    http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg

    http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

    Remove the USB drive and insert it into the infected computer.

    Now make the sure the rogue Security Tool program is running if it's not already. Can you do something that will trigger one of those alerts? Then you'll know it's running.

    Now open the drive that is the USB device on the infected computer and double-click on the FixExe.reg file to run it. Windows will prompt and ask you if you want to allow the data to be added to your computer so click Yes when that happens.

    Now you should be able to run the MBAM set up (the other file I had you download) from the USB device and follow the prompts to install the program on the infected computer. Don't change any of the default settings. Once it's installed, update it by clicking on the update tab and then run a Full scan.

    When this is done, you should be able to post a HijackThis log from that computer so please do that and post the MBAM log as well.
     
  13. Elluziion

    Elluziion Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    8
    ok i will post as soon as i do that. thank you very much
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,710
    I will be away from the computer for a bit but will definitely check back later on.
     
  15. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    67,540
    thanks cookiegal.........:)


    as always, you are the best. (y)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916931