oh my f*kin god, this damn virus

FindingNemo

Hi all,

I'm scuppered to say the least.
I have some sort of virus on my dell PC.
The LAST thing I want to do is have to reinstall (awkward finding the original CD and I need it fixed asap).

I don't know what the virus is called.
Luckily, I can still browse the web. However, the virus is stopping me from downloading and installing any new programs, i.e any anti-virus software. I have tried online scanners but they too don't work. I get an error saying it can't create file or can't create folder.
There is a Microsoft KB article which I've gone through, such as renaming catroot2 folder, disable simple sharing and making sure I have ownership of files etc, none of which seem to work.

Any suggesstions are MORE than welcome.

Thanks in advance.

Ginger

Can you run MSCONFIG to see what is running on startup..

Also can you get hold of hijackthis on a mem key or something and post a log

RobbieMc

Hi,

sorry to hear about your Virus issue,

download a program(it's free) called Avira from http://www.avira.com/en/products/personal.html
Once down, reboot your system to "safe mode" install and run the program.
this should kill the virus for you.

Now other people may tell you to try this file or try that file. They aare all talking from there experience of using different programs. This is one that I have used.
I hope this helps,

Rob

FindingNemo

Ginger wrote: »

Can you run MSCONFIG to see what is running on startup..

Also can you get hold of hijackthis on a mem key or something and post a log

Hey Gingy (that's your new nick name btw),
hijackthis, I should be able too, take it I can just download it, not sure it will install though.
Ermmmm...msconfig, remind me please, it's been a long time !
Cheers

ActorSeeksJob

Also virus related problems should be posted in the new Computer Health forum

FindingNemo

RobbieMc wrote: »

Hi,

sorry to hear about your Virus issue,

download a program(it's free) called Avira from http://www.avira.com/en/products/personal.html
Once down, reboot your system to "safe mode" install and run the program.
this should kill the virus for you.

Now other people may tell you to try this file or try that file. They aare all talking from there experience of using different programs. This is one that I have used.
I hope this helps,

Rob

Hi Rob,

Thanks for the reply.

Unfortunately, I can't even get into safe mode, when I do I get a blue screen saying that I have to run chkdsk /f, which I have run and makes no difference, everytime I try safe mode same damn screen comes up.

Cheers

FindingNemo

ActorSeeksJob wrote: »

Also virus related problems should be posted in the new Computer Health forum

Sorry, didn't notice that forum before.
If MODS would like to move, please go for it.

RobbieMc

Okay,

If safe mode is out of the question and you've ran chkdsk /f to no avail, then use a live boot cd of windows and run your A/v file from it.

Or check out this for info on repairing booting issues using repair console
http://www.techspot.com/vb/topic41686.html

ActorSeeksJob

Do the instructions in step #11 while we wait for the topic to be moved.
http://boards.ie/vbulletin/showthread.php?t=2054971677

FindingNemo

RobbieMc wrote: »

Okay,

If safe mode is out of the question and you've ran chkdsk /f to no avail, then use a live boot cd of windows and run your A/v file from it.

Or check out this for info on repairing booting issues using repair console
http://www.techspot.com/vb/topic41686.html

I don't have a bootable CD or windows XP CD :cool: :eek:

FindingNemo

ActorSeeksJob wrote: »

Do the instructions in step #11 while we wait for the topic to be moved.
http://boards.ie/vbulletin/showthread.php?t=2054971677

Thanks,

What should I look out for when I run this, may not be able to run it till later, on a different machine now.

Cheers

ActorSeeksJob

Just post the log here and let me see it. The sticky thread tells you how to go about running the program.

FindingNemo

ActorSeeksJob wrote: »

Just post the log here and let me see it. The sticky thread tells you how to go about running the program.

After I download the file, When I double click on it, it says

"blocked file altert"
and I can't do anything else !!!! ;_(

ActorSeeksJob

Disable any anti-spyware, anti-virus, firewall programs you have, then try run it again. If it fails again then do this


Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
• Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

FindingNemo

ActorSeeksJob wrote: »

Disable any anti-spyware, anti-virus, firewall programs you have, then try run it again. If it fails again then do this


Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
• Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

Ok, I'll have to do this at around 9pm this evening, which I gather not many people will be on this forum on a Friday night :-)

Is there a document I can follow to look out for certain things once the above is run ?

Cheers


** All firewalls, anti-virus etc etc are disabled or I don't have any.

FindingNemo

this was the error btw

BLOCKED FILE ALERT
A file has been blocked due to the 'Blocked Files' rule. See your system administrator for further information.
Context: 'HJTINSTALL.EXE'
Disallowed due to filename

ActorSeeksJob

Is it a work PC? If not the malware must be blocking it, or some program.

Is there a document I can follow to look out for certain things once the above is run ?

No, thats what you need me for

FindingNemo

ActorSeeksJob wrote: »

Is it a work PC? If not the malware must be blocking it, or some program.


No, thats what you need me for

lol,

No, it's a home PC ..

FindingNemo

FindingNemo wrote: »

Ok, I'll have to do this at around 9pm this evening, which I gather not many people will be on this forum on a Friday night :-)

Is there a document I can follow to look out for certain things once the above is run ?

Cheers


** All firewalls, anti-virus etc etc are disabled or I don't have any.

After the extraction, in the folder on the desktop all I have is

moved files ...this is a folder, no files in it
plugins ... ...this is a folder, no files in it
htmpatterns.txt ... which contains the following



UPX!
FSG!
PEC2
PECompact2
Umonitor
qoologic
aspack
PTech
urllogic
ad-beh
ad-behNior.com
sYVLLSAKY
_rtneg3
SAHAgent
buddy.exe
ZepMon
aurora.exe
;2x(V]@BMD
Tlji7Mk
urllogic
KavSvc
69.59.186.63
209.66.67.134
66.63.167.97
66.63.167.77
abetterinternet.com
8B!7F\(T
testpopup
web-nex
yourkey
winsync
rec2_run
WinShutDown
ad-w-a-r-e.com
WSUD
Call (RPC) Help
lightspeedsarch
NIWU.UWIN
UpackByDwing
MZKERNEL32.DLL
UPX0
nspack$

FindingNemo

I'm gonna cry

ActorSeeksJob

There should be a file called WinPFind3u.exe

If not then re-download it again and try.

phill106

if you can, get into uninstall programs and delete any programs that are to due with antispyware or antivirus. Many of these are fakes, and cause more problems then they are worth, plus if they had been working, you wouldnt be in this mess!. If it asks you to reboot, dont do it yet.
Click start-run-msconfig
you will see a tab on the far right listing programs that run on startup. You can safely untick everything (unless you see something you KNOW is ok).
click start -programs-startup-explore
see if there is anything running on startup, delete any crap.
Reboot, see if its a bit better.
if so, go on internet, and download the free version of avg from here http://free.grisoft.com/filedir/inst/avg75free_503a1171.exe as well as adaware from http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10045910&ontId=8022&spi=dc09af292b5f62a96255bbd9d84f4929&lop=link&ltype=dl_dlnow&pid=10766151&mfgId=69274&merId=69274&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10766151.html%3Fspi%3Ddc09af292b5f62a96255bbd9d84f4929%26part%3Ddl-ad-aware

install both, update both, and scan with both.

FindingNemo

phill106 wrote: »

if you can, get into uninstall programs and delete any programs that are to due with antispyware or antivirus. Many of these are fakes, and cause more problems then they are worth, plus if they had been working, you wouldnt be in this mess!. If it asks you to reboot, dont do it yet.
Click start-run-msconfig
you will see a tab on the far right listing programs that run on startup. You can safely untick everything (unless you see something you KNOW is ok).
click start -programs-startup-explore
see if there is anything running on startup, delete any crap.
Reboot, see if its a bit better.
if so, go on internet, and download the free version of avg from here http://free.grisoft.com/filedir/inst/avg75free_503a1171.exe as well as adaware from http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10045910&ontId=8022&spi=dc09af292b5f62a96255bbd9d84f4929&lop=link&ltype=dl_dlnow&pid=10766151&mfgId=69274&merId=69274&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10766151.html%3Fspi%3Ddc09af292b5f62a96255bbd9d84f4929%26part%3Ddl-ad-aware

install both, update both, and scan with both.

Thanks Philip,

This is what I get after the install of the virus scanner you mentioned.

Local machine: installation failed
Installation:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory

Cheers

FindingNemo

ActorSeeksJob wrote: »

There should be a file called WinPFind3u.exe

If not then re-download it again and try.

got this working now, will attach the file when it's done..hopefully not long

kaiser sauze

Have you got all Windows patches installed and up-to-date?

If you are unsure, check.

FindingNemo

ActorSeeksJob wrote: »

There should be a file called WinPFind3u.exe

If not then re-download it again and try.

here's the text file from the output sir.

FindingNemo

kaiser sauze wrote: »

Have you got all Windows patches installed and up-to-date?

If you are unsure, check.

I'm up todate

FindingNemo

phill106 wrote: »

if you can, get into uninstall programs and delete any programs that are to due with antispyware or antivirus. Many of these are fakes, and cause more problems then they are worth, plus if they had been working, you wouldnt be in this mess!. If it asks you to reboot, dont do it yet.
Click start-run-msconfig
you will see a tab on the far right listing programs that run on startup. You can safely untick everything (unless you see something you KNOW is ok).
click start -programs-startup-explore
see if there is anything running on startup, delete any crap.
Reboot, see if its a bit better.
if so, go on internet, and download the free version of avg from here http://free.grisoft.com/filedir/inst/avg75free_503a1171.exe as well as adaware from http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10045910&ontId=8022&spi=dc09af292b5f62a96255bbd9d84f4929&lop=link&ltype=dl_dlnow&pid=10766151&mfgId=69274&merId=69274&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10766151.html%3Fspi%3Ddc09af292b5f62a96255bbd9d84f4929%26part%3Ddl-ad-aware

install both, update both, and scan with both.

the ad aware url got rid of 13 infections. Just waiting on a fix now for the winpfind3u, read another article somewhere where one guy ran the fix in winpfind3u and it worked !!!!!!!!

kaiser sauze

FindingNemo wrote: »

the ad aware url got rid of 13 infections. Just waiting on a fix now for the winpfind3u, read another article somewhere where one guy ran the fix in winpfind3u and it worked !!!!!!!!

Yes, that is likely true. However, wait for ASJ to advise you as to what to 'fix'. I could do so, but since he gave you the instruction I won't step on his toes.

You seem to have removed quite a lot, judging by the amount of 'missing files' in your report. You might even notice a difference already.

FindingNemo

kaiser sauze wrote: »

Yes, that is likely true. However, wait for ASJ to advise you as to what to 'fix'. I could do so, but since he gave you the instruction I won't step on his toes.

You seem to have removed quite a lot, judging by the amount of 'missing files' in your report. You might even notice a difference already.

No, not just yet I'm afraid, hoping the paste fix will work,
tried googling on how to create it myself but no joy....

I'll just have to wait :cool:

thanks for the help all

kaiser sauze

FindingNemo wrote: »

No, not just yet I'm afraid, hoping the paste fix will work,
tried googling on how to create it myself but no joy....

I'll just have to wait :cool:

thanks for the help all

Oh. I thought you had removed 13 infections with an adware remover. No matter, best of luck with the finsh. You will have a disinfected laptop soon.