Log In · Register

 
i got a virus ... or maybe two ... help please!
*basick*
post Jun 16 2005, 03:14 PM
Post #1





Guest
it looks like i got a virus and a trojan.. i tried searchin google for the solutions but the tutorials didn't work... norton antivirus is bein real gay right now... help anyone?
 
 
 Start new topic
Replies (1 - 20)
*mzkandi*
post Jun 16 2005, 03:47 PM
Post #2





Guest
This may help...
http://securityresponse.symantec.com/avcen...bloodhound.html
 
ryanoman
post Jun 16 2005, 04:13 PM
Post #3


=]
*****

Group: Member
Posts: 712
Joined: May 2004
Member No: 15,626
Please download HijackThis at download.com and post up a log. Also check out the link above.

Also check out this: http://www.createblog.com/forums/index.php...3&hl=smithfraud
 
sweetxsimplicity
post Jun 16 2005, 04:14 PM
Post #4


hi, my name is brianna! =]
*******

Group: Official Member
Posts: 5,764
Joined: Jun 2004
Member No: 22,114
I recommend HouseCall TrendMicro, it's the best. (=
http://housecall.trendmicro.com/

I don't like Norton Anti Virus very much, because it doesn't really find or get rid of my viruses, I scanned it with something that I was sure was a virus, and it said it wasn't. ><;;
 
*basick*
post Jun 16 2005, 04:16 PM
Post #5





Guest
Another friend recommeded a program called AVG 7.0 Professional and I've been scanning my PC with it for the past hour. I think I found the trojan but if it doesn't work, I'll try the above methods. Thanks for your help!
 
*basick*
post Jun 16 2005, 05:50 PM
Post #6





Guest
QUOTE(ryanoman @ Jun 16 2005, 1:13 PM)
Please download HijackThis at download.com and post up a log. Also check out the link above.
 
ryanoman
post Jun 16 2005, 07:40 PM
Post #7


=]
*****

Group: Member
Posts: 712
Joined: May 2004
Member No: 15,626
Yeah I think I see some problems... I'll look at it closer later.
 
banthisaccountno...
post Jun 16 2005, 07:42 PM
Post #8


Senior Member
******

Group: Member
Posts: 1,732
Joined: Mar 2005
Member No: 119,327
QUOTE(basick @ Jun 16 2005, 4:16 PM)
Another friend recommeded a program called AVG 7.0 Professional and I've been scanning my PC with it for the past hour. I think I found the trojan but if it doesn't work, I'll try the above methods. Thanks for your help!
*

Yes, that's what I use. It's really helpful, but slow sometimes.
 
*Azarel*
post Jun 16 2005, 09:23 PM
Post #9





Guest
Can you elaborate on what's wrong? Lag? Ads? etc.
Or do you just get the blue screen of death every-so-often?
 
lbjshaq2345
post Jun 16 2005, 09:26 PM
Post #10


Lil JC
*****

Group: Member
Posts: 868
Joined: May 2005
Member No: 145,741
i use symantec anti-virus and microsoft anti-spyware and lavasoft ad-ware SE
 
*basick*
post Jun 16 2005, 09:28 PM
Post #11





Guest
QUOTE(Azarel @ Jun 16 2005, 6:23 PM)
Can you elaborate on what's wrong? Lag? Ads? etc.
Or do you just get the blue screen of death every-so-often?
*


nothing happens except...
my desktop wallpaper cannot load (icons are still there) and in the place of it is that blue screen.. i think thats all .. i dont get any popup ads or anything and i dont expierence any lag
 
dispn0ygonekrazy
post Jun 16 2005, 09:45 PM
Post #12


*Influential Guitarist & Inspiring Writer*
******

Group: Official Member
Posts: 1,217
Joined: Sep 2004
Member No: 51,134
Yup Basick you have the trojan.smithfraud virus, it makes your screen black or blue and has some kind of like security popup. If ryanamo wants to help you then I'll just leave it alone untill he gets to it but if your computer is ineed of quick fxing then ask me alright.
 
*basick*
post Jun 16 2005, 10:02 PM
Post #13





Guest
QUOTE(dispn0ygonekrazy @ Jun 16 2005, 6:45 PM)
Yup Basick you have the trojan.smithfraud virus, it makes your screen black or blue and has some kind of like security popup. If ryanamo wants to help you then I'll just leave it alone untill he gets to it but if your computer is ineed of quick fxing then ask me alright.
*

ryanoman told me to ask you lol _smile.gif
 
dispn0ygonekrazy
post Jun 16 2005, 10:08 PM
Post #14


*Influential Guitarist & Inspiring Writer*
******

Group: Official Member
Posts: 1,217
Joined: Sep 2004
Member No: 51,134
He did? lol alright then I'll start typing your fix up and we'll see what happens from here.
 
dispn0ygonekrazy
post Jun 16 2005, 11:15 PM
Post #15


*Influential Guitarist & Inspiring Writer*
******

Group: Official Member
Posts: 1,217
Joined: Sep 2004
Member No: 51,134
Wow Steve just looking at your log you have quite alot of infections, I'm surprise you have no popups but anyways heres your fix.


Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\system32\perfcii.ini
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\LogFiles
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED:

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ISTsvc\istsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A35B7996-C654-BFDC-2934-EDECAEE01ACF} - C:\WINDOWS\System32\qnh.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [tlepyp] C:\WINDOWS\System32\tpjhcc.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\fktnyq.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\hhqzwuo.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xsobb.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [Mfujav] C:\WINDOWS\System32\?ttrib.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Close HiJackThis.

Now run CWShredder and let it scan and fix whatever it finds.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
 
*basick*
post Jun 17 2005, 12:16 AM
Post #16





Guest
QUOTE(dispn0ygonekrazy @ Jun 16 2005, 8:15 PM)
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\system32\perfcii.ini
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
*


when i do those and copy to clipboard and i select paste from clipboard on pocket killbox, nothing goes in there... i tried this multiple times and even restarted my pc..
 
dispn0ygonekrazy
post Jun 17 2005, 12:26 AM
Post #17


*Influential Guitarist & Inspiring Writer*
******

Group: Official Member
Posts: 1,217
Joined: Sep 2004
Member No: 51,134
Alright if that doesnt work, do it one by one but make sure your computer doesnt restart after removing those files ok. then follow on with the instructions.
 
sweetxsimplicity
post Jun 19 2005, 12:45 PM
Post #18


hi, my name is brianna! =]
*******

Group: Official Member
Posts: 5,764
Joined: Jun 2004
Member No: 22,114
QUOTE(basick @ Jun 16 2005, 6:28 PM)
nothing happens except...
my desktop wallpaper cannot load (icons are still there) and in the place of it is that blue screen.. i think thats all .. i dont get any popup ads or anything and i dont expierence any lag
*


Oh, that's what happened to me once, except my icons weren't there, and then a few minutes later, my computer froze, so I turned it off and whenever I turned my computer on, it would have that blue screen. So we had to get it fixed.
 
*mipadi*
post Jun 19 2005, 06:16 PM
Post #19





Guest
I'd be willing to bet you have the virus referred to W95.CIH.1049. It's a variant of the Chernobyl virus. The virus is designed to infect computers and wipe out data on August 2, 1998; seeing as how that date has passed, it shouldn't be a huge problem, but there are some side effects, and, as with any virus, bugs can cause it to function unexpectedly.

You can read more about it here. Removal instructions are included on that page.
 
medic
post Jun 19 2005, 06:33 PM
Post #20


Seoul Rocks!
*****

Group: Member
Posts: 936
Joined: Jun 2005
Member No: 155,811
Go to www.free.grisoft.com and download, update, then run the virus scan. Once it is done, boot into safe mode. Open the AVG file that is in your MY PROGRAMS FILE and delete all quarantined files. I would not even mess with anything from Symantec, there only good for removals, there Anti Virus programs aren't worth the resources.
 
dispn0ygonekrazy
post Jun 20 2005, 10:40 PM
Post #21


*Influential Guitarist & Inspiring Writer*
******

Group: Official Member
Posts: 1,217
Joined: Sep 2004
Member No: 51,134
UHH WTF?
 
« Next Oldest · Technology · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic