GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Computer Problems

View previous topic View next topic Go down

Computer Problems

Post by BigProblem on Mon Sep 28, 2009 6:09 pm

Hello,

I've got a bug and can't fix it.

My computer = Toshiba Satellite M115-S3094 laptop running Windows XP

The bug has taken control. Can't --> copy/paste/move files/get on internet/use DVD burner/etc. Task bar/start tab are hidden/unusable. Can access files/folders from Windows Explorer.

Can't use (have tried) AVG/Malwarebytes/Microsoft windows-kb890830-v2.14/FSeasyclean/spyware doctor

Will let me run and install (from usb storage device) IObit - but disappears half way through the scan

Will let me run and install (from usb storage device) HiJackThis - but disappears after scanning without bringing up a second screen as described in your tutorial

Please let me know what/how to post for your help.

Thank you,
Greg

BigProblem
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-09-28
OS : xp
Points : 26236
# Likes : 0

View user profile

Back to top Go down

Re: Computer Problems

Post by Belahzur on Mon Sep 28, 2009 8:15 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Computer Problems

Post by BigProblem on Mon Sep 28, 2009 8:54 pm

Thanks for the response.

1. I downloaded the current version of hijackThis
2. I installed it, accepted the agreement and selected system scan w/ save log file.
3. It scanned and then the program instantly went away/shut down without opening a log file.
4. Now when I click the shortcut to open HijackThis, a screen comes up that says "Windows cannot access the specified device, path or file. You may not have the appropriatepermissionsto access the item"

Thank you,
Greg

BigProblem
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-09-28
OS : xp
Points : 26236
# Likes : 0

View user profile

Back to top Go down

Re: Computer Problems

Post by Belahzur on Mon Sep 28, 2009 9:10 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Computer Problems

Post by BigProblem on Tue Sep 29, 2009 11:10 am

ok,

1. Downloaded systemlook on computer B and transfered to computer A by removable storage (can't get internet on infected computer A).

2. Can't move files around on infected computer -couldnt get it installed on desktop - only let me make a shortcut on the desktop - Clicked the shortcut and system look came up. I manually entered :filefind, etc and had it "look".

3. No notepad came up, but it did leave the SystemLook notepad icon on the desktop.

4. When I click the notepad icon, a screen comes up that says "C:\Documents and Settings\Greg\Desktop\SystemLook.txt Access is denied"

Thank you for your help,

Greg

BigProblem
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-09-28
OS : xp
Points : 26236
# Likes : 0

View user profile

Back to top Go down

Re: Computer Problems

Post by Belahzur on Tue Sep 29, 2009 6:27 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Computer Problems

Post by BigProblem on Tue Sep 29, 2009 10:04 pm

Ok,

1. Did as instructed above - had to run it from removable storage.
2. Combo fix screen came up and I agreed to the terms.
3. Another screen came up that said "!!ALERT!! IT is NOT SAFE to continue! The contents of the ComboFix package has been comprimised. Please download a fresh copy from: [You must be registered and logged in to see this link.]
Note: You may be infectedwith a filepatching virus'Virut'"

Thank you,
Greg

BigProblem
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-09-28
OS : xp
Points : 26236
# Likes : 0

View user profile

Back to top Go down

Re: Computer Problems

Post by Belahzur on Wed Sep 30, 2009 6:30 pm

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum