Does my computer have a virus? What can I do?

View previous topic View next topic Go down

Does my computer have a virus? What can I do?

Post by FirstFreedomFighter on 3rd March 2010, 1:26 am

I have AVG 8.5 version anti-virus. A few days ago it told me to update it, but I did not do so Sad tearing
So now I am suspecting there is a virus or something in my computer. In the first place, there is this pop-up on my computer that says "Windows XP security" or something and tells me I have a lot of infections.
In the second place, AVG won't open anymore, and I downloaded AVG 9.0 but it also won't install.
What do I do?
I recently installed Anti-MalwarebytesPro but after scanning it wants me to register. What am I supposed to do?
Thanks in advance.

FirstFreedomFighter
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-03-03
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Does my computer have a virus? What can I do?

Post by Dr Jay on 3rd March 2010, 5:33 am

Hello. We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] and Save it to your desktop
  • Double click it to start the tool.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download [You must be registered and logged in to see this link.] to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Does my computer have a virus? What can I do?

Post by FirstFreedomFighter on 4th March 2010, 12:04 am

Before I begin, I'd like to say that I downloaded SpyBot immediately after I realized I might be infected. I ran a scan and removed all threats. So now AVG 8.5 will open but I am still suspicious and I want to make sure every trace of a virus is gone. AVG recently caught two viruses which I sent to the virus vault. Would moving them to the virus vault take care of those viruses or should I remove them if I can?

The Rooter results are enclosed:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service

Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 6,

GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] STOPPED (state:1) : Windows

Firewall -> Disabled !
.
Internet Explorer 6.0.2900.2180
Mozilla Firefox 3.5.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:110 Go - Free:87 Go )
D:\ [CD_Rom]
.
Scan : 16:04.18
Path : C:\Documents and Settings\Livingstone

Marmon\My Documents\Downloads\Rooter.exe
User : Livingstone Marmon ( Administrator -> YES

)
.
----------------------\\ Processes
.

LockSearch Results: [
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (764)
______ \??\C:\WINDOWS\system32\csrss.exe

(840)
______ \??\C:\WINDOWS\system32\winlogon.exe

(868)
______ C:\WINDOWS\system32\services.exe

(912)
______ C:\WINDOWS\system32\lsass.exe (924)
______ C:\WINDOWS\system32\Ati2evxx.exe

(1088)
______ C:\WINDOWS\system32\svchost.exe

(1104)
______ C:\WINDOWS\system32\svchost.exe

(1184)
______ C:\WINDOWS\System32\svchost.exe

(1232)
______ C:\WINDOWS\system32\svchost.exe

(1356)
______ C:\WINDOWS\system32\svchost.exe

(1384)
______

C:\WINDOWS\System32\WLTRYSVC.EXE

(1520)
______ C:\WINDOWS\System32\bcmwltry.exe

(1568)
______ C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe (1600)
______ C:\WINDOWS\system32\spoolsv.exe

(1856)
______ c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe (1908)
______ C:\WINDOWS\system32\svchost.exe

(1948)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

(1996)
______ C:\Program Files\Spyware

Doctor\BDT\BDTUpdateService.exe (2012)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe

(168)
______ C:\Program Files\Java\jre6\bin\jqs.exe

(536)
______ C:\Program Files\Spyware

Doctor\pctsAuxs.exe (608)
______ C:\Program Files\Spyware

Doctor\pctsSvc.exe (656)
______ C:\Program Files\Common

Files\supportsoft\bin\sprtlisten.exe (832)
______ C:\WINDOWS\system32\svchost.exe (844)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe

(1128)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe

(1332)
______

C:\WINDOWS\system32\wbem\unsecapp.exe

(2476)
______

C:\WINDOWS\system32\wbem\wmiprvse.exe

(2528)
______ C:\Program Files\Spyware

Doctor\pctsTray.exe (2856)
______ C:\WINDOWS\system32\Ati2evxx.exe

(2888)
______ C:\WINDOWS\Explorer.EXE (3048)
______ C:\WINDOWS\system32\WLTRAY.exe

(3436)
______ C:\WINDOWS\stsystra.exe (3524)
______ C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe (3572)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe

(3672)
______ C:\Program

Files\Lavasoft\Ad-Aware\AAWTray.exe (3732)
______ C:\Program Files\Java\jre6\bin\jusched.exe

(3784)
______ C:\WINDOWS\system32\LVCOMSX.EXE

(3800)
______ C:\Program

Files\Logitech\Video\CameraAssistant.exe (3844)
______ C:\WINDOWS\system32\ElkCtrl.exe

(3896)
______ C:\WINDOWS\system32\wuauclt.exe

(3952)
______ C:\Program Files\Messenger\msmsgs.exe

(664)
______ C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMes

senger.exe (724)
______ C:\Program

Files\AntiMalwarePro\AntiMalwarePro.exe (2052)
______ C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe (2076)
______ C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe (2104)
______ C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe (508)
______ C:\Program Files\AVG\AVG8\avgscanx.exe

(568)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe

(2164)
______ C:\Program Files\Mozilla

Firefox\firefox.exe (712)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe

(3384)
______ C:\Program Files\Spybot - Search &

Destroy\SpybotSD.exe (2660)
______ C:\Program Files\Microsoft

Office\Office\WINWORD.EXE (2392)
______ C:\Program Files\Windows Media

Player\wmplayer.exe (1956)
______ C:\Documents and Settings\Livingstone

Marmon\My Documents\Downloads\Rooter.exe

(1352)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]--

(Start_Offset:32256 | Length:118518027264)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update

(Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software

Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachine

Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachine

UA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:04.37
.
C:\Rooter$\Rooter_1.txt - (03/03/2010 | 16:04.37)

LockSearch Results:
LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:11 on 03/03/2010 (Livingstone Marmon)
Scanning C:\


C:\pagefile.sys
-------------------------


C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
-------------------------


C:\Documents and Settings\Livingstone Marmon\Local Settings\Application Data\av.exe
-------------------------


C:\Documents and Settings\Livingstone Marmon\Local Settings\Application Data\MSASCui.exe
-------------------------

-=E.O.F=-

CKScanner Results:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


I was unable to unzip CheetahRogue, I will attempt to again. As soon as I am able to open it I will post the contents.
Thanks!

FirstFreedomFighter
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-03-03
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Does my computer have a virus? What can I do?

Post by Dr Jay on 4th March 2010, 2:40 am


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14307
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302944
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Does my computer have a virus? What can I do?

    Post by FirstFreedomFighter on 4th March 2010, 11:49 pm

    Update on my computer's status:
    Whilst the (fake?) Windows XP warning has now vanished, the only thing that seems unnatural is that my computer is running unusually slow.

    RESULTS:
    Running from: C:\Documents and Settings\Livingstone Marmon\My Documents\Downloads\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Livingstone Marmon\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!

    FirstFreedomFighter
    Beginner
    Beginner

    Posts Posts : 3
    Joined Joined : 2010-03-03
    OS OS : Windows XP
    Points Points : 24763
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Does my computer have a virus? What can I do?

    Post by Dr Jay on 5th March 2010, 2:14 pm

    Please download ComboFix from [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]

    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
    • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14307
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302944
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum