Virus prevents me from opening anything.

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Virus prevents me from opening anything.

Post by theaustinguy on Wed 14 Jul 2010, 3:36 am

I can't run OTL or anything because whenever I try to open anything, it tells me that the file is infected and it does not let me run it.
Any help?
The virus started with opening popups everywhere, now it tries to get me to download Antivir Solution.

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Wed 14 Jul 2010, 8:20 pm

We are going to be using a Windows Recovery Environment to help disinfect the system.
Download the OTLPE Network REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Wed 14 Jul 2010, 11:28 pm

I downloaded OTLPE, but the window saying 'Do you want to burn the cd?' is only there for a moment, and it is quickly replaced with 'Application cannot be executed. The file otlpenet.exe is infected. Do you want to activate your antivirus now?'

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Thu 15 Jul 2010, 12:03 am

I went into safe mode to see if it would work there (I wasn't sure, but I thought I'd try), and Malewarebytes worked. So I ran a quick scan and it detected 4 folders. I got rid of the 4, and everything seems okay now... though it may not be.

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Thu 15 Jul 2010, 2:27 am

Try to do this in normal mode

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Thu 15 Jul 2010, 4:15 am

While starting to run combofix, it brought this message:

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package have been compromised.
Please download a fresh copy from bleeping computer.

Note: You may have been infected with a file patching virus (Virut)

...what should I do?

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Thu 15 Jul 2010, 7:31 am

Please go HERE. Browse for the following file path in to the box.

c:\windows\system32\user32.DLL

Then click submit. Make sure to re-scan the files.

Please post the results (URL) to your next reply.


Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Thu 15 Jul 2010, 6:41 pm

user32.dll:
[You must be registered and logged in to see this link.]

userinit.exe:
[You must be registered and logged in to see this link.]

explorer.exe:
[You must be registered and logged in to see this link.]

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Thu 15 Jul 2010, 8:16 pm

Looks like a worm smashed ComboFix.

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Fri 16 Jul 2010, 4:44 am

Process in memory: C:\WINDOWS\System32\svchost.exe:1120;;BackDoor.Tdss.565;Eradicated.;
{7AA397AB-4872-47E7-AD10-D3CCFBD390AB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Trojan.Fakealert.18453;;
{7AA397AB-4872-47E7-AD10-D3CCFBD390AB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Container contains infected objects;Moved.;
{789C3705-405D-464C-9261-E0ECF9873DD4}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Trojan.Fakealert.18453;;
{789C3705-405D-464C-9261-E0ECF9873DD4}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Container contains infected objects;Moved.;
{37EB480B-4750-4858-8ED7-3D0B9A1110AE}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Trojan.Fakealert.18453;;
{37EB480B-4750-4858-8ED7-3D0B9A1110AE}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Container contains infected objects;Moved.;
{2CE018D9-1054-4272-AA89-77C10C02CCAD}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Trojan.Fakealert.18453;;
{2CE018D9-1054-4272-AA89-77C10C02CCAD}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Container contains infected objects;Moved.;
{145170D9-BAC6-437F-8A4F-4C5785392DC2}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{6BC9B;Trojan.Fakealert.18453;;
{145170D9-BAC6-437F-8A4F-4C5785392DC2}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{6BC9B;Container contains infected objects;Moved.;
{0B83091B-95AE-442E-A19C-47B87E5254D2}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Trojan.Fakealert.18453;;
{0B83091B-95AE-442E-A19C-47B87E5254D2}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\QBackup\{FF8B8;Container contains infected objects;Moved.;

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Sat 17 Jul 2010, 7:11 pm

C:\WINDOWS\System32\svchost.exe:1120;;BackDoor.Tdss.565;Eradicated
Bingo.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Sat 17 Jul 2010, 10:34 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4322

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/17/2010 3:17:51 PM
mbam-log-2010-07-17 (15-17-51).txt

Scan type: Quick scan
Objects scanned: 132894
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Sun 18 Jul 2010, 4:34 am

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus prevents me from opening anything.

Post by theaustinguy on Wed 21 Jul 2010, 4:04 am

I've tried to run the scan several times, but it keeps freezing.

theaustinguy

Newbie Surfer
Newbie Surfer

Posts: 14
Joined: 2010-07-14
Operating System: XP

View user profile

Back to top Go down

Re: Virus prevents me from opening anything.

Post by DragonMaster Jay on Wed 21 Jul 2010, 4:39 am

Try this:

Run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-06
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum