Показано с 1 по 10 из 10.

Virus Help Please

  1. #1
    Junior Member Репутация
    Регистрация
    21.01.2009
    Сообщений
    5
    Вес репутации
    56

    Virus Help Please

    I believe I got a virus yesterday morning somehow, I cant do alot of thing on my computer. I cant run IE, it opens for a split second and that's it. I also cant run numerous other programs. I tried to system restore, but when it said click to system restore, I clicked and nothing happened. I tried to follow the directions for the logfiles, I appreciate any help that I get thank you. I can however run firefox.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, at least you did a logs- it is almost victory
    Please disconnect form internet, disable your antivirus:
    Execute this script in avz: ( http://virusinfo.info/showthread.php?t=9207 )
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DelBHO('{C5BF49A2-94F3-42BD-F434-3604812C8955}');
     QuarantineFile('C:\WINDOWS\system32\nwiz.exe','');
     QuarantineFile('C:\WINDOWS\system32\hgfdge4unjdfdg.dll','');
     QuarantineFile('C:\WINDOWS\system32\Updater.exe','');
     QuarantineFile('C:\WINDOWS\Installer\{1ABD3BEB-2717-4BCC-8809-6A93777A8179}\_18be6784.exe','');
     QuarantineFile('C:\WINDOWS\9129837.exe','');
     QuarantineFile('C:\Program Files\MySpace\IM\MySpaceIM.exe','');
     QuarantineFile('C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL','');
     QuarantineFile('C:\DOCUME~1\home\LOCALS~1\Temp\winlogin.exe','');
     QuarantineFile('C:\DOCUME~1\home\LOCALS~1\Temp\csrssc.exe','');
     QuarantineFile('C:\WINDOWS\Tpujakamode.dll','');
     DeleteFile('C:\WINDOWS\Tpujakamode.dll');
     DeleteFile('C:\DOCUME~1\home\LOCALS~1\Temp\csrssc.exe');
     DeleteFile('C:\DOCUME~1\home\LOCALS~1\Temp\winlogin.exe');
     DeleteFile('C:\WINDOWS\9129837.exe');
     DeleteFile('C:\WINDOWS\system32\Updater.exe');
     DeleteFile('C:\WINDOWS\system32\hgfdge4unjdfdg.dll');
    BC_ImportAll;
    ExecuteSysClean;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(17);
    BC_Activate;
    RebootWindows(true);
    end.
    Please upload the quarantine according to our rules (please read appendix 3)
    Use this link: http://virusinfo.info/upload_virus_eng.php?tid=37955
    Did you run automatic scan of avptool or cureit in safe mode ? It is good idea to do it
    After all, please make a new logs according to our rules http://virusinfo.info/showthread.php?t=9184

    Did you edited an addresses in hosts file, or you don't know ?
    Последний раз редактировалось drongo; 22.01.2009 в 00:02.

  3. #3
    Junior Member Репутация
    Регистрация
    21.01.2009
    Сообщений
    5
    Вес репутации
    56
    I did run avptool in safe mode first like it said, but it found one thing, then computer froze up at 82%.
    I uploaded the quarantined files got this, not sure if you needed it or not.
    File saved as 090122_003633_virus_49779561bed07.zip
    File size 6085932
    MD5 aea9a30d3c2f9e7b1ce6945ff4ed1684

    I dont know about editing addresses in host file, not sure what that is.
    Should I make new logs now to look at?
    Should I run avptool in safe mode again and follow the steps again. Mostly everything is working now except IE, it just pops up a very slight second. Thanks for all your help so far.

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    I see, in this case, please execute this script:
    Код:
    begin
    ExecuteRepair(1);
    ExecuteRepair(2);
    ExecuteRepair(3);
    ExecuteRepair(4);
    ExecuteRepair(5);
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(12);
    ExecuteRepair(13);
    RebootWindows(true);
    end.
    Try to run in safe mode cureit.( ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe ) choose all drivers and make a full scan.
    After that start in normal mode and start an Internet Explorer and make an another virusinfo_syscure.zip


    C:\WINDOWS\Tpujakamode.dll - it is a new trojan, kaspersky will call it
    as Trojan.Win32.Agent.bkad
    Thank you for assistance
    Also i have noticed traces of psw-trojan - but it is no more in your system,but i am quite sure that it did stalled all your passwords.
    Good idea to change all your passwords from e-mail,ftp,forums, user accounts, IM,Bank account, etc.
    Последний раз редактировалось drongo; 22.01.2009 в 01:33. Причина: Добавлено

  5. #5
    Junior Member Репутация
    Регистрация
    21.01.2009
    Сообщений
    5
    Вес репутации
    56
    OK, I ran cureit, not sure if it worked, it ran for about 40 minutes, then it restarted itself.
    I did run avz and here are the new zip files.
    Everytime the computer start up, a window pops up that says " Error Loading
    C:\WINDOWS\TPUJAKAMODE.DLL
    THE SPECIFIED MODULE COULD NOT BE FOUND."
    Thanks again for all your help. P.S. Explorer still wont work.
    Вложения Вложения

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Strange... Did you run a cureit in safe mode ?
    Remember disable avira abtivirus temporary, or uninstall it before execution scripts.
    Lets try in other way:
    Fix only these lines in hijack this in normal mode:
    Код:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: 155.179.105.180 tipa1101.sbc.com
    O1 - Hosts: 155.179.105.180 optiswsouth.sbc.com
    O1 - Hosts: 132.201.85.86 cipa1401.sbc.com
    O1 - Hosts: 132.201.85.85 cipa1101.sbc.com
    O1 - Hosts: 132.201.85.85 optiswnorth.sbc.com
    O1 - Hosts: 144.155.215.19 odmsvr.sbc.com
    O1 - Hosts: 132.201.30.19 odmsvr.sbc.com
    O1 - Hosts: 150.234.64.52 odmsvr.sbc.com
    O1 - Hosts: 150.235.35.25 odmsvr.sbc.com
    O1 - Hosts: 155.179.77.25 odmsvr.sbc.com
    O1 - Hosts: 132.201.10.52 Cipc2508.sldc.sbc.com
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Nminij] rundll32.exe "C:\WINDOWS\Tpujakamode.dll",e
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    don't restart, execute this script in avz:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DeleteFile('C:\WINDOWS\Tpujakamode.dll');
    BC_ImportAll;
    ExecuteSysClean;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(17);
    BC_Activate;
    RebootWindows(true);
    end.
    about explorer, i think the better way to repair it - > go to add/remove programs and unistall IE7, restart, then go to official microsoft site and install IE7, restart
    Then in proxy settings insert 0.0.0.0:80 and forget about it

    Let us know, how is going.
    Последний раз редактировалось drongo; 22.01.2009 в 21:53.

  7. #7
    Junior Member Репутация
    Регистрация
    21.01.2009
    Сообщений
    5
    Вес репутации
    56
    When I run cureit in safe mode, should it be safe mode with networking, also should I disconnect from internet before i run the script in hijack then avz? thanks

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    1.disable internet connection before execution scripts.
    2.cureit don't needs internet, so choose without internet support

  9. #9
    Junior Member Репутация
    Регистрация
    21.01.2009
    Сообщений
    5
    Вес репутации
    56
    I did everything you said. I cant figure out whats with IE but thats no big deal right now, I just want to make sure my computer is clean. Here are the new logs. I reinstalled Avira, but it wont update, says internet connection failed, so I uninstalled it and tried AVG, and when I tried to update it did the same thing. I can however get online with FireFox or my CAD program OPTI. Thanks again for all your help, most best tech help I have ever recieved. I also have a ton of popups now, but that error message on start up is gone.
    Вложения Вложения
    Последний раз редактировалось daventnnk; 23.01.2009 в 17:30.

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    What pop-ups? Please make a screenshot of your popups and attach it.
    Do you use this C:\Program Files\MySpace\IM\MySpaceIM.exe ? Go to add/remove programs and uninstall it, perhaps it is the cause of your popups.
    Please download special avz in my signature, put in some new folder (for ex. on desktop)
    Install avzpm(in the main menu @ avz, click on AVZPM ->install an extra monitoring driver), restart windows, after that create a new virusinfo_syscure.zip , attach it to next post.

Похожие темы

  1. Kaspersky Anti-Virus: forbidden incoming virus Trojan-Downloader.BAT.Small.aq
    От makstarikov в разделе Помогите!
    Ответов: 28
    Последнее сообщение: 29.06.2012, 14:01
  2. Virus Acting Like an Anti-Virus Program (заявка №47308)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 18.01.2011, 21:01
  3. Virus removal tool does not eliminate identified virus (заявка №41545)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 13.12.2010, 12:00
  4. Virus Removal Tool Failed to remove Virus (заявка №38037)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 1
    Последнее сообщение: 18.11.2010, 18:00
  5. Ответов: 5
    Последнее сообщение: 22.01.2009, 01:13

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00854 seconds with 20 queries