Dangerous Virus Please Help!!!!!!!!! - Firewalls

This is a discussion on Dangerous Virus Please Help!!!!!!!!! - Firewalls ; ok now i dont know if this is the right place or not but please help me. i have this virus problem, i got this after downloading a keygen i think. anyways, everytime i open internet explorer or click anything ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Dangerous Virus Please Help!!!!!!!!!

  1. Dangerous Virus Please Help!!!!!!!!!


    ok now i dont know if this is the right place or not but please help me.
    i have this virus problem, i got this after downloading a keygen i
    think.
    anyways, everytime i open internet explorer or click anything on
    internet explorer this sign pops up and says. (This also happens when i
    attempt to open any folders)

    Virus Below - [USER NAME] is my username i just writ that because of
    personal safety.

    \"ATTENTION, [USER NAME]! SOME DANGEROUS VIRRUSES DETECTED IN YOUR
    SYSTEM. WINDOWS VISTA (TM) HOME PREMIUM FILES CORRUPTED, THIS MAY LEAD
    TO THE DESTRUCTION OF IMPORTANT FILES IN C:\WINDOWS. DOWNLOAD PROTECTION
    SOFTWARE NOW!

    CLICK OK TO DOWNLOAD THE ANTISPYWARE. (RECOMENDED)\"

    there is a yes or no button.

    if i press yes it takes me to an area to download this anti virus
    if i press no it takes me to another area saying its recomended to
    download this, and are you sure you want to destroy your pc's health.
    etc etc

    now i think this is just Some sort of Mal-ware.

    i have used all my anti viruses to pick up something. but yet no luck
    i have used

    Bit Defender v10
    Malwarebytes' Anti-Malware
    Ive downloaded "Spybot S&D" aswell and tryed it. but no luck was
    found.

    so im asking anyone out there can you help me. I know people have had
    the same sort of problem but they had XP and they solved it using spybot
    or anti-malware programs. but i used em and nothing has helped me.

    Thank you
    - A very troubled Vista User


    --
    ineedhelp
    ------------------------------------------------------------------------
    ineedhelp's Profile: http://forums.techarena.in/members/ineedhelp.htm
    View this thread: http://forums.techarena.in/virus-spyware/1034178.htm

    http://forums.techarena.in


  2. Re: Dangerous Virus Please Help!!!!!!!!!

    ineedhelp writes:

    > ok now i dont know if this is the right place or not but please help me.
    > i have this virus problem, i got this after downloading a keygen i
    > think.


    Most keygens are trojaned. If you need to research them, it should
    NEVER be done on your host operating system. They should only be deal
    with inside a virtual machine under vmware or equivalent, and a locked
    down instance of vmware at that.


    > anyways, everytime i open internet explorer or click anything on
    > internet explorer this sign pops up and says. (This also happens when i
    > attempt to open any folders)
    >
    > Virus Below - [USER NAME] is my username i just writ that because of
    > personal safety.


    If you've still got this computer on, you have no personal privacy, in
    all likelihood. I don't mean to come off as harsh--but you can't trust
    that computer any longer.

    > \"ATTENTION, [USER NAME]! SOME DANGEROUS VIRRUSES DETECTED IN YOUR
    > SYSTEM. WINDOWS VISTA (TM) HOME PREMIUM FILES CORRUPTED, THIS MAY LEAD
    > TO THE DESTRUCTION OF IMPORTANT FILES IN C:\WINDOWS. DOWNLOAD PROTECTION
    > SOFTWARE NOW!
    >
    > CLICK OK TO DOWNLOAD THE ANTISPYWARE. (RECOMENDED)\"
    >
    > there is a yes or no button.
    >
    > if i press yes it takes me to an area to download this anti virus
    > if i press no it takes me to another area saying its recomended to
    > download this, and are you sure you want to destroy your pc's health.
    > etc etc
    >
    > now i think this is just Some sort of Mal-ware.
    >
    > i have used all my anti viruses to pick up something. but yet no luck
    > i have used
    >
    > Bit Defender v10
    > Malwarebytes' Anti-Malware
    > Ive downloaded "Spybot S&D" aswell and tryed it. but no luck was
    > found.
    >
    > so im asking anyone out there can you help me. I know people have had
    > the same sort of problem but they had XP and they solved it using spybot
    > or anti-malware programs. but i used em and nothing has helped me.


    The canonical advice for any potential malware infection is to flatten
    and rebuild. That is, fdisk, reformat, and reinstall the OS from
    original readonly media.

    Unforutnately, many computers come without DVD or CD backup media, and
    leave that only on the hard drive in a utility partition where CD's or
    DVD's can be made from there. Unfortunately as the utility partition
    is part of a live hard drive, it too can be prone to infection and
    could possibly create trojaned install media. Not likely... but
    possible.

    Best of luck recovering from your malware infection. I'd strongly
    recommending a complete reinstall from original DVD/CD media. You'll
    at least then be able to trust your machine again. No individual
    point tools will restore your peace of mind, as there's no way
    antimalware tools can know how to clean the infinite number of
    variants of malware that exist.

    --
    Todd H.
    http://www.toddh.net/

  3. Re: Dangerous Virus Please Help!!!!!!!!!

    ineedhelp, my dear, dear friend, there was this time, oh, 9/8/2008 12:08
    AM, or thereabouts, when you let the following craziness loose on Usenet:


    This virus and variants are all over the intertubes these days.

    Google and download smitfraudfix.

    Unzip it; run it.

    Update it.

    Reboot into safe mode (hit F8 repeatedly while the PC boots)

    Run smitfraudfix again.

    Choose #2 (Clean - Safe mode recommended)

    HTH.

    Cheers.


  4. Re: Dangerous Virus Please Help!!!!!!!!!


    here is a hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:32:24 p.m., on 9/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\jureg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows
    Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://nonoh.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -
    c:\Program Files\Common Files\Symantec
    Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
    file)
    O2 - BHO: Windows Live Sign-in Helper -
    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Safe web - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} -
    C:\Windows\system32\syssf.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar -
    {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common
    Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
    Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program
    Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program
    Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
    Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus
    G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2
    Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program
    Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program
    Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
    C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common
    Files\Symantec
    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m
    "C:\Program Files\Common Files\Symantec
    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
    Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol
    Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media
    Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
    Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
    oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
    Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: MediaRing Talk.lnk = C:\Program Files\MediaRing\MediaRing
    Talk\mrtalk.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin
    Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj
    Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary...t.cab56907.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - c:\Program Files\Common Files\Symantec
    Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
    Symantec Corporation - c:\Program Files\Common Files\Symantec
    Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program
    Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program
    Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - c:\Program Files\Common
    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec
    Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service
    (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common
    Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN
    S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update
    Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation -
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -
    Symantec Corporation - c:\Program Files\Common Files\Symantec
    Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation -
    C:\Program Files\Common Files\Symantec
    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common
    Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
    (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner -
    C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe (file
    missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program
    Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec
    Corporation - c:\Program Files\Common Files\Symantec
    Shared\AppCore\AppSvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. -
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. -
    C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L -
    C:\Program Files\Common Files\Softwin\BitDefender
    Communicator\xcommsvr.exe

    --
    End of file - 10555 bytes


    --
    ineedhelp
    ------------------------------------------------------------------------
    ineedhelp's Profile: http://forums.techarena.in/members/ineedhelp.htm
    View this thread: http://forums.techarena.in/virus-spyware/1034178.htm

    http://forums.techarena.in


  5. Re: Dangerous Virus Please Help!!!!!!!!!

    On Mon, 8 Sep 2008 10:38:19 +0530, ineedhelp
    wrote:

    >ok now i dont know if this is the right place or not


    It isn't.

    >i have this virus problem, i got this after downloading a keygen i
    >think.


    IOW a self-imposed problem.

    Revert your system to a known clean state - which ultimately means
    flatten and rebuild - and then reconsider your habits.

  6. Re: Dangerous Virus Please Help!!!!!!!!!

    In article ,
    ineedhelp.3fgfve@DoNotSpam.com says...
    > End of file - 10555 bytes
    >


    What part of the instructions on where to post didn't you understand?

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

+ Reply to Thread