Computing.Net > Forums > Security and Virus > Acces Blocked Virus Warning

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Acces Blocked Virus Warning

Reply to Message Icon

Name: iovo
Date: February 12, 2005 at 01:48:53 Pacific
OS: XP
CPU/Ram: 256
Comment:

Hi,my problem is the following:
every time i reboot my pc a virus appears.When i try to open my web explorers it says:Acces Blockes Virus Warning.I remove it with AdAware but the next time it appears again.Here are two logs-from AdAware and HiJack this
AdAware:
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 09.2.2005 г. 08:51:18
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 09.2.2005 г. 08:51:21
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1136
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1456
ThreadCreationTime : 09.2.2005 г. 08:51:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe


And here is the HiJack This' log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\AVPersonal\AVGUARD.exe
C:\Program Files\AVPersonal\AVWUPSRV.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\bbrowser55\biskvitka.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\FlashGetGet\flashget.exe
D:\FixOpsrv.exe
D:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: FlexType 2K.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm
O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe

I hope you will help:)Thanks in advance




Sponsored Link
Ads by Google

Response Number 1
Name: Atlantic
Date: February 12, 2005 at 02:02:57 Pacific
Reply:

Is System Restore turned off? If not, it might be re-infecting your PC; viruses often hide in SR when it's running. Disabling SR dumps all of its files--including any malware.

Also, you could try scanning your box online at TrendMicro.


0

Response Number 2
Name: iovo
Date: February 12, 2005 at 02:05:04 Pacific
Reply:

I turned it off yesterday,i did it again today;)But should i keep it on off?Ins't this dangerous?


0

Response Number 3
Name: jam14online
Date: February 12, 2005 at 03:05:01 Pacific
Reply:

You should leave System Restore disabled until you've repaired your machine. As Atlantic pointed out, if you leave SR enabled while you are still infected you will only be reinfecting yourself if you performed a restore to an earlier time.

Therefore, disable SR and clean out your machine. I recommend following this guide:

How to perform a clean boot in Windows XP

When you've rebooted in the "clean mode", do a full system scan with your virus scanner and any other tools (Spybot, Ad-Aware etc) you have.

The online Trend Micro virus scan Atlantic recommended is good, but so too is Panda ActiveScan. Try everything you can to disinfect your system.

Please post back here and tell us what happened.



0

Response Number 4
Name: smifff
Date: February 12, 2005 at 12:41:22 Pacific
Reply:

Hi iovo

You could have a number of viruses and trojans
csrss.exe
isass.exe.
services.exe
winlogon.exe possible but not in XP
ETC ETC

All show up as potential viruses check the Running processes from the lists here
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Download stinger first and run that, than
try the online virus scanner and see if it removes any, then go onto the trojan scanners

http://vil.nai.com/vil/stinger/

http://housecall.antivirus.com/housecall/start_corp.asp
http://windowsxp.mvps.org/Scanners.htm

Trojan scans
http://www.windowsecurity.com/trojanscan/

http://www.pctools.com/spyware-doctor/

http://www.pcflank.com/trojans_test1.htm


Downloads
http://www.agnitum.com/download/tauscan.html

http://www.emsisoft.com/en/software/free/

http://www.misec.net/

If you have an antivirus program update it otherwise get a free one here
http://free.grisoft.com/freeweb.php/doc/2/

Also install a firewall
http://smb.sygate.com/support/documents/spf/default.htm



If any advice helps, please post back as it might help others.


0

Response Number 5
Name: seawatch
Date: February 13, 2005 at 08:25:36 Pacific
Reply:

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm
O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe

Get rid of all the above also.

Larry



0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon






Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links

Ads by Google


Results for: Acces Blocked Virus Warning

Virus warning and contacting ISP www.computing.net/answers/security/virus-warning-and-contacting-isp/14767.html

Virus controlling browser behavior www.computing.net/answers/security/virus-controlling-browser-behavior/15147.html

access blocked on IE www.computing.net/answers/security/access-blocked-on-ie-/20865.html