Computing.Net > Forums > Security and Virus > Acces Blocked Virus Warning

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Acces Blocked Virus Warning

Reply to Message Icon

Original Message
Name: iovo
Date: February 12, 2005 at 01:48:53 Pacific
Subject: Acces Blocked Virus Warning
OS: XP
CPU/Ram: 256
Comment:

Hi,my problem is the following:
every time i reboot my pc a virus appears.When i try to open my web explorers it says:Acces Blockes Virus Warning.I remove it with AdAware but the next time it appears again.Here are two logs-from AdAware and HiJack this
AdAware:
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 09.2.2005 г. 08:51:18
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 09.2.2005 г. 08:51:21
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 09.2.2005 г. 08:51:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1136
ThreadCreationTime : 09.2.2005 г. 08:51:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1456
ThreadCreationTime : 09.2.2005 г. 08:51:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe


And here is the HiJack This' log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\bbrowser55\biskvitka.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\FlashGetGet\flashget.exe
D:\FixOpsrv.exe
D:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: FlexType 2K.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm
O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

I hope you will help:)Thanks in advance



Report Offensive Message For Removal


Response Number 1
Name: Atlantic
Date: February 12, 2005 at 02:02:57 Pacific
Reply: (edit)

Is System Restore turned off? If not, it might be re-infecting your PC; viruses often hide in SR when it's running. Disabling SR dumps all of its files--including any malware.

Also, you could try scanning your box online at TrendMicro.


Report Offensive Follow Up For Removal

Response Number 2
Name: iovo
Date: February 12, 2005 at 02:05:04 Pacific
Reply: (edit)

I turned it off yesterday,i did it again today;)But should i keep it on off?Ins't this dangerous?


Report Offensive Follow Up For Removal

Response Number 3
Name: jam14online
Date: February 12, 2005 at 03:05:01 Pacific
Reply: (edit)

You should leave System Restore disabled until you've repaired your machine. As Atlantic pointed out, if you leave SR enabled while you are still infected you will only be reinfecting yourself if you performed a restore to an earlier time.

Therefore, disable SR and clean out your machine. I recommend following this guide:

How to perform a clean boot in Windows XP

When you've rebooted in the "clean mode", do a full system scan with your virus scanner and any other tools (Spybot, Ad-Aware etc) you have.

The online Trend Micro virus scan Atlantic recommended is good, but so too is Panda ActiveScan. Try everything you can to disinfect your system.

Please post back here and tell us what happened.



Report Offensive Follow Up For Removal

Response Number 4
Name: smifff
Date: February 12, 2005 at 12:41:22 Pacific
Reply: (edit)

Hi iovo

You could have a number of viruses and trojans
csrss.exe
isass.exe.
services.exe
winlogon.exe possible but not in XP
ETC ETC

All show up as potential viruses check the Running processes from the lists here
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Download stinger first and run that, than
try the online virus scanner and see if it removes any, then go onto the trojan scanners

http://vil.nai.com/vil/stinger/

http://housecall.antivirus.com/housecall/start_corp.asp
http://windowsxp.mvps.org/Scanners.htm

Trojan scans
http://www.windowsecurity.com/trojanscan/

http://www.pctools.com/spyware-doctor/

http://www.pcflank.com/trojans_test1.htm


Downloads
http://www.agnitum.com/download/tauscan.html

http://www.emsisoft.com/en/software/free/

http://www.misec.net/

If you have an antivirus program update it otherwise get a free one here
http://free.grisoft.com/freeweb.php/doc/2/

Also install a firewall
http://smb.sygate.com/support/documents/spf/default.htm



If any advice helps, please post back as it might help others.


Report Offensive Follow Up For Removal

Response Number 5
Name: seawatch
Date: February 13, 2005 at 08:25:36 Pacific
Reply: (edit)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm
O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

Get rid of all the above also.

Larry



Report Offensive Follow Up For Removal







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home








Do you have your own blog?

Yes
No
I did before
I will soon


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History




Data Recovery Software