computer severely infected

Dell / DIMENSION 3100
January 2, 2009 at 14:52:14
Specs: vista, intel pentium 4 512MB
Over the past week my computer has started to malfunction severly, it started with spy ware/adware, promoting there virus protection etc which i did not download, i ran a spybot and ad-aware which got rid of some of it, but now the virus was creating shortcuts on my computer and everytime i deleted them, they would re appear. Then my computer would start to freeze frequently and then my computer began to shut down as by itself as a precautionary measure to prevent further damage. i then ran avg 8.0 which got rid of about 12 trojans which where infecting my pc, after that it seemed like my computer was running alot smoother but the next time i started the computer i got a blue screen which said the computer had to shutdown to prevent furhter damage occuring. Now i cannot even start my computer without it turning itself off as a precautionary measure. I can only turn it on in safe mode, not sure what to do. And also when i was getting online, some sites like computing.net and avg and mcafee where being prevented from being viewed but other stuff worked fine. im posting this from my laptop as i am quite limited to what i can do in safemode, any help would be appreciated


See More: computer severely infected

Report •


#1
January 2, 2009 at 15:14:17
Hi,

do not get me assure you solve this problem, but we try.

download on a pen drive, http://www.suspectfile.com/systemscan restart in safeboot with the pen drive already included, open systemscan and make sure that all options are checked, click on "Scan Now" at the end of the scan will be released (always on your desktop inside the folder suspectfile) two files.
Go to office http://www.freefilehosting.net the zip file and write in your next reply URL where I can get it.


NB
the duration of the scan may be long, it might even seem that the program is not working, do not worry is not so;)

SystemScan is recognized, mistake, by some antivirus as infected.
--

Ciao,
Marco


Report •

#2
January 2, 2009 at 17:14:35
ok i tried to run the system scan but sadly my computer decided to shut during it coming up with the usual blue screen telling my it had to shut down to prevent further damage etc....should i try again or would a hijackthis log be useful? ps roughyl how long would the system scan usually take?

Report •

#3
January 2, 2009 at 19:29:37
have managed to do the system scan barring option 5 (autoplay something).
http://freefilehosting.net/download...

Report •

Related Solutions

#4
January 3, 2009 at 05:03:01
Hi,

download http://swandog46.geekstogo.com/aven...
Run avenger.exe, copy and paste inside the white box this script:

files to delete:
C:\WINDOWS\Mtiluyirogodin.dll
C:\WINDOWS\system32\vFMnnUtv.ini
C:\WINDOWS\system32\vFMnnUtv.ini2
C:\WINDOWS\system32\txgubqws.ini
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\k9261108.exe
C:\WINDOWS\system32\urqNefEX.dll
C:\WINDOWS\system32\swqbugxt.dll
C:\WINDOWS\system32\fpvbkybv.dll
C:\WINDOWS\system32\awtrRkJC.dll
C:\WINDOWS\system32\rdkjsojp.dll
C:\WINDOWS\system32\fbc9fa25-.txt
C:\WINDOWS\system32\vtUnnMFv.dll
C:\WINDOWS\system32\cbXqpqOf.dll
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\ipsink.ax
C:\WINDOWS\system32\vfwwdm32.dll
C:\WINDOWS\temp\rtdrvmon.exe
C:\Documents and Settings\Mandeep\Application Data\gadcom\gadcom.exe
C:\WINDOWS\system32\hweypw.dll
C:\WINDOWS\system32\drivers\senekatpevqjup.sys
C:\WINDOWS\tasks\tucrkcna.job

folders to delete:
C:\Program Files\VirusRemover2008
C:\Documents and Settings\Mandeep\Application Data\gadcom

registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | KernelFaultCheck

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{394c8250-eb12-47fa-bea5-daa251e7ef9e}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D841923-598E-4CAB-AE2A-FB2E468DB9AB}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\MSConfig\startupreg\f0ea3e5b
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\MSConfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\MSConfig\startupreg\Lfohuyoku
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\MSConfig\startupreg\prunnet
HKLM\system\currentcontrolset\services\seneka
HKLM\system\controlset001\services\seneka
HKLM\system\controlset003\services\seneka

Put a check "Automatically disable any rootkits found", click "Execute".
The PC should reboot alone, otherwise you restart.

--

Open Notepad and enter inside this script, please copy / paste


Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{394c8250-eb12-47fa-bea5-daa251e7ef9e}]

[-HKEY_CLASSES_ROOT\CLSID\{8D841923-598E-4CAB-AE2A-FB2E468DB9AB}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"gadcom"=-

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"msiexec.exe"=-
;

Click on the upper left on "File" then "Save As" from the window that opens click under "Save as:" > select "All Files" > in the "File name" Send fix.reg > Save the file to your desktop.
Double-click on fix.reg confirmation when required. Reboot the PC.

--

Run a new scan with SystemScan.

- Go to office http://www.freefilehosting.net the zip file and write in your next reply URL where I can get it
and also avenger.txt and ComboFix.txt which are in C:\


ciao
Marco :)


Report •

#5
January 3, 2009 at 06:46:17
the computer seems to be running pretty smoothly now with no sudden shut downs thanks,
system scan:
http://freefilehosting.net/download...
avanger.txt:
http://freefilehosting.net/download...
ComboFix.txt:
http://freefilehosting.net/download...

Report •

#6
January 3, 2009 at 07:25:22
Run avenger.exe, copy and paste inside the white box this script:


Files to delete:
C:\WINDOWS\system32\senekadf.dat
C:\WINDOWS\system32\seneka.dat
C:\WINDOWS\system32\senekahcnlrkpq.dll
C:\WINDOWS\system32\senekaklputmei.dll
C:\WINDOWS\temp\rtdrvmon.exe
C:\WINDOWS\temp\D653F3EC.TMP
C:\WINDOWS\system32\vtUnnMFv.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6A2AAAD-A30C-4E57-A14E-AFA0C0190567}


Put a check "Automatically disable any rootkits found", click "Execute".
The PC should reboot alone, otherwise you restart.


Then you should check two files that seem suspicious.
Up
www.virustotal.com
and control:
C:\WINDOWS\system32\patcher.exe
C:\WINDOWS\system32\Remove.exe

as before, give me the URLs to download the log avenger.txt and the results of virustotal.com

;)
ciao


Report •

#7
January 3, 2009 at 17:17:53
found the file
C:\WINDOWS\system32\Remove.exe
but couldn't find
C:\WINDOWS\system32\patcher.exe


http://www.virustotal.com/reanalisi...

http://freefilehosting.net/download...


Report •

#8
January 4, 2009 at 01:21:49
The link to virustotal.com you've written there is no data.
For everything else seems ok.
Checking the proper functioning of your antivirus update to the latest database and perform a scan of the entire operating system.

If you still have problems write in your next reply

a nice day

Marco


Report •

#9
January 4, 2009 at 06:33:12
think this is it,
http://www.virustotal.com/analisis/...

Report •

#10
January 5, 2009 at 09:07:38
Hi,

ok, Remove.exe is not infected.

Have you other problems?


Report •


Ask Question