looks like ive acquired a good Virus this tim

June 16, 2010 at 16:19:17
Specs: xp64 pro sp2, 2.4G athlon x2 dual
looks like ive acquired a good virus this time.

i have installed a copy of af ARMPXFPP_EN recently (xp64 pro)and its been a rough one since the get go.

i wasn't sure what the problem was at first, but system was really slow, got caught up on shutdown/restart, firefox was abhorrently slow, all programs were having delays, and finally windows update got stuck it appeared, so i canceled and it never actually canceled it just hung there in an invisible window.

Now, im an antivirus remover myself, and a system tech, but i thought i would look for some outside help this time because this one is deep rooted and all my security systems failed this one. i suspect it slipped in before i got the antivirus installed.

i have AVG free, Comodo since thats the only free firewall i could find for xp64, and malware bytes.

i ran a malware bytes scan in safe mode and it found 3 errors, all appeared they were related to the settings i selected in my nlite build, which was my computer in start menu, classic view in control panel, and some other start menu tweak. i have never seen anything like this appear in malwaer bytes. i removed them incase. then rebooted.

the system seemed to run fine for a couple hours, but it came back.

today i was able to update malwarebytes, and ran only a quick scan, it came back empty.

so i decided to follow this post http://www.computing.net/answers/se... adn ran a hijack log so i could submit it here.

does any one have a chance to help me look over my hijack log?

See More: looks like ive acquired a good Virus this tim

Report •

June 16, 2010 at 16:55:31
1. you should be posting in the security & virus forum

2. do yourself a favor & dump XP x64

Report •

June 16, 2010 at 16:56:04
"does any one have a chance to help me look over my hijack log?"

Use the hijackthis analyzer


Report •

June 16, 2010 at 17:23:10
first i didnt see the virus board, can an admin move this topic there so it can get teh attention it deserves?

i looked at the hijack analyzer and the only thing i saw that the analyzer thought could be suspect was C:\Program Files (x86)\AVG\AVG9\avgemc.exe,

and why dump xp64? i have been an avid die hard xp pro user for about 8 years now, and i finally decided to utilize my 64 bit architecture by testing this op sys. i know it runs the WOW64 emulator, but it must be faster and have more overhead cpu bandwidth than xp32.

EDIT: ahh i see it in teh specialty forums, i only was looking under the General forums... doh.

Report •

Related Solutions

June 16, 2010 at 18:25:28
"and why dump xp64?"

It was never really "made it" & has limited driver support. If you must run a 64-bit OS, go with Vista or better yet, Win7.


Report •

June 16, 2010 at 19:46:55
well, i read most of that stuff before i spent 4 days on making a clean build that would boot my NForce 5 raid5 array. i have had the disk lying around for more than 2 years now, and was time to reinstall XP, so i chose the 64bit this time to give it a whirl. I prefer to stick with this right now because i have too much time invested in it, and have just moved 250GB of data 3 times, and dont want to risk it by doing it again any time soon.

also i do alot of video editing so needed the extra headroom in hopes that they will encode faster, and capture at lower bit rates successfully.

i dont have any issue finding drivers so far either. And i thought it would help improve the malware issue, atleast the rootkits as is mentioned, but so far not-so-good.

do you think anybody will have a chance to take a look at the issue at hand?

i found a file called ezsidmv.dat using win patrol as a hidden file, and opted to remove after boot after some research, and at a quick glance, looks like it might be gone now.

malware bytes update reports error has occurred, MBAM_ERROR_UPDATING (12007, 0, WinHTTPSendRequest) but i did do a successful update earlier as i mentioned.

i ran smitfraudfix in both safe mode, and in standard mode but it looks like it too is hijacked unelss it doesnt support 64bit, because it would get to about step 4 or 5, then close down and disappear on both the scan, and clean methods.

i did post a link to this topic in the virus forms but didnt want to double post so i just linked it.

Report •

June 16, 2010 at 20:32:31
I hope you do get the help you need, and at the risk of harping on it: For 64bit computing, use Windows 7 or use a Linux 64bit OS. XP64 was MS' first try at selling a 64bit OS and needed some more work and much more universal support. Windows 7 64bit has the buggs worked out, supports 32bit programs more thoroughly, and is much more secure than XP 64bit. AND Linux 64bit kernel has had much more work and support while MS had to catch up. I use Windows 7 64bit and it runs very well and is very secure. I anticipate more true 64bit programs in the near future being available.

You have to be a little bit crazy to keep you from going insane.
If all else fails, read instructions.

Report •

June 16, 2010 at 23:11:55
About Windows

well, i thought like vista, i would wait for the bugs to be worked out. Eventually i heard nothing but problemsabout vista. I have tried it and didnt like it compared to XP. then i saw that windows 7 has the same appearance as vista, so i grouped it in the same place in my mind as vista, 'wait until teh bugs worked out' and 'not comfortable with the look and feel, reminds me of vista'. and since im a die hard pc tech that goes deep, i know xp like the back of my hand, and worry i wont have the full control of registries, file sharing, consoles, boot files, familarity of system files to manipulate when necessary, services, networking setup, file securities and permissions and all the other back end stuff that i have gotten quite acquainted with over the years.

is most of that stuff the same, or is it a 180 flip of what it used to be? i dont like being unfamiliar with my op sys ineternals.

knowing windows, its all the same, just fancier looking.

About the virus

i finally got smitfraud to run, it cleaned up some files in the GenericRenosFix section i believe, so i rebooted into safe mode and ran it again, successfully this time. and i also ran malware buytes and it still found nothing. but after that reboot things are looking up!! working much smoother with no problems yet, FOR ONCE. i might mention, i also Defogger.exe to unmount any cd emulators, and removed that file ezsidmv.dat with winPatrol a few reboots prior to getting the smitfraud to finally run successfully.

The thing that plagues me is malwarebytes, AVG which im beginning to trust less as teh days go by, and Comodo which im still getting used to didnt flag anything noticably wrong with the system.

i did download avira_antivirus so im considering replacing AVG with that. im open to suggestions on this one.

Report •

June 17, 2010 at 00:35:36
You could also try Microsoft's own 'Security Essentials' - it's
free and gets as good reviews as any other free AVs.

As far as Win7 is concerned, yes it's all still there, though MS
have tried to hide some of it from average users. It is nothing
like as problematic as Vista & if you look at many 'off the
shelf' laptops & systems a lot of them come with 64bit OS so
drivers & compatibility is far less of a problem now. Plus, as
a tech you're going to see more Win7 (& Vista unfortunately)
systems in the future so you may as well start familiarising
yourself now.... Actually getting to know Win7 will help with
Vista as the basics are similar on both OS's, just that Win7
got it right.

"I've always been mad, I know I've been mad, like the most of us..."

Report •

Report •

Ask Question