PDA

View Full Version : Need help with a virus please



mike_34
2009-10-24, 16:56
Hi,
I'm running windows XP PRo (service pack 3) using Firefox 3.5.3 as my browser. Comcast provided McAfee is always running. From past experience I also have Spybot, Windows Defender and HiJack this all installed.

Several virus warnings popped up while online. The McAfee "M" disappeared from the toolbox. I tried to run it from the programs menu, no luck.

Windows Defender popped up and started to run, then it too disappeared.

I updated Spybot (two downloads) and tried to run it. It stopped after about 30 seconds and shut down.

I powered down, shut down the wireless internet router and tried to start in safe mode. An error message came up on a blue screen Saying windows is shutting down error message: STOP:0x0000007E.

I tried to reboot in safe, same result. I rebooted normally and it fired up. I tried to run McAfee, no luck. Same w/ SPybot. With both of them nothing happened.

I ran HiJack this and got this message:

"For some reason your system denied access to the hosts file. IF any hijacked domains are in the file, HiJack this may NOT be able to fix this."

I followed the instructions provided with the HiJackThis error message and got this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

HIJackThis shut down prematurely. Now when I try to run it I get this message:

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

I then connected to the internet and tried to run Microtrend and it provided an error message (didn't write it down). I tried to run it again and in less than 10 seconds it said no Malware found.

I came here and have tried to follow your BEFORE YOU POST directions.

I have downloaded ERUNT and run it. Back up files are saved.

Spybot will not run, so I tried used the SPYBOT DOESN'T RUN post.

1. No luck with SCR files (i have 5 of them). It opens a SPYBOT icon in my tool tray, but nothing else.

2. I have tried to change Spybot.exe to another name. I get this message:

"Cannot rename SpybotSD: access is denied.

Make sure the disk is not full or write protected and that the file is not currently in use."

3. Can't start in safe mode.

That brings me here. I continue to get the bogus security warnings with annoying screech. I am right clicking the blue windows bar and using close, then the X button to close the confirmation window, as I am unable to use C+A+D to shut it down. But I'm guessing you know that. :)

Some direction please?

Thanks!





.

Blade81
2009-10-26, 23:22
Hi,

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Blade81
2009-11-04, 00:00
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.