Results 1 to 9 of 9

Thread: Can't run Spybot, Windows Antivirus Pro 2010 present

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Sep 2009
    Posts
    5

    Default Can't run Spybot, Windows Antivirus Pro 2010 present

    I'm running a Dell XPS M170 notebook with windows XP media center service pack 2. I have 1GB of memory and an 80GB hard drive with 9GB free.

    I believe that I am infected with the windows Antivirus pro 2010 virus. Here are some of the symptoms.
    -frequent pop-ups by this fake AV program, and have not been able to get it off my computer.
    -could not open my task manager.
    -not been able to run AV programs such as AVG and Spybot.
    -search engine redirect where i cannot open results from searches; i get redirected and then my browser (firefox 2 and IE) usually crashes.
    -logitech setpoint recently stopped working, and does not work even if reinstalled (could be completely unrelated)

    Here is what i have tried so far:
    -for the task manager i was able to re-enable it with this command; "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f."
    -i tried not only running spybot, but running it in safe mode. i can occasionally get spybot to open, but it crashes as soon as i begin the scan, and then i can no longer open it
    -i ran avg in both full and safe modes of windows, and it ran for a while in safe mode, but eventually crashed
    -i tried to do the "before you post instructions," but the only program i could get to run was erunt

    thanks in advance

  2. #2
    Junior Member
    Join Date
    Sep 2009
    Posts
    5

    Default Unable to run spybot and other AV scans

    I'm running a Dell XPS M170 notebook with windows XP media center service pack 2. I have 1GB of memory and an 80GB hard drive with 9GB free.

    I believe that I am infected with the windows Antivirus pro 2010 virus. Here are some of the symptoms.
    -frequent pop-ups by this fake AV program, and have not been able to get it off my computer.
    -could not open my task manager.
    -not been able to run AV programs such as AVG and Spybot.
    -search engine redirect where i cannot open results from searches; i get redirected and then my browser (firefox 2 and IE) usually crashes.
    -logitech setpoint recently stopped working, and does not work even if reinstalled (could be completely unrelated)

    Here is what i have tried so far:
    -for the task manager i was able to re-enable it with this command; "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f."
    -i tried not only running spybot, but running it in safe mode. i can occasionally get spybot to open, but it crashes as soon as i begin the scan, and then i can no longer open it
    -i ran avg in both full and safe modes of windows, and it ran for a while in safe mode, but eventually crashed
    -i tried to do the "before you post instructions," but the only program i could get to run was erunt

    thanks in advance

  3. #3
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Elliot

    Welcome to Safer Networking.

    Please read Before You Post
    That said, All advice given by anyone volunteering here, is taken at your own risk.
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


    Elliot, reply to this thread only by using the SUBMIT REPLY and do not start any new topics


    Please download exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).





    Please download RootRepeal one of these locations and save it to your desktop
    Here
    Here
    Here
    • Open on your desktop.
    • Click the tab.
    • Click the button.
    • Check just these boxes:
    • Push Ok
    • Check the box for your main system drive (Usually C:, and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #4
    Junior Member
    Join Date
    Sep 2009
    Posts
    5

    Default

    exeHelper by Raktor - 09
    Build 20090916
    Run at 19:23:25 on 09/16/09
    Now searching...
    Checking for numerical processes...
    Checking for bad processes...
    Killed process svchasts.exe
    Killed process b.exe
    Checking for bad files...
    Found file C:\WINDOWS\svchasts.exe
    Deleting file C:\WINDOWS\svchasts.exe
    Found file C:\WINDOWS\system32\braviax.exe
    Deleting file C:\WINDOWS\system32\braviax.exe
    Found file C:\WINDOWS\braviax.exe
    Deleting file C:\WINDOWS\braviax.exe
    Found file C:\WINDOWS\ppp3.dat
    Deleting file C:\WINDOWS\ppp3.dat
    Found file C:\WINDOWS\ppp4.dat
    Deleting file C:\WINDOWS\ppp4.dat
    Found file C:\WINDOWS\system32\cru629.dat
    Deleting file C:\WINDOWS\system32\cru629.dat
    Found file C:\WINDOWS\cru629.dat
    Deleting file C:\WINDOWS\cru629.dat
    Found file C:\WINDOWS\system32\~.exe
    Deleting file C:\WINDOWS\system32\~.exe
    Found file C:\WINDOWS\temp\b.exe
    Deleting file C:\WINDOWS\temp\b.exe
    Found file C:\WINDOWS\system32\bincd32.dat
    Deleting file C:\WINDOWS\system32\bincd32.dat
    Resetting filetype association for .exe
    Resetting filetype association for .com
    --Finished--

    Thanks again, much appreciated.

  5. #5
    Junior Member
    Join Date
    Sep 2009
    Posts
    5

    Default

    And heres the rootrepeal scan:

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/09/16 19:50
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP Media Center Edition SP2
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xF3E53000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7AA7000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB8509000 Size: 49152 File Visible: No Signed: -
    Status: -

    Name: win32k.sys:1
    Image Path: C:\WINDOWS\win32k.sys:1
    Address: 0xF7903000 Size: 20480 File Visible: No Signed: -
    Status: -

    Name: win32k.sys:2
    Image Path: C:\WINDOWS\win32k.sys:2
    Address: 0xF3EEC000 Size: 61440 File Visible: No Signed: -
    Status: -

    Hidden Services
    -------------------
    Service Name: vsfoceycwxrpfj
    Image Path: C:\WINDOWS\system32\drivers\vsfocewmexmxrx.sys

    ==EOF==

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning Elliott,

    Exehelper removed the bad files that where blocking you from running other programs, it also reset permissions for those programs. It looks like RootRepeal has picked up a Rootkit infection also



    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3






    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •