-
Can't run Spybot, Windows Antivirus Pro 2010 present
I'm running a Dell XPS M170 notebook with windows XP media center service pack 2. I have 1GB of memory and an 80GB hard drive with 9GB free.
I believe that I am infected with the windows Antivirus pro 2010 virus. Here are some of the symptoms.
-frequent pop-ups by this fake AV program, and have not been able to get it off my computer.
-could not open my task manager.
-not been able to run AV programs such as AVG and Spybot.
-search engine redirect where i cannot open results from searches; i get redirected and then my browser (firefox 2 and IE) usually crashes.
-logitech setpoint recently stopped working, and does not work even if reinstalled (could be completely unrelated)
Here is what i have tried so far:
-for the task manager i was able to re-enable it with this command; "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f."
-i tried not only running spybot, but running it in safe mode. i can occasionally get spybot to open, but it crashes as soon as i begin the scan, and then i can no longer open it
-i ran avg in both full and safe modes of windows, and it ran for a while in safe mode, but eventually crashed
-i tried to do the "before you post instructions," but the only program i could get to run was erunt
thanks in advance
-
Unable to run spybot and other AV scans
I'm running a Dell XPS M170 notebook with windows XP media center service pack 2. I have 1GB of memory and an 80GB hard drive with 9GB free.
I believe that I am infected with the windows Antivirus pro 2010 virus. Here are some of the symptoms.
-frequent pop-ups by this fake AV program, and have not been able to get it off my computer.
-could not open my task manager.
-not been able to run AV programs such as AVG and Spybot.
-search engine redirect where i cannot open results from searches; i get redirected and then my browser (firefox 2 and IE) usually crashes.
-logitech setpoint recently stopped working, and does not work even if reinstalled (could be completely unrelated)
Here is what i have tried so far:
-for the task manager i was able to re-enable it with this command; "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f."
-i tried not only running spybot, but running it in safe mode. i can occasionally get spybot to open, but it crashes as soon as i begin the scan, and then i can no longer open it
-i ran avg in both full and safe modes of windows, and it ran for a while in safe mode, but eventually crashed
-i tried to do the "before you post instructions," but the only program i could get to run was erunt
thanks in advance
-
Hello Elliot
Welcome to Safer Networking.
Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Elliot, reply to this thread only by using the SUBMIT REPLY and do not start any new topics
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
- Open on your desktop.
- Click the tab.
- Click the button.
- Check just these boxes:
- Push Ok
- Check the box for your main system drive (Usually C:, and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
-
exeHelper by Raktor - 09
Build 20090916
Run at 19:23:25 on 09/16/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Killed process svchasts.exe
Killed process b.exe
Checking for bad files...
Found file C:\WINDOWS\svchasts.exe
Deleting file C:\WINDOWS\svchasts.exe
Found file C:\WINDOWS\system32\braviax.exe
Deleting file C:\WINDOWS\system32\braviax.exe
Found file C:\WINDOWS\braviax.exe
Deleting file C:\WINDOWS\braviax.exe
Found file C:\WINDOWS\ppp3.dat
Deleting file C:\WINDOWS\ppp3.dat
Found file C:\WINDOWS\ppp4.dat
Deleting file C:\WINDOWS\ppp4.dat
Found file C:\WINDOWS\system32\cru629.dat
Deleting file C:\WINDOWS\system32\cru629.dat
Found file C:\WINDOWS\cru629.dat
Deleting file C:\WINDOWS\cru629.dat
Found file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\system32\~.exe
Found file C:\WINDOWS\temp\b.exe
Deleting file C:\WINDOWS\temp\b.exe
Found file C:\WINDOWS\system32\bincd32.dat
Deleting file C:\WINDOWS\system32\bincd32.dat
Resetting filetype association for .exe
Resetting filetype association for .com
--Finished--
Thanks again, much appreciated.
-
And heres the rootrepeal scan:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/16 19:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3E53000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AA7000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8509000 Size: 49152 File Visible: No Signed: -
Status: -
Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7903000 Size: 20480 File Visible: No Signed: -
Status: -
Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF3EEC000 Size: 61440 File Visible: No Signed: -
Status: -
Hidden Services
-------------------
Service Name: vsfoceycwxrpfj
Image Path: C:\WINDOWS\system32\drivers\vsfocewmexmxrx.sys
==EOF==
-
Good Morning Elliott,
Exehelper removed the bad files that where blocking you from running other programs, it also reset permissions for those programs. It looks like RootRepeal has picked up a Rootkit infection also
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules