Virus Infect with Reboot

More Errors trying to recover Mr_JAK3

Hi Am back again with same problems. I have almost crashed three times today. My control panel in the Folder Options keeps changing by itself. As the the Reg on reboot with the same virus in Lexmark printing files. Also looking in Registry Files I saw under HKLM\SYSTEM\CCSet\Services\USB a string with, USBBIOSHACKS. Is this part of the virus? I still have no colors on the desktop and to let you know. I did call the mfg. of the lcd monitor I use and had me run some tests. All colors showed on the monitor from the test and said that it has to be a virus on my computer. Also I forgot to mention I did have Reg Repair installed before beginning this thread. It got lost when I crashed and didn't bother putting back on. Just want to get this thing cleaned up first before the SP2 is put on. Will send a hj log. Thanks Shela
 
Re: Rebooting infects files

Hi there
I'm back again. Yes it was a big crash again. PC didn't like the bleepingcomputers or whatever. I almost ask about the last program before running. I must say that when I reinstall from my application support disc it dumps crap all through my files. So I went into safe mode to see them and tried to pull most of them off. I know there must be a better way to install or so it seems. Also all of the colors have come back so right now I am not worrying. The LCD Monitor settings say that all colors are showing. The computer has a virus at times that block alot of them?? The Customer Service for the monitor said this also. Also the pc has a Intel(R)82865G Graphic Controller. It may need updating the drivers? Also I have not installed that dreaded printer Lexmark I have waiting for me. Any suggestions before do this? Please continue with your help as I need it badly. I am updating everything, so will look for your help when online today. Thank you and appreciate keeping up with me still. Shela
 
Hello :)

I think that the issue is hardware related, I don't think that it is malware related as your computer looks clean.

You could install this driver and see how it works -> Link (read the instructions)

Let me know if it helps :bigthumb:
 
Files Infected Rebooting

:alien:

Hi there, sorry for taking so long. Thanks Mr_JAk3 for patience. Caught something to crash it again so have it about ready to run everything again. I need to install hj and spybot again. To let you know I have cleaned up my files so well since working with you. I still can't get the boot straightened out. But will work on that also. Thank you for the Intel Drivers. I forgot to check them out of late. It makes a difference. I will be sending my logs next. Will check back later to see where to begin.
Shela
 
Re-Booting versus infections

Hi There to SpyBot Team
Letting you know I'm still not doing well. I'm sad to say it's my fault this time. If I didn't make mistakes this pc would work better. Presently I'm running on the desktop with the Default User. I can't even login with my own name.I get the message "No Profile to Log On by Windows" and "Can't Log On User Profile" "Logged on with the Default".
I can't find some of my programs I installed and can't figure out what went wrong. If you have any suggestions I'll appreciate much. So will wander off to Microsoft Help And Support Site as this has occured in the past.
Will let you know when I get find the problems and would like to have SpyBot help with the virus stuff. Thanks for any help. Shela
 
Hello :)

Sounds like something in the system is corrupted. Have you tried creating a new user account?

Also you might want to consider a total reformat and re-install as an option. Something seems to be messed up.

:bigthumb:
 
Re-Boot infection

Hi to Spybot Staff again,
I am thinking also this is what's wrong. And am thinking to just re-install everything from a fresh start. Since writing I've checked the files out and doesn't look good. Alot of the files are messing up and I have to keep fixing them. Also this year at some time I did receive a error message "system registry files corrupted". Can't remember exact but did access Microsoft website and called the virus help support site. I did get some help and it's like this is almost the same exact thing that was wrong. They gave me a Co-Create Fix of some sort and it did help for a while. And the User Accounts with two different users to log on were all of a sudden gone and the Default User message came on with blue screen. This was the time I was using Norton Antivirus 2006 and was crashing with the SP2 because there was still a virus there as it is now. That is why I don't want to put it on until it is all gone. Just to add I have considered putting the Norton Antivirus back on to be able to access their web site for help in pulling this off. Back then I got nowhere with it. I was told that I didn't install Norton Antv. 2005 and was missing files that was needed to run. Which I didn't know at the time. Now I see they are offering more support. I did like the Norton Antivirus, it was the viruses, worms,trojans that were blogging down my pc so bad it shut down. It's a miracle I think that I've gotten this far and would like to keep my pc running so. My OS at present is Windows XP Home Ed SP1 with CA Antivirus2007. Am going to look at a few more options on the web and Microsoft and then re-install everything. But would like to ask is there a better way to re-install? I would like to know how to reformat and reinstall leaving out the viruses. Also including to say that I tried to uncheck the System Restore in the Control Panel while in safe mode, to unload the viruses. And it acted wierd and said 'not able to check system restore mode, try again after rebooting to desktop'. Which I did and it put me in this mess of Default User. Hope that explains some help as what I did. Thanks Will keep in touch, Shela
 
Hello :)

The formatting will wipe everything from you hard drive -> fresh start
Then you'll re-install Windows and other programs.

Here is something about formatting, you'll need to know how to perform the operation before begining:

Reformatting Windows XP by wng_z3r0
When should I re-format? How should I reinstall?
Windows XP Clean install

Then there are a couple of things you should do immediately after installing Windows and before surfing the net...
  • Install an antivirus and firewall (you should download and have those on a CD or USB drive, all ready to be installed).

    These are good (free) firewalls:
    - Kerio
    - Sygate
    - Outpost

    These are good (free) antiviruses:
    - Antivir
    - Avast
    - AVG
  • Get all Windows updates installed!
Please ask me if you have any questions :)

Then here are a few things that you can do in order to make your fresh computer more secure:
 
Re-infect on Reboot

Hi again
Thanks Mr-JAk3. First I took your advice and made a new account and think that it may do the job. Because I was on the Microsoft Help and Support yesterday, there it was 'Lost Local Profile' 7/15. http://support.microsoft.com/kb/318011/en-us (copy data from a corrupted user profile to a new profile) This seems to be working so will start from there and check to see if the other applications are running as well. I made a few mistakes at first but am running ok for now. I want to admit that I tried to clean my files and didn't ask, sorry.. I like how my files are performing since beginning with this forum. So much has been done to help my computer run better. I'd never think to get this far. Just thanks for bringing me to it. I have printed the instructions just in case... After all the clean-up I plan to install the SP2 cd as soon as I get the go sign. Just to let you know I looked in the hidden files and found more infected files to delete in the Application Data files again. Will let you know how it goes. Thanks again for your help and support.
 
Files Infected with Virus on Reboot

Hi Mr_JAk3
Yes I do use the "System File Checker".
As to How Can I Tell if Files Are Infected, they usually start with the Control Panel buttons changing from what I set. Also when I look in the Registry and when in Safe Mode it will show up in RED. Where the account is placed the icon is in red. This is usually from the internet s uch as when I download drivers I needed. For example: C:Windows\Intel; Installtion Files\Sunbelt CounterSpy.msi;Windows\Debug\mrteng.log and \mt.log. All had the same virus after being on the internet. Why, I don't know.
Before posting on this forum my files were not clean at all. I did not know how to. And since Jan2007 I was running WinXP-SP2 with Norton AntiVirus2006. I crashed repeatedly, then seeking Customer Service help from Norton and Microsoft. Norton said that because I didn't install Norton Systemworks2005 that I was missing some important files I needed. I never had it to install and called them later and was told to install the Norton2006 cd that it would work. I found that Norton2006Antivirus only work with SP2 on my pc which had so many infected files to begin with that it was crashing constantly after being on the internet. Also I went to Microsoft's Online Support Service. I had the same problem with user accounts being deleted and viruses. After much debate as they are thorough too, I was told the virus was infected in the pc and that third partys do cause some of the problems. And that said my best bet would be to buy a new OS and do a clean install of hd, or take it to a computer shop, whatever I chose to. I opted to clean myself as when I bought it new I knew what was running and what not. Viruses do not come from anywhere but the internet and need to be cleaned from the machine. Also since I've replaced one part in the pc and added more memory. Since, it is running more smoothly. Just to add that when I bought my pc new in 2004 I ran Norton Antivirus two years with no problems at all. So I know how well I do like the software. I also liked the Norton2006 which is much more advanced. It was too difficult to run on an infected PC. Enuf said.
I am posting a new HJ log.
 
Hi :)

As to How Can I Tell if Files Are Infected, they usually start with the Control Panel buttons changing from what I set. Also when I look in the Registry and when in Safe Mode it will show up in RED. Where the account is placed the icon is in red. This is usually from the internet s uch as when I download drivers I needed. For example: C:Windows\Intel; Installtion Files\Sunbelt CounterSpy.msi;Windows\Debug\mrteng.log and \mt.log. All had the same virus after being on the internet. Why, I don't know.
Click to expand...

Ok that sounds strange. To what do the Control Panel buttons change? What will show up in RED? How can you know that C:Windows\Intel; Installtion Files\Sunbelt CounterSpy.msi;Windows\Debug\mrteng.log and \mt.log. are infected?
 
Files Infected on Reboot

Hi I'm finally back from crashing again. Most largely due to the user account disappearing and having to make a new one. Anyway it crashed right after I had been online and did my updates with Microsoft. My #1 online crasher. I usually check my files after being online and always find their garbage dumped in their. And as to the buttons going aloof, they become unchecked or a box that I don't select in Internet Explorer gets checked without my doing so. This happens often. For the red items, it is a red question mark on the acct. icon and I take it off because using Spybot to clean with in the earlier versions pointed these out as spyware or whatever so I know they need to come off, ok? Am going to get back with you. I have everything going okay for now and am about ready to put on the sp2 cd. Thanks for helping me. Shela;)
 
Ok nice to hear that things are working.

All that crashing doesn't sound normal. If it re-appears I would recommed to do a complete reformat...

:bigthumb:
 
Infect on ReBoot

Hi again
I am agreeing totally. I think the same thing as to what's happening. I am presently at the point that update from Microsoft wants the sp2 installed and I haven't finished my clean up or reformated yet. From what I can see everything looks ok and not causing any problems. The only third party I had to install was CA AntiVirus. I will proceed as far as I can if not detained by any other obstacles. I hope I'm on the right track and no boulders come flying from the internet throw me off. I will slow down this time and check everything before take off. And hopefully I can get done with all cleanup work. Check back later. Thanks much for help. Shela
 
Virus on Reboot

Hi Am sending a HJ Log. Cleaned up files from the update web site and will try again for sp2. Thanks I think it's looking better? Shela
Logfile of HijackThis v1.99.1
Scan saved at 11:57:34 PM, on 7/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4476001&ctry=00000409&os=5&src=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Wireless keyboard control panel.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
You can fix these leftovers with HijacKThis:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Otherwise looking good. :bigthumb:
 
Files Infected on Re-Boot

Mr_JAk3
Hi Would like to start with the Formatting you suggested. A couple days ago I installed AVG virus cleaner by grisoft. It ran and found 9 entries of which where entries from cookies, will post that here. And since then guess? My colors are once again missing. I may not have gotten the correct drivers since crashing last time. So will do that. Also I've looked up all of the sites you listed before reformating and found I can't as my computer only has a 'Application&Support Disc' to re-install when it crashes or to repair and runs as NTFS Files System. Also to mention that every time I use that disk every infected file that I previously deleted is put back on causing everthing to be re-infected as before. It is the problem and I can't remember how to copy that drive as it was posted on the Microsoft Discuss Support Group. By copying it would eliminate the virus out. Just can't remember how to. Also in Windows XP why doesn't turning off 'System Restore' and then rebooting, turn it back on, erase all bad files? I have tried this and doesn't seem to get anywhere or not doing the right procedure. Considering, I would like to cleanup the files on this system without having to buy a new OS as seen this on the internet. Help is greatly appreciated and willingness to try something. Thanks,Shela
 
You must log in or register to reply here.
Back
Top