|
 |
 |
Internet Access Disabled - Virus
|
 |
 |
 |
 |
| Author |
Message |
Madman00901
Special Member
Joined: 05 Apr 2007
Posts: 149
Location: Raxacorricafallapatorius
|
 |
|
Hey, I got a virus on my laptop computer but AVG did not want to show it when I scanned the executable file before running it. When I ran it, it said virus detected and wouldn't let me remove it. I restarted the laptop now the internet is not accessible. Is there anything I could do, as I have tried a full AVG computer scan and a full Ad-Aware scan. There is also a HijackThis log if need be.
| Code: |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:32, on 28/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\AVG\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Ash\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MultiMon Taskbar.lnk = D:\Program Files\MMTaskbar\MultiMon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: Ustream Publisher - http://static.ustream.tv/plugin/ustream_publisher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A6D1D29-12D8-4CCB-AD06-66EAF0F55934}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{D052F1C6-7D95-4645-BD9A-E75964B747D6}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Net Control 2 Administrator. Helper Service. (NetControl2.AdminHelper) - Net Software 2 - D:\Program Files\Net Control 2\ahs.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6500 bytes
|
|
_________________
|
|
 Date Posted:Tue Apr 28, 2009 7:53 pmThanks: 3Thanked 2 Times In 1 Posts
|
| Author |
Message |
Thebossonline
Moderator
Joined: 23 Mar 2008
Posts: 1665
Location: 127.0.0.1
|
| |
|
# Please print out or copy this page to Notepad since you will can not have any of browsers open while you are fixing this and try to follow it as closely as possible taking it step by step.
# Update your Antivirus program.
# Please download Spybot Search and Destroy install it and update the program.
# Please download VundoFix.exe to your desktop. Ignore the AntiVirus warnings and download it anyway because you need to run it. Wait on installation and running.
# Download CleanUp! and install it. Wait on installation and running.
Full Download 50MBit
Protected Message: |
| Code: |
| http://www.stevengould.org/downloads/cleanup/CleanUp452.exe |
|
# Please download following program CWSHREDDER. Wait on installation and running.
Full Download 50MBit
Protected Message: |
| Code: |
| http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe |
|
# Download about:Buster and save it to your desktop. When it has finished downloading, unzip the folder to your desktop as well. You should now be left with an aboutbuster folder on your desktop.Wait on installation and running.
# I would suggest though that you download CCleaner. It is a great little program that I use every time I close my browser to get rid of temporary files. I usually just run the cleaner part every time I'm done with the browser.During the install there will be check marks for checking for updates that part I do not use and also to install a tool bar for yahoo or something. Make sure those are unchecked unless you want another tool bar, It is a very safe program and it is free.(CCleaner Quick Setup: Go to > Options > Advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware. files!)
_____________________________________________________________
# Now make sure no files are hidden. To do this:
For XP go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
For Vista go to the Control Panel->Appearance and Personalization
Under the Folder Options, click Show Hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
You may change the above options back after your log is clean.
# Turn off system restore.
Steps to turn off System Restore for XP:
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
Steps to turn off System Restore for Vista:
1. Control Panel -> System Maintenance -> Back Up and Restore Center
2. On the right column, click on "create a restore point or change settings" (this requires administrator's password if set)
3. Uncheck all drives.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
# Do all steps below in safe mode except for at the end when you generate a new HiJackThis log.
# Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
# Please run HijackThis and click "Scan". Place checks next to the following entries if still present in the code and close all browser and other windows except for HijackThis, and click "Fix Checked".
| Code: |
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A6D1D29-12D8-4CCB-AD06-66EAF0F55934}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{D052F1C6-7D95-4645-BD9A-E75964B747D6}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CBFE2A1-F8B0-47DF-854F-284B2C7C698D}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0
Note: You might have a problem in connecting to internet after performing the above mentioned process. Try setting the DNS server settings manually. [Use opendns]
Here is how to do it.
https://www.opendns.com/start/device/windows-xp/print
https://www.opendns.com/start/device/windows-vista/print
use these as DNS servers.
208.67.222.222
208.67.220.220
you can also use the DNS servers address of your ISP, if you know.
|
# Run your Antivirus and do a full scan remember this is all in safe mode.
# Run Spybot Search and Destroy and do a full scan remember this is all in safe mode.
# Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Only Check the following for now:
-Empty Recycle Bins
-Delete Cookies
-Delete Prefetch Files
-Clean up All Users
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
*Press the Temporary Files Tab and check.
-Scan drives for files matching
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup or MOVE THEM out of the Temp folder before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.
# Install and run CWSHREDDER
Close all browser windows, open cwshredder.exe then click "Fix" and let it run.
# Double-click on the AbouBuster.exe icon.
Click Begin scan. Close when completed.
It is advised that you run the AbouBuster twice in a row to make sure you get all the infections.
_____________________________________________________________
NOTE For AboutBuster: If you recieve the error"Run-time error '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".
Look here for help >
_____________________________________________________________
# Double-click VundoFix.exe to run it(Do this a few times until nothing shows up).
# Then install CCleaner but note it installs the Yahoo Toolbar as an option which IS check marked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option.
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
Click the "Run Cleaner" button.
A pop-up box will appear advising this process will permanently delete files from your system.
Click "OK" and it will scan and clean your system.
Click the "Issues" button.
Click the "Scan For Issues" button.
Click the "Fix Selected Issues" button.
Click the "Fix All Selected Issues" button.
Click "OK"
Click "Close" when done.
# Reboot into Normal Mode. Turn System Restore back on and create a restore point.
Steps to turn on System Restore For XP:
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.
After a few moments, the System Properties dialog box closes.
To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.
In the System Restore wizard, select Create a restore point and click the Next button.
Type a name for your new restore point then click on Create.
To create a Restore point for Vista:
1.Control Panel – System Maintenance – Back Up and Restore Center. On the right column, click on "Create A Restore Point Or Change Settings" (This requires Administrator's password if set.) Put a check on the drive your OS is on. Then click on the Create button. Type in a name and then click OK.
# Do another scan with HiJackThis in normal windows mode and post your new log file here for final verification. Make sure it is a new log file.
Also let us know how the systems overall condition is now. |
_________________
Buy any software you will use longer than the trial |
|
Date Posted:Wed Apr 29, 2009 12:13 amThanks: 629Thanked 876 Times In 408 Posts
|
Astalavista Forum Index :: Windows O/S Support :: Internet Access Disabled - Virus
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
