Dangerous Virus Please Help!!!!!!!!!

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View



ok now i dont know if this is the right place or not but please help me.
i have
this virus problem, i got this after downloading a keygen i
think.
anyways, everytime i open internet explorer or click anything on
internet
explorer this sign pops up and says. (This also happens when i
attempt to open
any folders)

Virus Below - [USER NAME] is my username i just writ that because of
personal
safety.

\\"ATTENTION, [USER NAME]! SOME DANGEROUS VIRRUSES DETECTED IN YOUR
SYSTEM.
WINDOWS VISTA (TM) HOME PREMIUM FILES CORRUPTED, THIS MAY LEAD
TO THE
DESTRUCTION OF IMPORTANT FILES IN C:\\WINDOWS. DOWNLOAD PROTECTION
SOFTWARE NOW!

CLICK OK TO DOWNLOAD THE ANTISPYWARE. (RECOMENDED)\\"

there is a yes or no button.

if i press yes it takes me to an area to  download this anti virus
if i press no it takes me to another area saying its recomended to
download
this, and are you sure you want to destroy your pc's health.
etc etc

now i think this is just Some sort of Mal-ware.

i have used all my anti viruses to pick up something. but yet no luck
i have used

Bit Defender v10
Malwarebytes' Anti-Malware
Ive downloaded "Spybot S&D" aswell and tryed it. but no luck was
found.

so im asking anyone out there can you help me. I know people have had
the same
sort of problem but they had XP and they solved it using spybot
or anti-malware
programs. but i used em and nothing has helped me.

Thank you
- A very troubled Vista User


--
ineedhelp
------------------------------------------------------------------------
ineedhelp's Profile: http://forums.techarena.in/members/ineedhelp.htm
View this
thread: http://forums.techarena.in/virus-spyware/1034178.htm

http://forums.techarena.in


Re: Dangerous Virus Please Help!!!!!!!!!



Quoted text here. Click to load it

Most keygens are trojaned.  If you need to research them, it should
NEVER be done on your host operating system.  They should only be deal
with inside a virtual machine under vmware or equivalent, and a locked
down instance of vmware at that.


Quoted text here. Click to load it

If you've still got this computer on, you have no personal privacy, in
all likelihood.  I don't mean to come off as harsh--but you can't trust
that computer any longer.

Quoted text here. Click to load it

The canonical advice for any potential malware infection is to flatten
and rebuild.  That is, fdisk, reformat, and reinstall the OS from
original readonly media.  

Unforutnately, many computers come without DVD or CD backup media, and
leave that only on the hard drive in a utility partition where CD's or
DVD's can be made from there.  Unfortunately as the utility partition
is part of a live hard drive, it too can be prone to infection and
could possibly create trojaned install media. Not likely... but
possible.

Best of luck recovering from your malware infection.  I'd strongly
recommending a complete reinstall from original DVD/CD media.  You'll
at least then be able to trust your machine again.  No individual
point tools will restore your peace of mind, as there's no way
antimalware tools can know how to clean the infinite number of
variants of malware that exist.

--
Todd H.
http://www.toddh.net /

Re: Dangerous Virus Please Help!!!!!!!!!


ineedhelp, my dear, dear friend, there was this time, oh, 9/8/2008 12:08
AM, or thereabouts, when you let the following craziness loose on Usenet:


This virus and variants are all over the intertubes these days.

Google and download smitfraudfix.

Unzip it; run it.

Update it.

Reboot into safe mode (hit F8 repeatedly while the PC boots)

Run smitfraudfix again.

Choose #2 (Clean - Safe mode recommended)

HTH.

Cheers.


Re: Dangerous Virus Please Help!!!!!!!!!



here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:24 p.m., on 9/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\hp\\support\\hpsysdrv.exe
C:\\Program Files\\Hewlett-Packard\\On-Screen OSD Indicator\\OSD.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Windows\\System32\\jureg.exe
C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
C:\\Windows\\system32\\schtasks.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe
C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\hp\\kbd\\kbd.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Windows\\explorer.exe
C:\\Program Files\\Internet Explorer\\IEUser.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\Windows
Live\\WLLoginProxy.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
http://nonoh.net /
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=74&bd=Presario&pf=desktop
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL
=
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=74&bd=Presario&pf=desktop
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant
=
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch
=
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName
=
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -

- C:\\Program Files\\Common
Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: (no name) - -
c:\\Program
Files\\Common Files\\Symantec
Shared\\coShared\\Browser\\1.5\\NppBho.dll
O2 - BHO: SSVHelper Class - -
C:\\Program
Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: (no name) - - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
-
C:\\Program Files\\Common
Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Safe web - -
C:\\Windows\\system32\\syssf.dll
O2 - BHO: Google Toolbar Helper -
-
c:\\program
files\\google\\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar -
-
c:\\Program Files\\Common
Files\\Symantec Shared\\coShared\\Browser\\1.5\\UIBHO.dll
O3 - Toolbar: &Google - -
c:\\program
files\\google\\googletoolbar2.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows
Defender\\MSASCui.exe
-hide
O4 - HKLM\\..\\Run: [hpsysdrv] c:\\hp\\support\\hpsysdrv.exe
O4 - HKLM\\..\\Run: [KBD] C:\\HP\\KBD\\KbdStub.EXE
O4 - HKLM\\..\\Run: [OsdMaestro] "C:\\Program
Files\\Hewlett-Packard\\On-Screen OSD
Indicator\\OSD.exe"
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [HP Health Check Scheduler] c:\\Program
Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program
Files\\Adobe\\Reader
8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [SunJavaUpdateReg] "C:\\Windows\\system32\\jureg.exe"
O4 - HKLM\\..\\Run: [HP Software Update] c:\\Program Files\\HP\\HP Software
Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [ccApp] "c:\\Program Files\\Common Files\\Symantec
Shared\\ccApp.exe"
O4 - HKLM\\..\\Run: [D-Link AirPlus G] C:\\Program Files\\D-Link\\AirPlus
G\\AirGCFG.exe
O4 - HKLM\\..\\Run: [ANIWZCS2Service] C:\\Program Files\\ANI\\ANIWZCS2
Service\\WZCSLDR2.exe
O4 - HKLM\\..\\Run: [BDMCon] "C:\\Program
Files\\Softwin\\BitDefender10\\bdmcon.exe"
/reg
O4 - HKLM\\..\\Run: [BDAgent] "C:\\Program
Files\\Softwin\\BitDefender10\\bdagent.exe"
O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE
C:\\Windows\\system32\\nvsvc.dll,nvsvcStart
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE
C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE
C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [Symantec PIF AlertEng] "C:\\Program Files\\Common
Files\\Symantec
Shared\\PIF\\\\PIFSvc.exe" /a
/m
"C:\\Program Files\\Common Files\\Symantec
Shared\\PIF\\\\AlertEng.dll"
O4 - HKLM\\..\\Run: [NeroCheck] C:\\Windows\\system32\\\\NeroCheck.exe
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program
Files\\QuickTime\\QTTask.exe"
-atboottime
O4 - HKLM\\..\\RunOnce: [Launcher] %WINDIR%\\SMINST\\launcher.exe
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows
Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\Windows
Live\\Messenger\\MsnMsgr.Exe" /background
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [AlcoholAutomount] "C:\\Program Files\\Alcohol
Soft\\Alcohol
120\\axcmd.exe" /automount
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media
Player\\WMPNSCFG.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows
Sidebar\\Sidebar.exe
/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows
Sidebar\\Sidebar.exe
/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MediaRing Talk.lnk = C:\\Program Files\\MediaRing\\MediaRing
Talk\\mrtalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\\PROGRA~1\\MICROS~3\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: (no name) - -
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
- C:\\Program
Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: Research - -
C:\\PROGRA~1\\MICROS~3\\OFFICE11\\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: (DivXBrowserPlugin
Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (CSolidBrowserObj
Object) -
http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -
C:\\Program
Files\\Common Files\\Softwin\\BitDefender Scan Server\\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
-
c:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation -
c:\\Program Files\\Common Files\\Symantec
Shared\\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -
Symantec
Corporation - c:\\Program Files\\Common Files\\Symantec
Shared\\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\\Program
Files\\Common Files\\Symantec Shared\\VAScanner\\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program
Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\\Program
Files\\Hewlett-Packard\\HP Health Check\\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation
- c:\\Program Files\\Common
Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec
Corporation
- c:\\Program Files\\Norton Internet Security\\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - c:\\Program Files\\Common
Files\\LightScribe\\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN
S.R.L. -
C:\\Program Files\\Common Files\\Softwin\\BitDefender Update
Service\\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -
Symantec
Corporation - c:\\Program Files\\Common Files\\Symantec
Shared\\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation -
C:\\Program
Files\\Common Files\\Symantec
Shared\\PIF\\\\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\\Program Files\\Common
Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - CACE
Technologies - C:\\Program Files\\WinPcap\\rpcapd.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner -
C:\\Program
Files\\Common Files\\Microsoft Shared\\Speech\\csvde.exe (file
missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\\Program
Files\\Common Files\\SureThing Shared\\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\\Program
Files\\Common
Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec
Corporation -
c:\\Program Files\\Common Files\\Symantec
Shared\\AppCore\\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. -
C:\\Program
Files\\Softwin\\BitDefender10\\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\\Windows\\system32\\DRIVERS\\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L -
C:\\Program
Files\\Common Files\\Softwin\\BitDefender
Communicator\\xcommsvr.exe

--
End of file - 10555 bytes


--
ineedhelp
------------------------------------------------------------------------
ineedhelp's Profile: http://forums.techarena.in/members/ineedhelp.htm
View this
thread: http://forums.techarena.in/virus-spyware/1034178.htm

http://forums.techarena.in


Re: Dangerous Virus Please Help!!!!!!!!!


ineedhelp.3fgfve@DoNotSpam.com says...
Quoted text here. Click to load it

What part of the instructions on where to post didn't you understand?

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Dangerous Virus Please Help!!!!!!!!!


On Mon, 8 Sep 2008 10:38:19 +0530, ineedhelp

Quoted text here. Click to load it

It isn't.


IOW a self-imposed problem.

Revert your system to a known clean state - which ultimately means
flatten and rebuild - and then reconsider your habits.

Site Timeline