1. Home
  2. Networking Firewalls
  3. Dangerous Virus Please Help!!!!!!!!!

Dangerous Virus Please Help!!!!!!!!!

ok now i dont know if this is the right place or not but please help me. i have this virus problem, i got this after downloading a keygen i think. anyways, everytime i open internet explorer or click anything on internet explorer this sign pops up and says. (This also happens when i attempt to open any folders)

Virus Below - [USER NAME] is my username i just writ that because of personal safety.

\\"ATTENTION, [USER NAME]! SOME DANGEROUS VIRRUSES DETECTED IN YOUR SYSTEM. WINDOWS VISTA (TM) HOME PREMIUM FILES CORRUPTED, THIS MAY LEAD TO THE DESTRUCTION OF IMPORTANT FILES IN C:\\WINDOWS. DOWNLOAD PROTECTION SOFTWARE NOW!

CLICK OK TO DOWNLOAD THE ANTISPYWARE. (RECOMENDED)\\"

there is a yes or no button.

if i press yes it takes me to an area to download this anti virus if i press no it takes me to another area saying its recomended to download this, and are you sure you want to destroy your pc's health. etc etc

now i think this is just Some sort of Mal-ware.

i have used all my anti viruses to pick up something. but yet no luck i have used

Bit Defender v10 Malwarebytes' Anti-Malware Ive downloaded "Spybot S&D" aswell and tryed it. but no luck was found.

so im asking anyone out there can you help me. I know people have had the same sort of problem but they had XP and they solved it using spybot or anti-malware programs. but i used em and nothing has helped me.

Thank you

- A very troubled Vista User

Reply to
ineedhelp
Loading thread data ...

Most keygens are trojaned. If you need to research them, it should NEVER be done on your host operating system. They should only be deal with inside a virtual machine under vmware or equivalent, and a locked down instance of vmware at that.

If you've still got this computer on, you have no personal privacy, in all likelihood. I don't mean to come off as harsh--but you can't trust that computer any longer.

The canonical advice for any potential malware infection is to flatten and rebuild. That is, fdisk, reformat, and reinstall the OS from original readonly media.

Unforutnately, many computers come without DVD or CD backup media, and leave that only on the hard drive in a utility partition where CD's or DVD's can be made from there. Unfortunately as the utility partition is part of a live hard drive, it too can be prone to infection and could possibly create trojaned install media. Not likely... but possible.

Best of luck recovering from your malware infection. I'd strongly recommending a complete reinstall from original DVD/CD media. You'll at least then be able to trust your machine again. No individual point tools will restore your peace of mind, as there's no way antimalware tools can know how to clean the infinite number of variants of malware that exist.

Reply to
Todd H.

ineedhelp, my dear, dear friend, there was this time, oh, 9/8/2008 12:08 AM, or thereabouts, when you let the following craziness loose on Usenet:

This virus and variants are all over the intertubes these days.

Google and download smitfraudfix.

Unzip it; run it.

Update it.

Reboot into safe mode (hit F8 repeatedly while the PC boots)

Run smitfraudfix again.

Choose #2 (Clean - Safe mode recommended)

HTH.

Cheers.

Reply to
Kyle T. Jones

here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:32:24 p.m., on 9/09/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal

Running processes: C:\\Windows\\system32\\taskeng.exe C:\\Windows\\system32\\Dwm.exe C:\\Windows\\Explorer.EXE C:\\hp\\support\\hpsysdrv.exe C:\\Program Files\\Hewlett-Packard\\On-Screen OSD Indicator\\OSD.exe C:\\Windows\\RtHDVCpl.exe C:\\Windows\\System32\\jureg.exe C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe C:\\Windows\\system32\\schtasks.exe C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe C:\\Windows\\System32\\rundll32.exe C:\\Windows\\System32\\rundll32.exe C:\\Program Files\\Windows Sidebar\\sidebar.exe C:\\Windows\\ehome\\ehtray.exe C:\\Program Files\\Windows Media Player\\wmpnscfg.exe C:\\Windows\\ehome\\ehmsas.exe C:\\Program Files\\Mozilla Firefox\\firefox.exe C:\\hp\\kbd\\kbd.exe C:\\Windows\\system32\\SearchFilterHost.exe C:\\Windows\\explorer.exe C:\\Program Files\\Internet Explorer\\IEUser.exe C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =

formatting link
- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
formatting link
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL =
formatting link
- HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL =
formatting link
- HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
formatting link
- HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
formatting link
- HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\\Program Files\\Common Files\\Symantec Shared\\coShared\\Browser\\1.5\\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll O2 - BHO: Safe web - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\\Windows\\system32\\syssf.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\\Program Files\\Common Files\\Symantec Shared\\coShared\\Browser\\1.5\\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe

-hide O4 - HKLM\\..\\Run: [hpsysdrv] c:\\hp\\support\\hpsysdrv.exe O4 - HKLM\\..\\Run: [KBD] C:\\HP\\KBD\\KbdStub.EXE O4 - HKLM\\..\\Run: [OsdMaestro] "C:\\Program Files\\Hewlett-Packard\\On-Screen OSD Indicator\\OSD.exe" O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\\..\\Run: [HP Health Check Scheduler] c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader

8.0\\Reader\\Reader_sl.exe" O4 - HKLM\\..\\Run: [SunJavaUpdateReg] "C:\\Windows\\system32\\jureg.exe" O4 - HKLM\\..\\Run: [HP Software Update] c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe O4 - HKLM\\..\\Run: [ccApp] "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" O4 - HKLM\\..\\Run: [D-Link AirPlus G] C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe O4 - HKLM\\..\\Run: [ANIWZCS2Service] C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe O4 - HKLM\\..\\Run: [BDMCon] "C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe" /reg O4 - HKLM\\..\\Run: [BDAgent] "C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe" O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit O4 - HKLM\\..\\Run: [Symantec PIF AlertEng] "C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe" /a /m "C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll" O4 - HKLM\\..\\Run: [NeroCheck] C:\\Windows\\system32\\\\NeroCheck.exe O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe"

-atboottime O4 - HKLM\\..\\RunOnce: [Launcher] %WINDIR%\\SMINST\\launcher.exe O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe" /background O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe O4 - HKCU\\..\\Run: [AlcoholAutomount] "C:\\Program Files\\Alcohol Soft\\Alcohol

120\\axcmd.exe" /automount O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\\S-1-5-18\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\\.DEFAULT\\..\\Run: [msnmsgr] "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe" /background (User 'Default user') O4 - Startup: MediaRing Talk.lnk = C:\\Program Files\\MediaRing\\MediaRing Talk\\mrtalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\OFFICE11\\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\OFFICE11\\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
formatting link
- DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) -
formatting link
- DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
formatting link
- Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\\Program Files\\Common Files\\Softwin\\BitDefender Scan Server\\bdss.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- c:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\\Program Files\\Common Files\\Symantec Shared\\VAScanner\\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\\Program Files\\Hewlett-Packard\\HP Health Check\\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

- c:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation

- c:\\Program Files\\Norton Internet Security\\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\\Program Files\\Common Files\\Softwin\\BitDefender Update Service\\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\\Program Files\\WinPcap\\rpcapd.exe O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\\Program Files\\Common Files\\Microsoft Shared\\Speech\\csvde.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - c:\\Program Files\\Common Files\\SureThing Shared\\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\\Program Files\\Softwin\\BitDefender10\\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\\Windows\\system32\\DRIVERS\\xaudio.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\\Program Files\\Common Files\\Softwin\\BitDefender Communicator\\xcommsvr.exe

-- End of file - 10555 bytes

Reply to
ineedhelp

It isn't.

IOW a self-imposed problem.

Revert your system to a known clean state - which ultimately means flatten and rebuild - and then reconsider your habits.

Reply to
Root Kit

What part of the instructions on where to post didn't you understand?

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.