MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: I have viruses in my pc
July 05, 2020, 09:36:57 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 05, 2020, 09:36:57 AM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: I have viruses in my pc  (Read 1550 times)
xavo666
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


Bookmark and Share

View Profile
« on: April 24, 2006, 05:51:50 PM »

Help me I have any viruses in my pc

This is My hijackthis

I can
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: April 25, 2006, 02:43:58 AM »

Hi

 Before you go any  further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2).. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to further  infections.

Please apply those updates BEFORE posting your next log.


**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe
Logged

An Australian Member of

EDDY
xavo666
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


Bookmark and Share

View Profile
« Reply #2 on: April 25, 2006, 10:48:28 PM »

I have analyzed with avg,Bit defender, active scan, Ad-Aware SE Personal, ewido antiviruses, and I could install service pack 2 and all critical updates,  but i cant turn on the firewall for windows, and view my processes with ctrl - atl - del,
Please help me.  Huh?


This my new log:

Logfile of HijackThis v1.99.1
Scan saved at 17:39:39, on 25/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Invitado2\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quitox.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: April 26, 2006, 01:44:13 AM »

Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop lsaDriver
sc delete lsaDriver


Repeat the above using :

sc stop mspathfinder
sc delete mspathfinder


sc stop nbconn
sc delete nbconn



Type Exit to close.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.

O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [Winnt] C:\WINDOWS\svhost.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\microsoft.exe (file missing)

Open Windows Explorer and delete the following highlighted  file/s if present

C:\WINDOWS\microsoft.exe
C:\WINDOWS\winstub.exe
C:\WINDOWS\mspathfinder
C:\WINDOWS\lsa.exe
 C:\WINDOWS\svhost.exe
C:\WINDOWS\System32\scchost.exe
C:\WINDOWS\System32\msupdate32.exe

Reboot and post a new log..

--------------------------------------------------------------------
Logged

An Australian Member of

EDDY
xavo666
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


Bookmark and Share

View Profile
« Reply #4 on: April 26, 2006, 07:42:10 PM »

my pc follows equal i cant to see my prosses with crl-alt-del and if i open search of windows an error ocurred and close my explorer, i cant turn on the firewall of windows,

this is my new log

help me please  Shocked

Logfile of HijackThis v1.99.1
Scan saved at 14:33:16, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Invitado2\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quitox.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: April 27, 2006, 01:26:04 AM »

I cannot see any problems in you log now so please  download SILENT RUNNERS  to a new folder,... Unzip if Zipped, and run the Silent Runners.vbs file.
Open the "Startup Programs.txt" file it creates, and copy/paste the contents to this post, please.
The "Startup Programs.txt" file will be in the folder you ran the "Silent Runners.vbs" file from.
Logged

An Australian Member of

EDDY
xavo666
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 25


Bookmark and Share

View Profile
« Reply #6 on: April 27, 2006, 08:00:17 PM »

Please help  Huh? me i cant to see other computers in my intranet, with msconfig in can see the services but some are stopeed, i dont know why.

Best Regards,

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SystemTray" = "SysTray.Exe" [MS]
"AVG7_EMC" = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"AVG7_CC" = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensi
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: April 28, 2006, 01:29:44 AM »

I dont think so but please check to see if these files are on your system.If any are found you can remove them.

 "C:\WINDOWS\system32\vfr.dll"
 "C:\WINDOWS\system32\dzvx_xx07.dll"
 "C:\WINDOWS\system32\ASDCXC32.DLL"
 "C:\WINDOWS\system32\caedui.dll"
 "C:\WINDOWS\system32\crmctl32.dll"
 "C:\WINDOWS\system32\iismsnap.dll"
 "C:\WINDOWS\system32\thpmon.dll"
 "C:\WINDOWS\system32\cofview.dll"
 "C:\WINDOWS\system32\eoentlog.dll"
 "C:\WINDOWS\system32\kldru1.dll"
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 01, 2018, 03:21:38 AM