MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Problem with virus
March 30, 2020, 05:44:58 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
March 30, 2020, 05:44:58 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Problem with virus  (Read 2749 times)
Ace_Mak
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« on: May 03, 2004, 01:56:37 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP
Problem Application Name & Version: Windows
Problem Hardware Make & Model:
Error Messages:



Ok, here's my situation. My computer has been infected with the Trojan Virus called Qhosts.apd according to McAfee. This occured when my computer restarted on its own automatically. When it booted back up, McAfee caught this virus and I press delete and it says successful in deleteing. But when surfing the net, the computer reboots again on its own and the same message pops up with the same virus. This time I can't delete it and I have to press Stop or Exclue and Apply it to all items.

Obviously the virus is still there so I get the Symantec Removal Tool for Qhosts Viruses. But it didn't find anything because it seems to only remove Qhosts-1 or something. I rebooted the computer manually without the interent being connected and this time no McAfee message. I try to use the Removal Tool again and during the process McAfee pops up with the message. I press delete and says it's successful. I reboot manually, it boots up with McAfee message. I press delete and it's successful.

Right now it seems ok, but I'm afraid the virus is still there and the computer could restart any second. I did a search with Ad-aware and Spybot but it didn't find anything. I also did a search with McAfee and it found nothing. And lastly after I got the virus, all these .exe appeared in my C drive. The names were like aaaxwszx.exe and names like that one with different letters. There's like 234 of them and they all range sizes from 16kb-135kb.

There's also a txt file that says test.txt and inside it says:
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
end msgfilter
-----
MsgFilter
CheckScroll
Before ScrollInfo
Got Scroll Info
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
end check scroll
-----
end msgfilter
-----
mouse move
CheckScroll
Before ScrollInfo
Got Scroll Info
end check scroll
-----
mouse move exit
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----
ctrl color
exit ctrlcolor
-----

That's it. So sorry for the really long message but I don't want my computer messing up for like the 6th time almost.

Thanks.
Logged

 
Dizzy
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 125


Bookmark and Share

View Profile
« Reply #1 on: May 03, 2004, 03:44:46 AM »

Hi Ace,

We'll see if we can't get you fixed up, no worries. Wink

First off, disable System Restore (right click My Computer | Properties | System Restore Tab | put a check in "Turn off System Restore on All Drives").  If you have System Restore enabled, it is "backed up" in there and turning it off will clear all previous restore points.  Once you are done with everything and are sure you are virus free, you can turn it back on.

Now do a free online scan at RAV and set it to automatically clean anything it finds.

If it makes you feel better, reboot and scan again. Grin  Here are some links to other free, online scans:

HouseCall

Panda

Norton

Once you are done, make sure your AV is up-to-date and turn System Restore back on.

Let me know how it goes.

Dizzy

Logged




I am a "One Off Gem."

Just ask My Julian. [Cheesy]
sixpac
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 45


Bookmark and Share

View Profile
« Reply #2 on: May 05, 2004, 03:16:59 PM »

Qhosts.apd

This is a detection for a bogus HOSTS file

This file is used by Windows to resolve the IP address for a URL. For performance reasons, Windows does first look at the HOSTS file, if the appropirate entry is not found, it will try to use DNS and WINS to resolve the IP address.

A few worm like W32/Polybot.gen!irc or W32/Gaobot.worm are exchanging the HOSTS file with a bogus one. The HOSTS file contains a list of URLs and redirects them to 127.0.0.1, which is the LocalHost.

Therefore the user may not be able to surf to the webpage of his AV or security software vendor.

Also some AV products may not be able to update themselves.
These URLs are redirected to the localhost (127.0.0.1)
 
www.symantec.com
 securityresponse.symantec.com
 symantec.com
 www.sophos.com
 sophos.com
 www.mcafee.com
 mcafee.com liveupdate
.symantecliveupdate.com
 www.viruslist.com
viruslist.com
  f-secure.com
www.f-secure.com
 kaspersky.com
kaspersky-labs.com
 www.avp.com
www.kaspersky.com
 avp.com
 www.networkassociates.com
 networkassociates.com
 www.ca.com
 ca.com mast.mcafee.com
 my-etrust.com
 www.my-etrust.com
 download.mcafee.com
 dispatch.mcafee.com
 secure.nai.com
 nai.com
 www.nai.com update
.symantec.com updates
. us.mcafee.com
 liveupdate.symantec.com
 customer.symantec.com
 rads.mcafee.com
 trendmicro.com
 www.trendmicro.com
www.grisoft.com
 

« Last Edit: May 05, 2004, 03:25:30 PM by sixpac » Logged

 
sixpac
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 45


Bookmark and Share

View Profile
« Reply #3 on: May 05, 2004, 03:23:19 PM »

Have you tried everything suggested

http://www.ntcompatible.com/thread27219-1.html
Logged

 
Ace_Mak
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: May 05, 2004, 10:25:20 PM »

Hahaha, actually yes. Thats because the post on NTCompatible is my post that I put up. I've gone to many different forums to get an answer. So I'm really trying to fix my problem right now. But if you've read my post, I am able to go to Symantec and McAfee etc. now for some reason. Sometimes I can and sometimes I can't.

So would you guys have any other suggestions?
Logged

 
sixpac
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 45


Bookmark and Share

View Profile
« Reply #5 on: May 06, 2004, 02:36:26 AM »

Sounds like a DNS issue to me but have you tried this

Download hijackthis

http://www.spywareinfo.com/~merijn/files/HijackThis.exe



Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

don't fix nothing yet ,save and post your log here

Download and Install AdAware http://www.lavasoft.de/support/download

keeping the default options. However you will need to change some of the settings before your first scan

2. Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

3. Look at the icons on the top right of the page and click on the
« Last Edit: May 06, 2004, 08:49:03 AM by sixpac » Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 28, 2018, 12:50:58 PM