|
| ||
| Re: Serious Virus won't even let me search for help . . . Oh yeah? What's the future like? Any flying cars yet? Oh that joke never gets old. So what country are you located in? I'm in the U.S.A. So, sometime in your recent past, I'll go through your steps and post the results. Okay, clearly I need to go to bed now. It's almost 4:00 AM here. |
| ||
| Re: Serious Virus won't even let me search for help . . . Western Australia. We only use our flying chariots on the weekend. I'll tell you the winning lotto numbers tomorrow :D |
| ||
| Re: Serious Virus won't even let me search for help . . . I followed the first step regarding running hijackthis and marking those items you indicated and then clicking on "fix checked." But when I try to download SDFix, the virus won't allow that page to open. What can I do? I was going to try running the Malware removal in the hopes that that would enable me to download it so I could continue on, but I remembered I took a solemn oath to not do any additional steps. Oh, and it would help if I had the winning lottery numbers yesterday, so I can play them tomorrow. Wait, does that make sense? I was going to guess Australia. Did my username catch your eye? |
| ||
| Re: Serious Virus won't even let me search for help . . . 1 Attachment(s) Quote:
I have uploaded it for you. |
| ||
| Re: Serious Virus won't even let me search for help . . . Awesome group. But, as you can tell by my username, I'm rather biased. I have a bit of a, well, shrine, on my wall for lack of a better word. All of their autographs framed, with guitar picks, a drumstick, backstage pass, etc. Unfortunately I'll never get to meet Michael Hutchence. And back to the task at hand. Thanks for uploading that file. You my friend, are a miracle worker! The slowdown appears to be gone, and google is no longer hijacked! I'll post the logs below, but just so I can help prevent this from happening again, what do you recommend I use: IE7 or Firefox? I've heard good things about Firefox and that I should stay away from IE7, but that's all I've known and used for a long time. Also, what do you think about Kaspersky Anti-Virus 2009 versus Windows Live OneCare or any other program for that matter? Hopefully Kaspersky is good since I already opened it. Hopefully this is the last of the virus. It sure was nasty. But you were amazing, and I never could have fixed it without your help, and for that, I am truly grateful. I'll wait and see if the logs revealed any more nasty surprises before I start the celebration though. (I tried doing what you said about putting CODE tags around the SDFix log, but I'm not entirely sure I did it right. I hit the # sign icon that says "wrap [CODE] tags around selected text" and I'm not sure it did what it was supposed to. I did notice that it inserted a lot of emoticons in one part, and apparently the letter "d" became an emoticon, so I'm not sure how that happened. Let me know if I did something wrong and I'll be happy to try again. See, totally inept.) HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:41 PM, on 11/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Charlie Kierscht\Desktop\New Folder\Analysethis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195791662969 O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab O20 - AppInit_DLLs: karna.dat O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 7744 bytes SDFIX Log |
| ||
| Re: Serious Virus won't even let me search for help . . . Oh, and after all of that, I forgot to ask if that error regarding SPRTCMD.EXE and LIBEAY32.DLL has anything to do with the virus. I still get that when the computer starts up. It's been doing that for at least a month now, and doesn't appear to have any effect on the computer as far as I can tell. but I suppose there's some reason for it. Maybe that's a whole other issue. |
| ||
| Re: Serious Virus won't even let me search for help . . . So I did a little research on google, since I can now use it again, and I don't want to be totally useless, and read some interesting things regarding LIBEAY32.DLL and SPRTCMD.EXE and how they can be virus related, and I even saw something about the LIBEAY32.DLL being related to a program that captures keystrokes and screen captures and stuff, but that seemed isolated and may have been a scam to get you to download some other crap. I also have two files, when I look at the properties it says "type of file: file" on my desktop that have been there for months, and I cannot delete them. The computer won't allow it. It says "cannot read from source." Not sure if that has anything to do with the problems or not. Just trying to make sure there isn't something lurking waiting to rise up again. |
| ||
| Re: Serious Virus won't even let me search for help . . . Kaspersky or Nod32 if you wish to buy. I use Avast free edition and have never found a need to buy AV. Main reason for that is because I refuse to use Internet Explorer. My browser of choice is Opera and has been for the last 5-6 years. == I am not convinced your pc is yet clean. Please download ComboFix by sUBs from HERE or HERE
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| ||
| Re: Serious Virus won't even let me search for help . . . Yeah, unfortunately you're right. Google is hijacked again. It appears help sites are getting blocked, and the slowdown is returning. Since the changes you had me made, I noticed that when I ran my Kodak Easyshare program, and it accessed the Internet for some update I'm assuming, and when I went to Facebook to upload some pictures, I had to install the pic uploader. But, I would assume both of those SHOULD be trustworthy. I'll follow those steps and post the results. Thanks. |
| ||
| Re: Serious Virus won't even let me search for help . . . Good grief. This stupid virus won't let me open either of those links. I can't do a right click and save as either. I'm starting to get really, really mad. Okay, madder than I was. |
| All times are GMT -4. The time now is 5:17 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC