 |  |  |  |  |  |  |  |
this virus has taken all the control
Thread Solved |
•
•
Join Date: Jun 2008
Posts: 53
Reputation: 
Solved Threads: 0
Junior Poster in Training
Hello guys
I gone through "read me first" for this section and seems that I can't do anything.
Here is the problem and the things I tried to solve my problem.
The first encounter with the virus was when I tried to start gtalk (4-5 days ago), and a window poped up saying 'select the program you want to use to open this file' (you all must be familiar with this msg, it comes when we try to open something windows doesn't recognize).
I inquired and got to know that my cousin brought some files from some internet cafe which
caused the problem. I still don't know what files he brought. I looked for suspicious looking programs and files so I found some unusual things some of which i remember.
Then i tried opening gtalk again and same msg. similarly with other programs. I downloaded an open source antivirus from www.clamwin.com and found that i can't even install anything.
I tried gtalk (and other programs) by right clicking and selecting "run as". I could run every program. So I again tried installing by this method but again i got "access is denied".
when I select "run as" it gives me two option, namely - 1. run as current user 2. run as administrator, but my account had admin rights (this is the only account on login screen) , and when i installed windows XP i didn't create any other account by name "administrator".
so I tried creating another account with admin rights, when clicked on user accounts(in control panel) it said rundll32.exe not found, but its there. same msg for add n remove programs etc.
I tried to scan my computer from Kaspersky website and it detected 3 viruses namely
rundll32.exe, avsp.exe and one more i don't remember the name. the last one it deleted, avsp and rundll32 it couldn't.
I tried to scan my computer with sysclean.com (a dos based cleaner at trendmicro, one needs 4 files to run this) and it detected 1 viruses, namely avsp.exe I dont know whether it could delete it or not. Relevant log is as below
C:\avsp.exe [WORM_VB.EAI]
25384 files have been read.
25384 files have been checked.
25353 files have been scanned.
177734 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Also I cant use regedit.
anything like msconfig would again open the pop window with msg 'select the program you want to use to open this file'.
Thanks in advance
I gone through "read me first" for this section and seems that I can't do anything.
Here is the problem and the things I tried to solve my problem.
The first encounter with the virus was when I tried to start gtalk (4-5 days ago), and a window poped up saying 'select the program you want to use to open this file' (you all must be familiar with this msg, it comes when we try to open something windows doesn't recognize).
I inquired and got to know that my cousin brought some files from some internet cafe which
caused the problem. I still don't know what files he brought. I looked for suspicious looking programs and files so I found some unusual things some of which i remember.
- driveguard.exe running in task manager
- a folder named driveguard in "C:/Program Files" containing driveguard.exe and a text file which i deleted instantly. so no information on them too
- I also felt a process wuauclt.exe which is still running in my task manager (it re-initialize it by itself when i stop/end it) is also a virus (i am a newbie)
- and some other process which i don't remember, I stopped (ended) them.
Then i tried opening gtalk again and same msg. similarly with other programs. I downloaded an open source antivirus from www.clamwin.com and found that i can't even install anything.
I tried gtalk (and other programs) by right clicking and selecting "run as". I could run every program. So I again tried installing by this method but again i got "access is denied".
when I select "run as" it gives me two option, namely - 1. run as current user 2. run as administrator, but my account had admin rights (this is the only account on login screen) , and when i installed windows XP i didn't create any other account by name "administrator".
so I tried creating another account with admin rights, when clicked on user accounts(in control panel) it said rundll32.exe not found, but its there. same msg for add n remove programs etc.
I tried to scan my computer from Kaspersky website and it detected 3 viruses namely
rundll32.exe, avsp.exe and one more i don't remember the name. the last one it deleted, avsp and rundll32 it couldn't.
I tried to scan my computer with sysclean.com (a dos based cleaner at trendmicro, one needs 4 files to run this) and it detected 1 viruses, namely avsp.exe I dont know whether it could delete it or not. Relevant log is as below
C:\avsp.exe [WORM_VB.EAI]
25384 files have been read.
25384 files have been checked.
25353 files have been scanned.
177734 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Also I cant use regedit.
anything like msconfig would again open the pop window with msg 'select the program you want to use to open this file'.
Thanks in advance
Last edited by grvs; Aug 16th, 2008 at 8:01 am.
When I was in 10th i thought I knew all the maths, when I came to graduate level, I thought there is something I didn't know about, and when I completed my PhD, i knew that I don't know anything about maths.
life's like math
oh btw... I haven't done PhD
life's like math
oh btw... I haven't done PhD
Sounds like you have quite a mess there!
-- Are you able to run any tools in Safe Mode?
If you want, you could try this AT YOUR OWN RISK:
Run this early beta of a scanning tool I've been writing off and on for a while. It should be safe - many of the more risky components are not included in this early version.
Download PeekabooXP.zip and EXTRACT the PeekabooXP Folder to your C:\ Drive
It needs to be there to run properly.
-- You'll need to disable your AV temporarily before you run PeekabooXP. It might hang if you don't. Run it in Normal Windows Boot, not Safe Mode.
-- Open the PeekabooXP folder on the C:\ drive and DoubleClick Run This.bat and follow the prompts.
-- A log ought to pop up in notepad - post that for me.
I'll try to check back as time permits. I've got a busy weekend of home repairs ahead of me, so I may be tied up for a bit.
Best Luck
PP
-- Are you able to run any tools in Safe Mode?
If you want, you could try this AT YOUR OWN RISK:
Run this early beta of a scanning tool I've been writing off and on for a while. It should be safe - many of the more risky components are not included in this early version.
Download PeekabooXP.zip and EXTRACT the PeekabooXP Folder to your C:\ Drive
It needs to be there to run properly.
-- You'll need to disable your AV temporarily before you run PeekabooXP. It might hang if you don't. Run it in Normal Windows Boot, not Safe Mode.
-- Open the PeekabooXP folder on the C:\ drive and DoubleClick Run This.bat and follow the prompts.
-- A log ought to pop up in notepad - post that for me.
I'll try to check back as time permits. I've got a busy weekend of home repairs ahead of me, so I may be tied up for a bit.
Best Luck
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
•
•
Join Date: Jun 2008
Posts: 53
Reputation:
Solved Threads: 0
Junior Poster in Training
Thanks PhilliePhan
actually anything in safe mode woudn't run.
I saw that rundll32.exe and found that its icon is not like an exe file but some other which i don't know... (similar to text files in vista)
i deleted it from there n dllcache too. Downloaded new rundll32.exe from web and windows din't let me copy... (how come virus could modify it)
and so on... i kept on trying on lost my internet too....
finally i had to reinstall windows... so i can't tell you how your tool would work. but i have downloaded it for the bad times in future.
Thanks once again.
actually anything in safe mode woudn't run.
I saw that rundll32.exe and found that its icon is not like an exe file but some other which i don't know... (similar to text files in vista)
i deleted it from there n dllcache too. Downloaded new rundll32.exe from web and windows din't let me copy... (how come virus could modify it)
and so on... i kept on trying on lost my internet too....
finally i had to reinstall windows... so i can't tell you how your tool would work. but i have downloaded it for the bad times in future.
Thanks once again.
When I was in 10th i thought I knew all the maths, when I came to graduate level, I thought there is something I didn't know about, and when I completed my PhD, i knew that I don't know anything about maths.
life's like math
oh btw... I haven't done PhD
life's like math
oh btw... I haven't done PhD
•
•
•
•
Originally Posted by grvs 
and so on... i kept on trying on lost my internet too....
finally i had to reinstall windows... so i can't tell you how your tool would work. but i have downloaded it for the bad times in future.
Thanks once again.
At least now you can be 100% sure your compy is clean. Some good preventive measures can be found in my "Protect Yourself" linky below.
-- That version of the tool I linked doesn't fix anything even though it says it does (it contains only part of one cleaning routine). Rather, it performs like HJT and DSS to enumerate running processes, certain registry keys, newly added files, etc... Even my later versions are pretty feeble when you compare them to a tool such as combofix, LOL!
Cheers
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
 |
Similar Threads
- Can't access control panel at all (Viruses, Spyware and other Nasties)
- A Malware, Virus, Ad-ware? (Viruses, Spyware and other Nasties)
- Slow computer/lots of errors/ Virus? (Viruses, Spyware and other Nasties)
- Norman Virus Control Startup Dissapear? (Windows NT / 2000 / XP)
- Possible virus/malware (Viruses, Spyware and other Nasties)
- New Win32 virus HJT LOG (Viruses, Spyware and other Nasties)
- New Win32 virus - i dont know what to do (Viruses, Spyware and other Nasties)
- Please, Please Help!!!!! (Windows NT / 2000 / XP)
- Dyfica Virus (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: The Operating System can not run %1
- Next Thread: please translate
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses volume war warning windows worm yahoo zeroday
