I downloaded some pirate software on Friday night, and must have hit a virus. Here are the symptoms and the actions I've taken:

*The computer is a new USED machine which had no anti-virus software installed

Sat night - Start menu programs dissappeared, no access to control panel, no access to taskmanager (the computer administrator has disabled this feature). The DATE/Time section says the time in military time, then VIRUS ALERT! so all referance to time now also includes the words VIRUS ALERT!

Any attempt to use firefox or IE took me to about:blank.

Steps taken: Downloaded Windows Defender, found errors and deleted them. Downloaded Service Pack 3 and security updates. Downloaded AVAST! Antivirus and ran thorough scan. found errors, put in chest then deleted (file name was Vapsup)

Got into Computer Manager and selected "disable" on the options for blocking out the user from the start menu, taskmanager etc. Deleted all other users.

Ran DiskCleanup, Ran DiskDefrag. Ran Sys Restore to a checkpoint last week but had no effect.

*Remaining issues include the Date/Time still says VIRUS ALERT! - Avast does not find any other harmful files.

*Also, from MY COMPUTER I cannot see the C: drive.

*Also, from SYSTEM Its says Dell, and below it VIRUS ALERT!

*Also, my Start Menu still does not show all the programs installed on the computer. I was able to get it to show some, but they come up on the left side as links instead of menu items.

**I have a registered copy of Windows XP, but I dont have a disc for recovery. What can I do? I'd be okay with formatting the drive and reinstalling everything, but no Windows!

Can anyone help???????

tiger86 commented: I dissaprove of you asking for help when you brought this on yourself by stealing software thats what the word pirating means. +0

Recommended Answers

All 9 Replies

Have you tried scanning with Spybot Search & destroy? Additionally, we would appreciate if you could post a copy of your hi-jack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30: VIRUS ALERT!, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\XP\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dapol.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E4A847F1-5B48-43FE-ACA3-6C0ED65EA4EC} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O21 - SSODL: xvorfwbd - {631793D4-8F77-434D-A7ED-C1DBB87E4533} - C:\WINDOWS\xvorfwbd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe

--
End of file - 7702 bytes

Have you tried scanning with Spybot Search & destroy? Additionally, we would appreciate if you could post a copy of your hi-jack log.

So...did you use spybot search & destroy?

use SUPER Antispyware PRO.

I downloaded some pirate software on Friday night, and must have hit a virus. Here are the symptoms and the actions I've taken:

*The computer is a new USED machine which had no anti-virus software installed

Sat night - Start menu programs dissappeared, no access to control panel, no access to taskmanager (the computer administrator has disabled this feature). The DATE/Time section says the time in military time, then VIRUS ALERT! so all referance to time now also includes the words VIRUS ALERT!

Any attempt to use firefox or IE took me to about:blank.

Steps taken: Downloaded Windows Defender, found errors and deleted them. Downloaded Service Pack 3 and security updates. Downloaded AVAST! Antivirus and ran thorough scan. found errors, put in chest then deleted (file name was Vapsup)

Got into Computer Manager and selected "disable" on the options for blocking out the user from the start menu, taskmanager etc. Deleted all other users.

Ran DiskCleanup, Ran DiskDefrag. Ran Sys Restore to a checkpoint last week but had no effect.

*Remaining issues include the Date/Time still says VIRUS ALERT! - Avast does not find any other harmful files.

*Also, from MY COMPUTER I cannot see the C: drive.

*Also, from SYSTEM Its says Dell, and below it VIRUS ALERT!

*Also, my Start Menu still does not show all the programs installed on the computer. I was able to get it to show some, but they come up on the left side as links instead of menu items.

**I have a registered copy of Windows XP, but I dont have a disc for recovery. What can I do? I'd be okay with formatting the drive and reinstalling everything, but no Windows!

Can anyone help???????

Were you ever able to get rid of the military time and the VIRUS ALERT!? I am experiencing the same problems.

Ok a few things. You'll need to install an anti-virus. I recommend AVG, you'll need to scan your computer with spybot search & destroy. Also, try be careful when downloading items from P2P & pirate/torrent sites. After you've done the above, We'll provide you with the registry fix to set your computer back to normal.

This happened to me too. What is the registry fix?

I used Spybot and it said it deleted a lot of stuff but the time still shows military and "VIRUS ALERT" and I still can't see my start menu or anything in my C: drive. I hope the registry fix will bring this all back. Please let me know what to do next.

I have no sympathy for you, I am actually glad you caught a virus cause you were as you said downloading pirated software and downloading anything without virus protection is a big no no!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.