0

Reboot and see how the pc is first.

Here is a rundown for a repair; http://www.michaelstevenstech.com/XPrepairinstall.htm#RI
Remember that you will lose any service packs and security updates!

==

Before doing that and as a last chance, do an online scan to see what comes up;

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases


Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Attachments Kas-SaveReport-1.gif 40.15 KB Kas-Savetxt.gif 2.56 KB
0

doing the scan now. looks like it will take a long long time. 30 mins gone and only at 6% >_<

0

here is a scan of the c drive where everything is. the other drive is just storage so i figured anything that would be wrong is where the operating system is. besides the scan ran for hours and need to sleep but the computer is too loud to remain on. i hope this helps. thanks.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 11:20:06
Records in database: 1048222
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 113632
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:21:29


File name / Threat name / Threats count
C:\Documents and Settings\User\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc1.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc2.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
E:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The scan was stopped by the user.

0

Delete the following;
E:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar
and then empty the recycle bin.
There is every chance that the infection goes beyond your C drive. As you can see, the folder you have to delete is on the E.
I think that you are still going to be looking at a system repair. If that does not fix the problem, you are then up for a complete reformat, so backing up all your wanted files would be prudent.

0

ok update. finished the full scan after 15 hours....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 17:03:02
Records in database: 1048675
--------------------------------------------------------------------------------


Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes


Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\


Scan statistics:
Files scanned: 304228
Threat name: 54
Infected objects: 103
Suspicious objects: 0
Duration of the scan: 15:21:01



File name / Threat name / Threats count
C:\Documents and Settings\User\Desktop\SmitfraudFix\Reboot.exe  Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\User\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc1.mp3   Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-1844237615-1303643608-725345543-1004\Dc2.mp3   Infected: Trojan-Downloader.WMA.Wimad.n 1
E:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe  Infected: not-a-virus:AdWare.Win32.SearchIt.t   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\0d25dedbb04b284eb9c66f9fd8426b29.a2q  Infected: not-a-virus:AdWare.Win32.BookedSpace.h    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\2ed7f299efac0d33e3a65fab997227e6.a2q  Infected: Trojan-Downloader.Win32.PurityScan.dx 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\3303458dcabc08967f47a25c3b587c7d.a2q  Infected: Trojan-Downloader.Win32.Agent.bls 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\4d7ffc85b5838a7d7b4a5a30c78680f5.a2q  Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\4dc45a56ec82cedd5f885a24c21636a9.a2q  Infected: not-a-virus:AdWare.Win32.VB.y 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\6cfab15a0f055ebfd83c009603fd7ace.a2q  Infected: not-a-virus:AdWare.Win32.BHO.ba   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\8461a68b8feb6b1621f4234435ff094f.a2q  Infected: not-a-virus:AdWare.Win32.Virtumonde.ki    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\879cabb3703679a1128c57ddfe3283ec.a2q  Infected: Backdoor.Win32.Dragonbot.k    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\9abcd867a312c2598c2aaf8180dcf06b.a2q  Infected: Trojan-Downloader.Win32.Zlob.bqw  1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\9fc400505dd0ad9343c79f187ffb8de4.a2q  Infected: Trojan-Spy.Win32.VBStat.h 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\a76dd8963246709c13f2a797687f5cae.a2q  Infected: Trojan.Win32.Agent.anr    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\afbc4648a1764a0aca5699449f33c7b9.a2q  Infected: not-a-virus:Downloader.Win32.WinFixer.o   1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\c5b554080829b36b6316e205928aaabe.a2q  Infected: not-a-virus:AdWare.Win32.VB.y 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\d2d0dac7cf4b24b4234c7922e16038be.a2q  Infected: Trojan-Downloader.Win32.PurityScan.dx 1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\e5b63c7432ec6a692c5fa1961ab7f5fb.a2q  Infected: Trojan-Downloader.Win32.VB.aya    1
E:\Program Files\Ashampoo\Ashampoo AntiSpyWare\Quarantine\e8365d8308088e63b6d9bd9858fea200.a2q  Infected: not-a-virus:AdWare.Win32.NewDotNet.e  1
E:\Program Files\Norton AntiVirus\Quarantine\016200BF.exe   Infected: not-a-virus:AdWare.Win32.DealHelper.x 1
E:\Program Files\Norton AntiVirus\Quarantine\06D67260.zip   Infected: Trojan.Java.ClassLoader.c 1
E:\Program Files\Norton AntiVirus\Quarantine\06D67260.zip   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\06D67260.zip   Infected: Trojan.Java.ClassLoader.Dummy.a   1
E:\Program Files\Norton AntiVirus\Quarantine\06D67260.zip   Infected: Trojan-Downloader.Java.OpenConnection.v   1
E:\Program Files\Norton AntiVirus\Quarantine\0D1D42B4.cla   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\11A02ADC.cla   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\17CF26DB.exe   Infected: Trojan-Downloader.Win32.IstBar.gn 1
E:\Program Files\Norton AntiVirus\Quarantine\1AA9018A.exe   Infected: Trojan-Downloader.Win32.IstBar.ij 1
E:\Program Files\Norton AntiVirus\Quarantine\1AB05583.exe   Infected: Trojan-Downloader.Win32.Apropo.aa 1
E:\Program Files\Norton AntiVirus\Quarantine\1AB37F7F.exe   Infected: Trojan-Downloader.Win32.IstBar.ij 1
E:\Program Files\Norton AntiVirus\Quarantine\1AB6297C.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\1AB95378.exe   Infected: not-a-virus:AdWare.Win32.SideFind.a   1
E:\Program Files\Norton AntiVirus\Quarantine\1ABD7D74.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\1ABD7D74.tmp   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\1AC02771.tmp   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\204B5270.exe   Infected: Trojan-Downloader.Win32.Dyfuca.ep 1
E:\Program Files\Norton AntiVirus\Quarantine\236062DA.exe   Infected: Trojan-Downloader.Win32.Dyfuca.du 1
E:\Program Files\Norton AntiVirus\Quarantine\30734C10.exe   Infected: Trojan-Downloader.Win32.Apropo.u  1
E:\Program Files\Norton AntiVirus\Quarantine\3077760C.exe   Infected: Trojan-Downloader.Win32.Apropo.bd 1
E:\Program Files\Norton AntiVirus\Quarantine\34655423.tmp   Infected: Trojan-Downloader.Java.OpenStream.t   1
E:\Program Files\Norton AntiVirus\Quarantine\38791061.exe   Infected: Trojan-Downloader.Win32.Dyfuca.ep 1
E:\Program Files\Norton AntiVirus\Quarantine\3986166F.cla   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\3989406C.cla   Infected: Trojan.Java.ClassLoader.Dummy.d   1
E:\Program Files\Norton AntiVirus\Quarantine\3B450E83.cla   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\4758442C.exe   Infected: Trojan-Downloader.Win32.IstBar.gm 1
E:\Program Files\Norton AntiVirus\Quarantine\47902576.cla   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\47934F73.cla   Infected: Trojan.Java.ClassLoader.Dummy.d   1
E:\Program Files\Norton AntiVirus\Quarantine\49DA3087.exe   Infected: Trojan-Downloader.Win32.IstBar.gn 1
E:\Program Files\Norton AntiVirus\Quarantine\49DD5A83.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49E00480.dll   Infected: Trojan-Downloader.Win32.IstBar.gj 1
E:\Program Files\Norton AntiVirus\Quarantine\49E00480.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49E32E7C.exe   Infected: Trojan-Downloader.Win32.IstBar.go 1
E:\Program Files\Norton AntiVirus\Quarantine\49E75878.exe   Infected: Trojan-Downloader.Win32.IstBar.gm 1
E:\Program Files\Norton AntiVirus\Quarantine\49EA0275.dll   Infected: Trojan-Downloader.Win32.Dyfuca.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49EA0275.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49ED2C71.dll   Infected: not-a-virus:AdWare.Win32.SideFind.a   1
E:\Program Files\Norton AntiVirus\Quarantine\49ED2C71.exe   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49F1566E.tmp   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\49F4006A.dll   Infected: not-a-virus:AdWare.Win32.Altnet.d 1
E:\Program Files\Norton AntiVirus\Quarantine\49F4006A.tmp   Infected: Trojan-Downloader.Win32.IstBar.gen    1
E:\Program Files\Norton AntiVirus\Quarantine\4ED9416F.cla   Infected: Trojan-Downloader.Java.OpenStream.t   1
E:\Program Files\Norton AntiVirus\Quarantine\520748DC.exe   Infected: Trojan-Downloader.Win32.Agent.hw  1
E:\Program Files\Norton AntiVirus\Quarantine\5520001F.exe   Infected: not-a-virus:AdWare.Win32.DealHelper.z 1
E:\Program Files\Norton AntiVirus\Quarantine\5D9804DA.exe   Infected: not-a-virus:AdWare.Win32.DealHelper.x 1
E:\Program Files\Norton AntiVirus\Quarantine\5F644321.zip   Infected: Trojan.Java.ClassLoader.c 1
E:\Program Files\Norton AntiVirus\Quarantine\5F644321.zip   Infected: Exploit.Java.ByteVerify   1
E:\Program Files\Norton AntiVirus\Quarantine\5F644321.zip   Infected: Trojan.Java.ClassLoader.Dummy.a   1
E:\Program Files\Norton AntiVirus\Quarantine\5F644321.zip   Infected: Trojan-Downloader.Java.OpenConnection.v   1
E:\Program Files\Norton AntiVirus\Quarantine\6613306F.exe   Infected: not-a-virus:AdWare.Win32.SideFind.a   1
E:\Program Files\Norton AntiVirus\Quarantine\692840D9.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.g 1
E:\Program Files\Norton AntiVirus\Quarantine\692840D9.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.d 2
E:\Program Files\Norton AntiVirus\Quarantine\692840D9.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.c 1
E:\Program Files\Norton AntiVirus\Quarantine\729D33CB.dll   Infected: not-a-virus:AdWare.Win32.Altnet.d 1
E:\Program Files\Norton AntiVirus\Quarantine\733F5ACC.exe   Infected: Trojan-Downloader.Win32.Agent.hw  1
E:\Program Files\Norton AntiVirus\Quarantine\734204C9.exe   Infected: Trojan-Downloader.Win32.IstBar.gn 1
E:\Program Files\Norton AntiVirus\Quarantine\73452EC5.exe   Infected: Trojan-Downloader.Win32.IstBar.gn 1
E:\Program Files\Norton AntiVirus\Quarantine\734958C2.exe   Infected: Trojan-Downloader.Win32.Dyfuca.du 1
E:\Program Files\Norton AntiVirus\Quarantine\734C02BE.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.g 1
E:\Program Files\Norton AntiVirus\Quarantine\734C02BE.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.d 2
E:\Program Files\Norton AntiVirus\Quarantine\734C02BE.exe   Infected: not-a-virus:AdWare.Win32.WebRebates.c 1
E:\Program Files\Norton AntiVirus\Quarantine\7DD93BF8.exe   Infected: not-a-virus:AdWare.Win32.DealHelper.aa    1
E:\WINDOWS\system32\86d2sgtf.ini    Infected: not-a-virus:AdWare.Win32.Sahat.ao 1
E:\WINDOWS\system32\bicttju8.ini    Infected: not-a-virus:AdWare.Win32.Sahat.ao 1
L:\System Volume Information\_restore{9C1DA9AF-0670-4CC7-8C67-C265A71A70B8}\RP25\A0024932.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
L:\System Volume Information\_restore{9C1DA9AF-0670-4CC7-8C67-C265A71A70B8}\RP25\A0024933.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
L:\Installers\artisanplayer.exe Infected: not-a-virus:AdWare.Win32.NewDotNet    1
L:\Installers\BitLord_1.1.exe   Infected: not-a-virus:AdTool.Win32.WhenU.a  1
L:\Installers\ddr-1.7.exe   Infected: not-a-virus:AdWare.Win32.BHO.ba   1
L:\Installers\ddr-1.7.exe   Infected: not-a-virus:AdWare.Win32.VB.y 1
L:\Installers\234 PhotoShop Plugins\234 PhotoShop Plugins.rar   Infected: Trojan-Dropper.Win32.Agent.usv    1
L:\Installers\234 PhotoShop Plugins\234 PhotoShop Plugins.rar   Infected: Trojan-Dropper.Win32.Agent.sxe    1
L:\CloneDVD2.v2.9.1.9.Incl.KEYGEN-FFF.zip   Infected: Trojan-GameThief.Win32.OnLineGames.sdnf   1
L:\McAfee Total Protection 2008 + Cracked\Autorun.exe   Infected: Trojan.Win32.Monderc.gen  1
L:\McAfee Total Protection 2008 + Cracked\CDSetup.exe   Infected: Trojan.Win32.Monderc.gen  1
L:\McAfee Total Protection 2008 + Cracked\en-AU\Install.exe Infected: Trojan.Win32.Monderc.gen  1
L:\Norton 360 - v2.1.0.5 + Keygen\KEYGEN\Keygen.exe Infected: Backdoor.Win32.SdBot.fft  1
L:\Norton 360 - v2.1.0.5 + Keygen\Keygen.exe    Infected: Backdoor.Win32.SdBot.fft  1
L:\CloneDVD2.v2.9.1.9.Incl.KEYGEN-FFF\keygen.exe    Infected: Trojan-GameThief.Win32.OnLineGames.sdnf   1


The selected area was scanned.

Edited by happygeek: fixed formatting

0

Well, I can see what has got you now.

L:\McAfee Total Protection 2008 + Cracked\Autorun.exe Infected:
L:\McAfee Total Protection 2008 + Cracked\CDSetup.exe Infected:
L:\McAfee Total Protection 2008 + Cracked\en-AU\Install.exe Infected:
L:\Norton 360 - v2.1.0.5 + Keygen\KEYGEN\Keygen.exe Infected:
L:\Norton 360 - v2.1.0.5 + Keygen\Keygen.exe Infected:
L:\CloneDVD2.v2.9.1.9.Incl.KEYGEN-FFF\keygen.exe

Cracks and serials for software.
Even if we removed what I can see there, your pc will not be back to normal. It has been severely compromised and in my opinion should be reformatted.

0

what? :( so my antivirus was causing it? but those things are on a removable drive.... it's not even part of the computer. wouldn't disconnecting that drive or deleting the files or reformatting that one particular drive fix it? it's an external storage drive.

0

No, your antivirus did NOT cause it. Downloading cracks and keygenerators to bypass purchasing a product caused it. The trojans installed with the cracks were let loose on your entire pc when the cracks were initiated. Would have happened regardless of where they were run from.

0

so the fact that the problems don't show up on any scan still means they are there? now way to fix but reformat?

0

All the crap that came with the cracks have most likely corrupted system files. I did suggest in post #31 that you attempt a system repair.

0

yea i've been looking at that, but that post you linked made it sound like "omg it's such a big deal make sure you really really really really really want to do it and know what you are doing or your computer will blow up!" >.<

is it really that critical of a thing to do? i've looked at the cd install but nothing on it apparent saying "repair" i'm just afraid of making my mistake and making the problem worse, accidentally erasing my drive(s), losing my data, etc. >.<

0

Those instructions are not as hard as they look. You need to go into your bios and set up your computer to boot from the CD. Pop the XP CD into the drive and wait for the install to reach the "Welcome To Setup" stage. Follow the instructions as per that site.

0

yea but it has all these precautions and whatnot and makes it sound like a last ditch effort kind of thing and that i'll lose a lot. i really don't want to make things worse. :(

have you done a repair? is it easy and safe?

0

I have done one repair and several reformats. The first time is always the hardest :D. Provided you follow the instructions to the letter, you will be ok. Print the instructions out and read through several times until you get a picture in your head of what you have to do.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.