0

Hi, My problem is that:
i turned on my computer and because i didn't install Microsoft Office yet, i was using Notepad to keep my temporary files. i clicked and it never responded, so i thought it was a process that i needed to stop running through task manager, i then attempted to open task manager using all the ways possible, and nothing happened apart from the cursor showing the loading sign.

Since then i realised how my logo i cons for the windows programs like,notepad, outlook express,windows update, paint command prompt. etc. were all missing. I was thinking this is a virus, but i have run a few scans on Mcafee Security Centre and it shows me my laptop is fine. Everything else works its just that i really need some of the programs.

Thanks alot. Hope you can help ;-)

3
Contributors
13
Replies
14
Views
8 Years
Discussion Span
Last Post by jholland1964
0

Nope. it doesn't work. Its just the same after a full system scan.
How does using the program on another computer help on this one?

Thanks for trying to help anyways. =]
Please if you can keep looking for solutions.

0

Nope. it doesn't work. Its just the same after a full system scan.
How does using the program on another computer help on this one?

Thanks for trying to help anyways. =]
Please if you can keep looking for solutions.

No, you wouldn't run the scans on another computer I believe what he meant was download to either a cd or flash drive using another computer and then bring it to the affected computer and install from the cd or flash drive.
Can you tell us what operating system you are using? Are you using the affected computer to post here or another computer?
You wouldn't be keeping temporary files in notepad, that isn't a storage program. You may be saving them AS notepad files but they would be stored someplace else on the computer.

0

No, you wouldn't run the scans on another computer I believe what he meant was download to either a cd or flash drive using another computer and then bring it to the affected computer and install from the cd or flash drive.
Can you tell us what operating system you are using? Are you using the affected computer to post here or another computer?
You wouldn't be keeping temporary files in notepad, that isn't a storage program. You may be saving them AS notepad files but they would be stored someplace else on the computer.

I am using Microsoft Windows XP Professional version 2002 Service Pack 2. And yes i am using the infected computer to post here. Everything works well just that i cannot access most windows programs.
Also this is like the 3/4 time i have reformatted my laptop almost everytime it catches a virus. But i will leave it for now as i can do most things i need to do.
Thanks

0

You can't leave infection on the computer. There are many which will damage key files and render the computer useless. You need to get it clean. Do you run an anti-virus program and take other security precautions? If not then the computer will continue to become infected, no matter how many times you reformat. Reformatting just wipes the drive and re-loads the operating system, it does nothing to protect it against infections.

0

I have McAfee Security Centre. and it shows that i have no viruses.

What can i do to get rid of this virus?

0

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Download HiJackthis. Run a Full Scan and save the log. Post back here with the MBA-M log and the HJT log.

0

Here is the HijackThis Log. I cant paste the MBAM log because i can only view notepad documents by adding the file to archive using Winrar and then i can view it and i cannot find the .txt file anywhere in my computer. i also ran a search and couldnt find the file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:56:50, on 25/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 4647 bytes

0

I really need to know what was removed by MBA-M and from where.

Ive been looking and im not sure how im going to get the log yet.

0

Open the program, go to the Log Tab. The logs are there, just double click on the correct one and copy/paste it here.

0

I cannot open .txt files beause of the virus.

Then how did you get that HiJackThis log? Those are .txt files. Sorry, but this doesn't make much sense to me, if you can get one log why can't you get the other?
It has been five days since your last post, have you been using this computer?
If so then you should start over with the steps.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.