Hi, I don't have much time left when I think my computer got infected and I'm afraid of turning off my computer now...

I was online for some time until I got a shutdown coundown box that will shutdown my computer automaically after 1 minute but I managed to stop it by using cmd shutdown -a. Then there's a notification popup that say my antivirus has been disable and when I try to re-enable it, it was grey out. At this point I already knew this was a malware...

So I try to open up msconfig but it was locked and need admin for it but I'm running under admin at that time. And it also happen to search box in explorer but luckily the hidden file function still working well. And then my pc started to get slower by time.

I try to open my Avira AV Control Centre but it was sooo slow I had to closed it. MBAM still works and updated with latest database after the infection and found nothing on quick scan (full scan is on the way)

In Task Manager, the process that I find might be virus is avwsc.exe, rundll32.exe and wscntfy.exe since it doesn't show up on normal usage.

Please help me... I'm not sure the exact problem here and how to remove the virus I don't even know it's name.

Right now the important working programs are regedit, taskmanager, mbam, zonealarm, show hidden files... I'm afraid my AV was completely useless and msconfig was locked... I'm using Windows XP SP3 on eeepc 900ha dual-boot with ubuntu 10.04.

Thanks in advance...

Recommended Answers

All 3 Replies

Normally all three of those files are legal files, avwsc.exe is from Avira Antivirus program, wscntfy.exe is the security notification file and rundll32.exe executable is a valid part of Windows, and normally shouldn’t be a threat.
That is not to say that any or all "could" be infection but they also may very well be legitimate files so don't necessarily assume they are infections.
Finish the scans and post the logs here.

HiJackThis and MBAM log found nothing that's suspicious and then Automatic Update was turn off and it say Anti-Virus might not installed properly also all running system become slower and slower till I decide to restart it.


Frankly, soon after I restart, I was able to login normally and all system run like nothing happen, I was able to open msconfig back and check nothing suspicious on the startup either. Maybe it was a stupid joke program set up in some website to scare me out...

Anyway thanks for helping guys... Really appreciate it...

I have never heard of a "joke program set up in some website" to scare people out. The purpose of a website is to attract visitors, not to scare people out.

If you personally did not turn off the anti-virus program and automatic updates then this all points to an infection. But obviously the choice is yours to end the thread. HiJackThis is not used as much today, plus it does not normally show today's severe infections, this is one reason it is rarely used. It is merely a scanner, not a cleaner. DDS Scanner is the recommended scanner to see a full and total picture of the computer. It should much, much more than a HiJackThis scan could ever hope to show.
We always recommend that the steps in our Read Me Sticky be followed whenever an infection is a possibility.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.