Member Avatar for khearento

i downloaded nero and installed it and it turned out to be a virus.
Iv got avg on but it wont detect it.I cant access task manager, i can't access control panel ( i can by going "run" and typing "control.exe", i can't access regedit as well.
When i go to my computer i normally have C,D,E,F now i can only access E&F. I keep gettin spy alert and all that other junk can someone please help me .

  • 3 Contributors
  • 9 Replies
  • 87 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by caperjack

Recommended Answers

All 9 Replies

Member Avatar for Bob_180_Bob

If you can get it started, go to spybot and download and run and use an online virus scanner.

Alternative Start Mode

1. Re-boot PC, as it starts tap F8 several times until the windows boot window appears.
2. Scroll to “Start with last known good configuration.)
3. Press “Enter”

Or
1. Re-boot PC, as it starts tap F8 several times until the windows boot window appears.
2. Scroll to “Safe Mode” (With networking, if you want to access the internet)
3. Press “Enter”To Repair Windows


XP from your XP CD…..

1. Re-start PC with XP CD in drive (Have your serial number handy)
2. As your PC starts press “F12” for boot menu (Or what your PC may ask for)
3. Scroll to and select “boot from CD.”
4. At prompt “Press any key to boot from CD” Press “Any key”
5. In the Windows XP Setup window, Press “Enter” to set up windows XP, (Don’t worry, this is a repair only, not a fresh install.)
6. At next window, Press “F8” to accept license agreement
7. Wait until windows displays your current version of XP and asks “To repair the selected windows XP installation press R”
8. Press “R”
9. Enter serial number when prompted.
10. Wait for files to be copied (PC will indicate 39 mins, it will take a lot less.)
11. When asked to adjust Regional language options, click “Next” as it is still set.
12. PC will re-boot.
13. If you have AVG Free, copy serial number to a file as you will lose it on repair. After repair a window will pop up asking how you want to treat AVG, Click repair and when prompted enter serial number.
14. Check to see if problem still exists.

Member Avatar for Bob_180_Bob

To Repair Windows XP from your XP CD…..

1. Re-start PC with XP CD in drive (Have your serial number handy)
2. As your PC starts press “F12” for boot menu (Or what your PC may ask for)
3. Scroll to and select “boot from CD.”
4. At prompt “Press any key to boot from CD” Press “Any key”
5. In the Windows XP Setup window, Press “Enter” to set up windows XP, (Don’t worry, this is a repair only, not a fresh install.)
6. At next window, Press “F8” to accept license agreement
7. Wait until windows displays your current version of XP and asks “To repair the selected windows XP installation press R”
8. Press “R”
9. Enter serial number when prompted.
10. Wait for files to be copied (PC will indicate 39 mins, it will take a lot less.)
11. When asked to adjust Regional language options, click “Next” as it is still set.
12. PC will re-boot.
13. If you have AVG Free, copy serial number to a file as you will lose it on repair. After repair a window will pop up asking how you want to treat AVG, Click repair and when prompted enter serial number.
14. Check to see if problem still exists.

Member Avatar for khearento

thanks for the reply. i just tried the alternate start and i still have the same problems.
i couldn't go ahead with the xp cd option because i don't have that on me, so instead i ran HJT and saved a log file and here's the result.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34: VIRUS ALERT!, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\LimeWire\LimeWire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QXK Olive - {26027218-80B3-40FA-9FA1-70FD56AA5328} - C:\WINDOWS\rodqgpvldbv.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: qalkfxor - {5371FF76-9602-4029-9626-BE8CD757EB36} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "F:\New Folder\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: rqbmvpso - {284F2413-A2F1-43CE-A59B-6E764FB7E0A6} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {01C65EF6-0962-4AA8-A6E3-7E4FC69D7209} - C:\WINDOWS\pdoskegl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5342 bytes

I also ran Malwarebytes and it showed with infections.

Member Avatar for Bob_180_Bob

Qalkfxor Toolbar is the latest fake security toolbar from Zlob trojan family. It may secretly install itself as BHO (Browser Helper Object) for Internet ...
digg.com/security/Remove_Qalkfxor_ Toolbar_Qalkfxor_dll_Removal_Tool - 24k -

Member Avatar for Bob_180_Bob

Copied from your HJT file
O3 - Toolbar: qalkfxor - {5371FF76-9602-4029-9626-BE8CD757EB36} - C:\WINDOWS\qalkfxor.dll
If you can delete this file you may be able to access the net. If so download and run spybot and maybe another online virus scanner.
If you can't access the net and you can't delete this file, can you put your drive in another (Well protected) PC as a slave and work on it there?

Member Avatar for khearento

ran malwarebyte and spybot!

problem all fixed!

thanks heaps!

Member Avatar for Bob_180_Bob

You are very welcome, I am just glad to be of some help to someone else.

Member Avatar for Bob_180_Bob

Please mark as solved to remove it from this forum.

Member Avatar for caperjack

also good to use ccleaner to help clean all the temp folders and other shit.
www.ccleaner.com

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.