Got a virus or two....URGENT!

[stprorolla49]

i think ive got some viruses on my computer because when i got up this morning and turned the moniter on, there were like 20 windows open, there were programs loaded that i never loaded, and the computer is acting realy sluggish now....last time i had a problem a few of you guys suggested HiJackThis....here are my questions...

1) would this work?
2) if i ran the program, and posted the results can someone tell me which programs to get rid of?
3) any other suggestions??

this is my only computer that i have full access to, and i need it working right by this afternoon because i have some school work to do....please help!!

 

[Synned]

For now >
start>run > msconfig
Go to the startup tab and disable everything.

Restart the computer and download SpySweeper or Spybot and run those. They will rid you of most spyware.

I hate to say it, and many people may disagree with me,

but you will never get rid of it 'all'.

 

[final5-0]

For now >
start>run > msconfig
Go to the startup tab and disable everything.

Restart the computer and download SpySweeper or Spybot and run those. They will rid you of most spyware.

I hate to say it, and many people may disagree with me,

but you will never get rid of it 'all'.

I know you are a PC WIZ

I have had good results with using Spybot as well.

I have used Ad-Aware with good results also.

I usually run both programs on a regular basis to keep things clean.

Do you have any comments good or bad about Ad-Aware?

Grady

 

[Zero Signal]

Post your scan for the HiJackthis. I could tell you what to remove.

Also consult with this site, post it in the box and hit Analyze. http://www.hijackthis.de/

I have no virus software, I only use hijackthis and a program called 'startup control panel' combined with Mozilla. I've gone two or three years without any problems.

I used Adaware and Spybot for awhile and they just don't do it for me. I would run them and have to finish the job manually in the reg. half the time.

I fixed a friend's computer who had major problems. Lesson: stay away from the ****, warez, and file sharing programs and you will NEVER have a problem. My brother is a tech at the University and he basicly says **** and file sharing is the culprit in at least 85% of the problems he encounters. The rest of them are sorry bastards who install junk from ads or fall for virus emails.

 

[zZsKyZz]

First do the msconfig thing like Synned said.
Then go download norton antivirus or kaspersky antivirus. After installing them update the definition file and scan your computer. then reboot your computer and scan again.
If that doesn't work I suggest trying ctrl+alt+del and killing all the proccesses that you can. This is so the virus doesn't bind itself to any services that windows starts with and then it runs hiddenly. I know some versions of RxBot will recreate explorer.exe and does the same thing, but also acts as a bot; so launch your AV program first then kill everything except the AV. Also, the virus may change your HOSTS file and block the address to where the AV program tries to update so if it does I would try a few different AV programs such as norton, KAV, panda, and if you must mcaffee (even though it's crap).

Also, check your win.ini and boot.ini files.

 

[RedStallion43]

Watch out whatever you do, with Hijackthis and similar programs you can screw up your computer if not done right

 

[Synned]

Yeah, go into task manager (Ctrl alt del)
and look for processes that you don't recognize.
If you don't have any experience with this stuff, kill programs that are like sadchdsuj8e.exe just long stuff that doesn't look like it has a meaning.
This may not help with newer spyware, which will just re-open itself instantaneously. For that you have to find the process that is linked to the one you are trying to kill and kill them both.
Ad-Aware is also a good spyware program.
Any updates on what you have tried/done?

 

[VibrantRedGT]

I use AdWare and Norton every single day. Been doing this for years. Never had a virus of any kind. I have both programmed to do it automatically. Take the advice of the above posts.

 

[Chronos[AsG]]

The problem with killing processes is that there is usually a large number of them and many of them are generic windows processes. It can get confusing about what you should kill and what you shouldn't. If Zero can help you with the HiJackThis results it would be extremely helpful but I still dont think it would hurt to run Ad Aware (which has become very mediocre in the last year or two), Spybot: Search and Destroy and then run a good anti-virus. I would recommend AVG as it is free and effective. Stay away from Norton and McAfee. They're both resource hogs and aren't very good anyway.

After everything is back to normal you might want to run spyware and virus scans every week or so.

 

[stprorolla49]

aite heres my logfile from HiJackThis...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\znzniqj.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\ninety5fiveoh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms0403007-625] C:\WINDOWS\ms0403007-625.exe
O4 - HKLM\..\Run: [znzniqjA] C:\WINDOWS\znzniqjA.exe
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\lv4009hme.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbCBCYXJiYWxpbmFyZG8\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\znzniqj.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

 

[zZsKyZz]

C:\WINDOWS\znzniqj.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe

I'd look into these... They don't seem right. The only legit one may be SYSC00.exe.

 

[stprorolla49]

after running my logfile through hijackthis.de and analyzing it, it cannot delete the o10 files which are all "nasty" files....also, when i go the startup tab in msconfig, when i uncheck all the files, and restart, and i go back to the startup tab, they are all still unchecked except the 4 that i believe are viruses/spyware ...anyone?????

 

[8950HO]

Try Microsoft Anti Spyware Beta 1.It`s free off the Microsoft site and removed some serious **** off my pc a while back that both Ad-Aware and Spybot could not remove.

Microsoft has a free malicious software removal tool that`s also free to download I believe.

 

[Synned]

Not to sound offence, but with the computer experience it sounds like you have it's gonna be hard for you to remove all of that. Boot into safe-mode and run all of the anti-spyware programs in safe mode that way they will not be running at the time. Also in safe mode, do the msconfig thing once more.

 

[stprorolla49]

Not to sound offence, but with the computer experience it sounds like you have it's gonna be hard for you to remove all of that. Boot into safe-mode and run all of the anti-spyware programs in safe mode that way they will not be running at the time. Also in safe mode, do the msconfig thing once more.

haha thanks man....i acutually have a good bit of computer experience, im just retarted today for some reason...ive done all this before on my bros computer and had no problems....sry for keeping on asking all this ****...whats your SN on aim if you have one? in case i need help later...thanks a lot buddy, i appreciate it!

 

[Synned]

haha thanks man....i acutually have a good bit of computer experience, im just retarted today for some reason...ive done all this before on my bros computer and had no problems....sry for keeping on asking all this ****...whats your SN on aim if you have one? in case i need help later...thanks a lot buddy, i appreciate it!

Yeah, spyware can be a bitch to get rid of.
If you need any help at all...sn's renaxgade. I'll try to help you to the best of my knowledge.

 

[Monsterbishi]

There are quite a few trojans out there that are programmed to stop task manager from being able to stop them, when cleaning up peoples pc's we use a program called "Security Task Manager" that the trojans, etc do not regard as a threat. Beyond that I'm old school - DOS, notepad and regedit are my weapons.

On top of that - doing it with the OS in safe mode is the key.

 

[VibrantRedGT]

Try Microsoft Anti Spyware Beta 1.It`s free off the Microsoft site and removed some serious **** off my pc a while back that both Ad-Aware and Spybot could not remove.

Microsoft has a free malicious software removal tool that`s also free to download I believe.

Wow, good call. I used my Ad-Aware this morning. The Microsoft software found lots more.

 

[stprorolla49]

fixed! synned helped me out for like 2 hrs over the phone cause hes the man, and we ended up ****in the computer up more, losing internet, then just doin a system restore and it worked....thanks guys!

 

[Zero Signal]

Start by getting rid of these. If you know that some of these are ok, then don't mess with it, so check first. As mentioned, you can do more damage than good if you start shooting from the hip with a program like this. Since I don't know everything you have installed, I can't tell which ones are good, but these are the ones I would instantly delete from MY machine. As a rule of thumb, if you have all your progams closed (nothing in the taskbar either) you should have 20-25 running processes. If you have a multi-function printer, it may be more like 30.

EDIT: Just saw that you got it fixed. Good deal Still worth looking into though . . .

C:\WINDOWS\znzniqj.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms0403007-625.exe
C:\WINDOWS\znzniqjA.exe
C:\WINDOWS\System32\wuauclt.exe

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms0403007-625] C:\WINDOWS\ms0403007-625.exe
O4 - HKLM\..\Run: [znzniqjA] C:\WINDOWS\znzniqjA.exe
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\lv4009hme.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbCBCYXJiYWxpbmFyZG8\command.exe (file missing)

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\znzniqj.exe