|
Answer» OK My Problem is the following two screenshots:
www.ourcomm.org/screen1.JPG
www.ourcomm.org/screen2.JPG <-- What happens when i try to remove them.
A process called "windows" is doing this it takes up 100% of my processing power so much so i have to restart, i cant delete the files anymore either. The other day it created over 20k of the bugger files! It Creates them only in C:\ and in My Documents, i think, as that's only where Ive seen them!
I have tried the following programs:
Spyware Doctor
AVG Anti-virus
Ad-aware
Windows defender
Some of the results i have got are:
Torjan.Virtumonde <-- keeps appearing cant seem to remove it!
Win32.trojandownloader.Zlob? i think?
always there and cant remove them! virus scan does remove them but they just reappears!
Any help will be appreciated.
P.S Using Windows XP Media Centre with SP2 Version 2002, Intel celeron 3.2ghz, 2gb ddr ram.
HIJACK THIS LOG ATTACHED
Removed the obvious ones of:
Code: [Select]O20 - Winlogon Notify: lpisywnw - lpisywnw.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: rawkiwii - rawkiwii.dll (file missing)
O20 - Winlogon Notify: rkrfcdam - rkrfcdam.dll (file missing)
O20 - Winlogon Notify: rwrvdjqq - C:\WINDOWS\SYSTEM32\rwrvdjqq.dll
O20 - Winlogon Notify: vaovtjun - vaovtjun.dll (file missing)
[saving space - attachment deleted by admin]1. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
Print these instructions out.
SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to EXIT the program.
Post SUPERAntiSpyware log.
2. Restart in Normal Mode.
3. Print out these instructions as we will need to close every WINDOW that is open later in the fix.
Download VundoFix:
http://www.atribune.org/content/view/24/2/
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
4. Post new HJT log.Wow, thanks it got rid of it wohoo! I think it was the trojan downloader and vundo that was causing most of the problems, attached logs as requested
[saving space - attachment deleted by admin]Why is there no antivirus on the computer?
What firewall do you use?
Open HijackThis and select Do a system scan only then place a check mark next to:
O1 - Hosts: 83.133.125.99 dev.sa-mp.com <<Unless it is absolutely necessary
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O24 - Desktop Component 1: (no name) - C:\index.html
Close all windows except for HijackThis and click Fix checked
How is the computer now?It is already fixed thanks, and about those three:
1) I added that manually to the hosts file. Stays.
2) Removed
3) This is the windows web desktop - so this stays.
Many Thanks,Sounds good.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the FIRST place?
Safe surfing......Nice For future reference, I would suggest not removing any HijackThis ENTRIES without being instructed to do so first. Although it didn't HAPPEN here, removing the wrong thing could have serious consequences. But it's good that you at least told us which entries you removed. So, if there were any problems, at least we would know the source.
|
