Solve : VIRUS ALERT in Timebar?

1.	Solve : VIRUS ALERT in Timebar?
Answer» Out of nowhere, my WINDOWS XP Comp won't let me ENTER my properties because it has "been disabled by administrator", wont let me enter the C Drive, or get into my programs or registry once again cuz "been disabled by administrator". i have hijack this and have uploaded my log. Please help! [recovering disk space -- attachment deleted by ADMIN]Welcome to CH. Download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account or an account with Administrative rights Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log. my properties and programs are back! But still "virus alert" in time bar abd no "C:\" Heres my new log and report Thanks so far [recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM) Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if ASKED to restart the computer, please do so immediately. ---------- Now run a new HijackThis scan and post that log.I tried copying and pasting the MBAM Log but it exceeded the 2000 limit so i attached it instead [recovering disk space -- attachment deleted by admin]Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R3 - URLSearchHook: (no name) - {F7301905-45EC-4459-9919-B6002ABD5102} - (no file) - R3 - URLSearchHook: ToolbarURLSearchHook Class - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file) - O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) - O2 - BHO: (no name) - {8CEF3531-5751-4AF4-8735-C87F2B767EFF} - (no file) - O2 - BHO: QXK Olive - {A17B7E0A-5C24-4164-AD85-7CA896C66F0F} - (no file) - O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll - O2 - BHO: {578ed15d-3cdb-50ca-6a94-2a8ed02cbc6b} - {b6cbc20d-e8a2-49a6-ac05-bdc3d51de875} - (no file) - O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) - O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) - O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) - O3 - Toolbar: fqbewlna - {75745753-36ED-47BC-B54B-CFCA6403B379} - (no file) - O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe - O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe - O4 - Startup: BoontyBox Play Toad.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe - O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll - O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) - O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file) - O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes made by HijackThis. ---------- Download random's system information tool (RSIT) by random/random from and save it to your Desktop. Double click on RSIT.exe to run. Click Continue at the disclaimer screen. Once it has finished, two logs will open. log.txt <will be maximized and info.txt <will be minimized Please post the contents of both logs in the next reply. here you go bud [recovering disk space -- attachment deleted by admin]Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Answer»

Out of nowhere, my WINDOWS XP Comp won't let me ENTER my properties because it has "been disabled by administrator", wont let me enter the C Drive, or get into my programs or registry once again cuz "been disabled by administrator". i have hijack this and have uploaded my log. Please help!

[recovering disk space -- attachment deleted by ADMIN]Welcome to CH.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

my properties and programs are back!

But still "virus alert" in time bar abd no "C:\"

Heres my new log and report

Thanks so far

[recovering disk space -- attachment deleted by admin]Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if ASKED to restart the computer, please do so immediately.

----------

Now run a new HijackThis scan and post that log.I tried copying and pasting the MBAM Log but it exceeded the 2000 limit so i attached it instead

[recovering disk space -- attachment deleted by admin]Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R3 - URLSearchHook: (no name) - {F7301905-45EC-4459-9919-B6002ABD5102} - (no file)
- R3 - URLSearchHook: ToolbarURLSearchHook Class - {E26029B4-C5E8-4645-9C02-E798715F8C0D} - (no file)
- O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
- O2 - BHO: (no name) - {8CEF3531-5751-4AF4-8735-C87F2B767EFF} - (no file)
- O2 - BHO: QXK Olive - {A17B7E0A-5C24-4164-AD85-7CA896C66F0F} - (no file)
- O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
- O2 - BHO: {578ed15d-3cdb-50ca-6a94-2a8ed02cbc6b} - {b6cbc20d-e8a2-49a6-ac05-bdc3d51de875} - (no file)
- O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
- O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
- O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
- O3 - Toolbar: fqbewlna - {75745753-36ED-47BC-B54B-CFCA6403B379} - (no file)
- O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
- O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
- O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
- O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
- O4 - Startup: BoontyBox Play Toad.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
- O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
- O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
- O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
- O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
- O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis and restart the computer to register the changes made by HijackThis.

----------

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

here you go bud

[recovering disk space -- attachment deleted by admin]Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Solve : VIRUS ALERT in Timebar?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment