1.

Solve : virus won't let me access my computer!?

Answer»

nope, sorry....just tried. i can't get online....it says my router card is not plugged in...which it is...

what a mess...sorry.

Note: In Safe Mode, using Task Manager, I was able to find out the name of the bug that did this to me. Opening Avira thru the Task Manager, I saw this:

"Virus or unwanted program 'TR/Crypt.FKM.Gen[trojan]'
detected in file 'C:\\WINDOWS\system32\uiakbacq.old.
Action performed: Move file to quarantine"

thnxTried the Avira Rescue System. HOWEVER, CD did not work in affected computer. Booted with CD in, and the entire system froze. Could not even log into Windows. When CD drive was opened, the computer started again, I was able to log onto Windows as before, but nothing had changed, still no desktop.



I have written Avira to see if there is a way to use the Rescue System with a flashdrive instead of a CD. I am awaiting their response.

As always, any suggestions you might have are welcome.

thnx   You might be able to use it from a flash drive but since you are not able to use the computer...... it probably won't work. Plus if it won't boot from the CD then I'm sure it wouldn't boot from a Flash Drive either.

Since you can open Avira through Task manager can you also run it?

I'm wondering if this is even a virus to blame.

Hello again.

I finally heard from Avira, and they just gave me the instructions on how to burn their disc. Not the info I needed...giving up on that, as you suggested it wouldn't work anyway.

However, digging around in Task Manager today I discovered how to access nearly all my files, and even get online. That done, I got the updated SAS as you suggested and ran another scan. I ran another HijackThis scan afterwards as well. Here are the logs for the new scans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2009 at 01:29 PM

Application Version : 4.26.1002

Core Rules Database Version : 3879
Trace Rules Database Version: 1827

Scan type       : Complete Scan
Total Scan Time : 03:06:38

Memory items scanned      : 365
Memory threats detected   : 0
Registry items scanned    : 5744
Registry threats detected : 1
File items scanned        : 53283
File threats detected     : 5

Adware.Tracking Cookie
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\[email protected][2].txt

Trojan.SVCHost/Fake
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.39.47, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4562 bytes


thx...any of your thoughts are welcome at this point How is the computer running now?

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show RESULTS to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
    • Copy and Paste the entire report in your next reply.
    .
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.Hi

    My apologies for the delay in getting back to you. After all this...I believe your thought on this not being a virus was correct. After looking around on the internet, I saw other people had the same kind of problem as I have, after deleting AdAware, which is something I did. I didn't mention it before, because I completely forgot actually.

    At any rate, I have surrendered. My computer has had nothing but problems since the day I bought it. It was used, cheap, and as I was to assume with time, most LIKELY stolen. The copy of Windows was not registered, so I could never get help from MS, couldn't download things I needed and so on.

    So, the time has come. I'm just wiping the thing clean, and starting over with a new install of Windows. That should just about take care of everything I hope.

    Thank you so much to everyone that helped me through this. I truly appreciate CH being here...you guys have been a great help to me time and again. As well as being teachers! If any good has come from two years of dinkin' around with this laptop from *censored*...I certainly have learned A LOT!!! Actually, I'm looking into some IT classes now...I actually love learning all this stuff!

    THANKS again to all   Thanks for letting me know.


    Discussion

    No Comment Found

    Related InterviewSolutions