• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

HELP!! Computer infected by some VIRUS

Hi ...i need some help.....my computer is infected by some virus.  I tried running Norton but it can't remove it and onelivecare couldn't remove it. Windows defender can't even pick it up.  My everday user profile used totally black out. First the my IE started to misfunction which caused dropped letters while typing for a couple of weeks...then IE started not to load.....then yesterday...when i logged into my profile it's just a black screen.  I was able to logged into my Admin profile but everytime i start IE it's lagging and everytime i click a link a blank page comes up but the original page goes into that link but another pop up page tries to load.

I'm running Norton 2007 but i did the live update.  Should i download NS2009?  Anybody know's what's going on?? Please HELP!!

Thanks!

Ray

Replies

Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi ...i need some help.....my computer is infected by some virus.  I tried running Norton but it can't remove it and onelivecare couldn't remove it. Windows defender can't even pick it up.  My everday user profile used totally black out. First the my IE started to misfunction which caused dropped letters while typing for a couple of weeks...then IE started not to load.....then yesterday...when i logged into my profile it's just a black screen.  I was able to logged into my Admin profile but everytime i start IE it's lagging and everytime i click a link a blank page comes up but the original page goes into that link but another pop up page tries to load.

I'm running Norton 2007 but i did the live update.  Should i download NS2009?  Anybody know's what's going on?? Please HELP!!

Thanks!

Ray

Kudos0

Re: HELP!! Computer infected by some VIRUS

Hello, istatus, and Welcome to the Norton Community!

What is the Name of the Threat Norton 2007 Detects?

And what is your Windows Operating System and Service Pack?

Thanks!

Message Edited by Floating_Red on 08-01-2009 09:06 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi Istatus:

After you have answered Floating_Red's questions:

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Choose report or log, check all the boxes and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

I'm running Windows Vista Home Premium and Service pack 2.  I ran it last nite and Norton 2007 didn't detect anything. I will do the log below now.  Thanks.

Kudos0

Re: HELP!! Computer infected by some VIRUS

how do you disable norton? Thanks.

Kudos0

Re: HELP!! Computer infected by some VIRUS

hi i'm getting this error msg saying "Failed to start service. Sysprot anitrootkit needs to be run with Admin privileges" I am under my Admin acct now.  So i don't know why.  Please Help! thx
Kudos0

Re: HELP!! Computer infected by some VIRUS

I got to the point where it says to click on everything and i hit create log and it freezes up.
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi Istatus:

It might do that and still produce a good log.  It also froze on my machine without a problem.  See if it gave you a log.  If not then go into safe mode and run again.

To turn off auto protect, right click on the Norton icon on your desktop and  disable Antivirus auto protect.  I assume you did that orI think SysProt would have been quarantined.

Give safe mode a try.  Run as administrator

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

How long does it take to run the log? after i freezes...nothing happens....in safe mode....IE can't open pages.....said page is unavailable.b
Kudos0

Re: HELP!! Computer infected by some VIRUS

If you Start Sysprot, click on the "Kernel Modules" tab do you see any strange or RED ones??

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

If i start the sysport "RUN" and i click on the Kernel Modeules.......it looks like it runs then i get that "Failed to start Service. Sysprot anitrootkit needs to be run with Admin privileges" Then i click OK and it under the tab its Blank...with headers of Module Name Service Name Module Base etc.

Kudos0

Re: HELP!! Computer infected by some VIRUS

Moved to own thread for better exposure.
Kudos0

Re: HELP!! Computer infected by some VIRUS


istatus wrote:

...Norton 2007 didn't detect anything.


Hi,

Can you please check the Security History and see if Norton 2009 has Detected anything which you may have missed.  Please also check in the Unresolved Security Risks.  Please let us know what you find or don't find.  Thanks!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HELP!! Computer infected by some VIRUS

I just checked ...Unresolved Risk....nothing.....i'm running it again......u guys have any idea what virus i have? Thx...
Kudos0

Re: HELP!! Computer infected by some VIRUS


istatus wrote:
I just checked ...Unresolved Risk....nothing.....i'm running it again......u guys have any idea what virus i have? Thx...

Please can you check the Full History then as well as Resolved Security Risks.  Thank-you for your co-operation!

Message Edited by Floating_Red on 08-02-2009 08:46 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HELP!! Computer infected by some VIRUS

Istatus:

Have you turned off Auto protect in your Norton before running these tools?  We need to identify your problem and we need a log or two.

If you still are unable to get SysProt to run, you can try GMER in safe mode

http://www.gmer.net/ 

Or Rootrepeal

http://homepages.slingshot.co.nz/~crutches/RootRepel/

Click on "Report"

Select all the boxes

Then your HD.

Then click scan

See what you can find for us.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

istatus,

I know that you don't what Files are a Threat, but, when we discover what Files are Threats, please could you Submit them to symantec Security Response before trying the Removal process; thanks.

Submitting Malware to symantec Security Response: https://submit.symantec.com/websubmit/retail.cgi.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HELP!! Computer infected by some VIRUS

GMER is still running: But Here is the current log.  I hope this helps!! My IE is soo messed up on my desktop now.  I can't even sign onto this board on my desktop

File Attachment: 
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi

Hmmm looks like a Vundo /Virtumode infection hooking into the browser, by the file "C:\Windows\System32\dimsjob32.dll"

OK

1. Please Download Hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download  The 3rd .exe version and run creating a log and post it.

2. Download Malwarebytes http://www.filehippo.com/download_malwarebytes_anti_malware/  and See if you can after installing update the definitions, and Run a Full Scan.

3. Download SuperAntispyware Free http://www.filehippo.com/download_superantispyware/   Install Then update the Definitions and Run a Full scan.

Both will also Create a log.

If  After that any file don't want to delete, stubborn like "Vundo.H" I can use the logs to script, removal Hopefully  

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

Now I have a problem.  I can't download anything from IE.  It just initializes and don't do anything....what can i do? I tried to run in Safe Mode but IE pages doesn't even load. 

Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi

Are you able to download all the programs and the offline SuperAntispyware Free definition database http://www.superantispyware.com/definitions.html  on one PC, Use a flash drive or Burn the files to a CDROM and Transfer to the infected PC??

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

I'll try that.  Any other ways besides that? Thanks 
Kudos0

Re: HELP!! Computer infected by some VIRUS

Without the programs necessary to get your internet access back, your hands are tied.  You can either use a flash drive, or burn them to a disc, but you need to get those programs onto the infected machine.

Let us know when you are ready.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

Sorry i'm not good with computer softwares etc.  So download the programs on my laptop and save all the files onto a CD Rom? That Will work right? Thx

Kudos0

Re: HELP!! Computer infected by some VIRUS

Have you got a CD/DVD burning program on the laptop, like Nero or CD creator?  You will need to open the burning program, add the files that you want to copy on the disc and tell it to burn.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi I downloaded the SuperAntispyware program and it font Tojan.agen/Gen and Trace.Known Threat Sources and Adware.Tracking Cookie.  I quarantied the items and reboot, however same results.  My normal user profile is still Blacked Out and when i switch to Admin blank screens pops up.  I tried to Download the Malwarebytes Anti-Malware but it's not letting me download from CNET download.com  Do you know where i can down this? My friend said it is good. 

Do you need me to run the GMER log again? Thanks

Kudos0

Re: HELP!! Computer infected by some VIRUS

Please stop playing,

You are downloading the programs to place on the flash drive or CDROM, from you friends PC, as you said you can't download from your PC so what's this " can't download from through the Malwarebytes website when you are not using your PC to do so.

Another location  http://www.filehippo.com/download_malwarebytes_anti_malware/

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

Playing? I'm trying to get rid of this worm or virus.  I downloaded the Malware from my laptop to a CD Rom and installed on my desktop.  I ran the scan last night and came up with 40 objects infected.  I've saved the log sheet from Malware.  I'll post tonite.  I'm at work now.  The blank pages from my Admin login went away when i click on links, however when i log into the daily user profile it's still Pitch Black.  Is my Daily User Profile corrupted? Should I delete? Thx
Kudos0

Re: HELP!! Computer infected by some VIRUS

Quads asked for a Malwarebytes scan and log, a Hijackthis log, and a Superantispyware log. We can't answer your questions by guessing.  You have a serious infection.  You need to provide Quads with the material he requires to get the job done, as soon as you can provide it.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

Thanks! I will upload the logs tonite.  I haven't done the Hijackthis log.  What website is that? I'll do that one tonite as well. Thx
Kudos1 Stats

Re: HELP!! Computer infected by some VIRUS

istatus,

Please remain calm and follow Quads' and delphinium's - they are the Users who are currently helping you - advice exactly because there are precise steps you need to take to get this Infected Removed Cleanly and Securely.  Please do not Download or use any other Products except for the ones that have been suggested to you, otherwise, you could do more damage to your computer.

Thank-you.

Message Edited by Floating_Red on 08-04-2009 11:18 PMMessage Edited by Floating_Red on 08-04-2009 11:18 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HELP!! Computer infected by some VIRUS

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi,

Attached is the Malwarebytes log.  How do I get the log for Superantispyware? I am trying to download Hijackthis now. Thanks guys!

Kudos0

Re: HELP!! Computer infected by some VIRUS

Attached is the Hijackthis log.  Please let me know what I have to do to get rid of this worm or virus.  Thx much appreciated
File Attachment: 
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi

Here they are


C:\Windows\System32\dimsjob32.dll (Worm.P2P) -> Delete on reboot.

C:\Users\Administrator\AppData\Local\Temp\28B4.tmp (Trojan.Agent) -> Delete on reboot



Except Malwarebytes does not name it as Vundo.

Update Malwarebytes again and  Run another Full Scan,  sometimes even though malwarebytes says it has deleted it, In fact it actually hasn't , or the Malware self-repairs on reboot or startup.

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi,


So you want me to look for search for these 2 files and delete them manually? Then run Malwarebytes again? Please confirm. Thx

Kudos0

Re: HELP!! Computer infected by some VIRUS

No i didn not say anything about finding them manually. I said 


Update Malwarebytes again and  Run another Full Scan,  sometimes even though malwarebytes says it has deleted it, In fact it actually hasn't , or the Malware self-repairs on reboot or startup.

Quads
Kudos0

Re: HELP!! Computer infected by some VIRUS

Okay. I will do now. Thx
Kudos0

Re: HELP!! Computer infected by some VIRUS

Also, my daily user profile is still BLACKED OUT.  It's just a pitch black screen. Do i need to delete that user profile or how can i reinstall the profile?
Kudos0

Re: HELP!! Computer infected by some VIRUS

Just finished running again. Nothing infected was found.  Pls see log.  Any ideas on how i can restore my user profile? Thx

Kudos0

Re: HELP!! Computer infected by some VIRUS

All my other USERS are ALL Blacked OUT......except for this Admin user.  ANYBODY Know how to restore all my Users? I can't even sign on as GUEST.

Kudos0

Re: HELP!! Computer infected by some VIRUS

Could it be this "The User Profile Service failed the logon"

Quads 

Kudos0

Re: HELP!! Computer infected by some VIRUS

No... i type in the passwd and it seems like it's logging into the profile but it's just a BLACK Blank screen but i can see the arrow from the mouse only and that's it.  It's just a BLACK Blank screen on the monitor. 
Kudos0

Re: HELP!! Computer infected by some VIRUS

Hi

Looks like it would have something to do with


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Quads
Kudos0

Re: HELP!! Computer infected by some VIRUS

Any idea how to fix? Thx
Kudos0

Re: HELP!! Computer infected by some VIRUS

Anybody know how to fix my users profiles?? Please HELP! thx
Kudos0

Re: HELP!! Computer infected by some VIRUS

istatus:

Relax.  These things take some time.  You had a very nasty infection. 

The user profile problem is secondary to getting the infection removed.  Do not be asking just anybody for help on this.  Quads is the only member trained and qualified to assist you. 

We are scattered all over the globe, so just wait until he gets back to you. Time zones are all different.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: HELP!! Computer infected by some VIRUS

Do You happen to have System restore points, where you can go all the way back to say 3 or 4 days before you got the Black screen on logon??

Also found this  http://forums.techarena.in/windows-vista-performance/832207.htm 

Quads 

Message Edited by Quads on 08-06-2009 07:55 AM
Kudos0

Re: HELP!! Computer infected by some VIRUS

I got the Black Screen from the Virus or Worm i was infected with (I think).  If I process the restore points..will the virus and worm files be restored?
Kudos0

Re: HELP!! Computer infected by some VIRUS

NOT if you go way back before the infection

one thing is when you get the black screen Alt + Ctrl +Del can you get the task manager and in it's run feature  type

explorer.exe

See if it is explorer.exe is not loading.

Quads 

This thread is closed from further comment. Please visit the forum to start a new thread.