Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
27 Posts
Discussion Starter #1
Despite my efforts to maintain a clean and safe computer, something miserable has bitten me. I'm not entirely sure what the issue is, but I know something unusual is going on.

Here are some signs and symptoms ...

Recently, after periods of unattended downloading, I would lose internet connectivity. The only way I could regain connectivity would be to reboot. Reboot would take what felt like forever. Sometimes there would be a windows dialogue box asking for login credentials for dial-up, which is odd considering I am not on dial. Recently, it has been discovered that all boot ups are agonizingly slow with apparent lengthy periods of inactivity (ie hard disk activity, or even a signal being sent to the monitor) On average, 4-5 minutes to boot up.

Today, while surfing, my AVG anti-virus went crazy picking up immediate virii from websites that were appearing out of know where. Bam Bam Bam Bam! A new virus infected webpage auto opens and is caught by AVG. There was also an unusual blue webpage titled windows critical update that could not be closed. I use Firefox, not IE, but if I recall, these websites may have been hosted by IE.

I have randomly been asked on occasion to shut down.

I have lost ability to access regedit (says the administrator has removed privledges, even in safe mode as the administrator). Even known workarounds commonly available on the internet have failed.

I am unable to run Adaware ... it says it's already running, when it's not ... that I am aware of.

Spybot had identified only 5 unresolved malware entries for zlob.AR and has removed these threats.

AVG virus scan found 3 instances of a virus that was in archived application packages downloaded from the internet. These have been removed. Virus scans are coming up clean. The virii that was discovered in the barrage of website attacks was also identified and taken care of at the time of attack.

I run an application called "process detector" and this is where my concern comes from. Every minute, a process starts called wmpscfgs.exe. Right now as I type this, there are currently 28 instances running, and growing. Each marked "dangerous", size of 32 KB, associated with filename c:\program files\internet explorer\wmpscfgs.exe . These processes are not identified in Task Manager. These processes cannot be stopped or deleted (Access is denied.). The processes are all siblings of other applications/processes running, like firefox, AVG, etc.

I assume this is the wmpscfgs.exe Virus, or something as sinister. I googled for removal instructions and found such from a reputable source, however, was met with several challenges along the way preventing me from proceeding successfully. .

One such instruction was to remove wmpscfgs.exe from the internet explorer directory. I am able to delete wmpscfgs.exe from my c:\program files\internet explorer directory, but it keeps coming back. When it comes back, a new process appears.

There were no wmpscfgs.exe processes to kill in task manager. The ability to kill these processes in Process Detector is denied.

I am a novice when it comes to computers and have generally had success removing threats etc. from my computers in the past, but this seems beyond my ability.

I have provided the additional support information as requested. In the time it took to prepare this documentation, from a fresh bootup, there were over 400 instances of wmpscfgs.exe running. In the end, my system was barely functional, lacking in response to any command or action. This information was collected offline, I was not connected to the internet. As I write this now, the instances of this process continue to increase, one every 1 and a half minutes. AVG has detected a virus threat from a downloaded file, which was promptly deleted. Whatever this thing is, it is visiting sites and downloading harmful files for execution.

I sure hope there can be a resolution found quickly. I appreciate all the support that can be offered. I look forward to hearing back soon.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Rob at 14:34:15.82 on Mon 03/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1168 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Maintenance\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://thefreevpn.com/home.php
uSearch Page =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\rob\fiwhfx.exe \s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Internet Explorer Plugin: {2a45ddd3-8407-482f-b53d-dc90669c9e59} - jvyj42.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {b70a1a54-6dfb-4ad8-9a62-2c00a3cc5bb4} -
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm .exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\maintenance\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [snp325] c:\windows\vsnp325.exe
mRun: [Rogers SHS] c:\program files\rogers\selfhealing\shs.exe
mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AtiPTA] Atiptaxx.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\multimedia\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NBKeyScan] "c:\multimedia\nero\nero8\nero backitup\NBKeyScan.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mExplorerRun: [RTHDBPL] c:\documents and settings\rob\application data\systemproc\lsass.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\micros~1\office12\EXCEL.EXE/3000
IE: En&queue current page with Bulk Image Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebid.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\67789765.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212019091000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: app_dll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\5981jyrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\5981jyrg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\5981jyrg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\multimedia\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-25 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-25 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-25 360584]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-10-18 7040]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-2-17 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-2-17 108904]
R2 aawservice;Lavasoft Ad-Aware Service;c:\maintenance\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-25 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-25 285392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-2-17 779496]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2009-5-25 144696]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2008-4-7 163840]
R2 spydetector;spydetector;c:\maintenance\spyware process detector\spydetector.sys [2008-6-22 9216]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-10-18 17792]
S0 baukg;baukg; [x]
S2 ATITVAUDIO;ATI WDM TV Audio;c:\windows\system32\drivers\atinsnxx.sys [2008-8-28 28672]
S2 ATIXBAR;ATI WDM Audio Video Crossbar;c:\windows\system32\drivers\atinxbxx.sys [2008-8-28 31744]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2002-2-18 303360]
S3 DCamUSBLTN;3Com PC WebCam Lite;c:\windows\system32\drivers\vqcam.sys --> c:\windows\system32\drivers\vqcam.sys [?]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-1-25 182528]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2008-11-27 10218624]

=============== Created Last 30 ================

2010-03-08 18:24:28 4 ----a-w- c:\program files\5783421.dat
2010-03-08 16:45:14 4 ----a-w- c:\program files\4330171.dat
2010-03-08 15:18:24 40448 ----a-w- c:\documents and settings\rob\atiptaxx.exe
2010-03-08 15:18:24 40448 ----a-w- c:\documents and settings\rob\atiptaxx .exe
2010-03-08 15:18:23 40448 ----a-w- c:\documents and settings\rob\nwiz.exe
2010-03-08 15:18:23 40448 ----a-w- c:\documents and settings\rob\nwiz .exe
2010-03-08 15:18:16 40448 ----a-w- c:\documents and settings\rob\rundll32.exe
2010-03-08 15:18:16 40448 ----a-w- c:\documents and settings\rob\rundll32 .exe
2010-03-08 15:18:15 40448 ----a-w- c:\documents and settings\rob\rthdcpl.exe
2010-03-08 15:18:15 40448 ----a-w- c:\documents and settings\rob\rthdcpl .exe
2010-03-08 14:30:03 94208 ----a-w- c:\windows\system32\app_dll.dll
2010-03-08 14:29:35 40448 ----a-w- c:\windows\system32\rthdcpl.exe
2010-03-08 14:29:35 40448 ----a-w- c:\windows\system32\rthdcpl .exe
2010-03-08 14:29:14 5140 ----a-w- c:\windows\system32\iapot
2010-03-08 14:29:14 34304 ----a-w- c:\windows\system32\jvyj42.dll
2010-03-08 14:28:55 0 d-----w- c:\docume~1\rob\applic~1\2555381E50B1F9879CD41212AF4DB552
2010-02-22 17:02:01 0 d-----w- c:\program files\TVersity Codec Pack
2010-02-17 23:46:18 0 d-----w- c:\program files\iPod
2010-02-13 01:19:53 0 d-----w- C:\Video2
2010-02-13 00:58:35 0 d-----w- c:\program files\Microsoft Network Monitor 3

==================== Find3M ====================

2010-03-08 19:33:55 40448 ----a-w- c:\windows\vsnp325.exe
2010-03-08 16:51:34 40448 ----a-w- c:\windows\system32\atiptaxx.exe
2010-03-08 16:51:33 40448 ----a-w- c:\windows\system32\nwiz.exe
2010-02-22 17:02:15 84468 ----a-w- c:\windows\system32\unins000.dat
2010-02-22 17:02:12 691717 ----a-w- c:\windows\system32\unins000.exe
2010-01-31 20:49:20 129579 ----a-w- c:\windows\fonts\AdobeFnt.lst
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-18 13:11:04 256 ----a-w- c:\documents and settings\rob\pool.bin
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 00:18:18 138529 ----a-w- c:\windows\fonts\AdobeFnt07.lst
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-07-03 19:41:05 139264 --sh--r- c:\windows\system32\67789765.dll
2008-08-28 22:04:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat
2009-10-25 14:25:26 97237536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-25 14:25:27 4988960 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 14:34:50.57 ===============
 

Attachments

·
Registered
Joined
·
27 Posts
Discussion Starter #2
Kaspersky Labs Online file scanner has identified the file wmpscfgs.exe as being infected with Trojan-Dropper.Win32.Agent.bsmw .

There is very little reference material online regarding this virus.

Since posting original message, I have scanned again with onboard AVG virus can, and online Housecall scan. Both identified several other virii, but not the one in question. These secondary virii were removed as part of the scan process.
 

·
Registered
Joined
·
27 Posts
Discussion Starter #3
Uncertain if this is symptomatic of the entire problem, but I am unable to copy files to my CD Writer for back up purposes. Whether dragn-drop or copy/paste, the result is a dialogue box "Windows encountered a problem when trying to copy this folder. What do you want windows to do? Retry Skip Cancel"

Oh No ... can't even back up my data?
 

·
Registered
Joined
·
27 Posts
Discussion Starter #4
I want to assure all here that I respect the valuable service you provide here, and I am grateful there are people willing to help others through their misfortunes. I also realize that complex problems and the popularity of this site has made it very busy with replies expected to take quite some time.

By computer is progressively getting worse. I can only assume it's ongoing damage caused by this assumed virus. I am disappointed in the fact that I do not know if anyone has considered helping, or if my request has been dismissed, ignored etc. I am prepared to be patient if I know that their is the potential of repair. A simple acknowledgment would be great.

I am afraid that without some sort of acknowledgment / direction, my only option will be a reformat, reinstall. It may be a drastic option considering my ability to reliably back up data is apparently lost, but I'd like to think my situation may help others with similar infections deal with things.

Thanks again for your time.
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click Advanced mode if not already selected.
  • Choose Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click Resident.
  • Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
  • If TeaTimer gives you a warning that changes were made, click the Allow Change box when prompted.
  • In the File menu click Exit to exit Spybot Search & Destroy.
------------------------------------------------------

If for some reason during these fixes you receive prompts from Spybot about whether to Allow or Deny any changes, please Allow them all.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 

·
Registered
Joined
·
27 Posts
Discussion Starter #6
Thank you Chemist,

Due to my everyday reliance on my desktop for my business, I was unable to wait any longer to benefit from your knowledgable help.

With the assistance of a commercial virus buster service, it was determined that the best option for effectiveness and financial interests was to simply reformat and reinstall.

Although data was lost, nothing important was irreplaceable ... it was more a nuisance than anything.

Thank you for your help, and I have enjoyed browsing about the site.

RK
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Thanks for letting us know.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top