ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 04-19-2010, 01:18 AM   #1
Gigabyte Member
 
Theblackoutow's Avatar
 
Join Date: Dec 2009
Posts: 989
Default Virus won't allow me to run programs

Hey guys, I need some help, I was recently infected with some sort of virus that won't let me run any program (except FF) and I really need help getting rid of this. Fast reply's please, this computer has to be functional by tomorrow.
__________________
Top 20 Intel / ATI: 16.) 18269 -- Theblackoutow (i7 860 / 5850)
MOBO: Asus P7P55 CPU: Intel i7 860 RAM: 8gb OCZ DDR3 GPU: Asus Radeon 5850 HD: Western Digital Caviar Black 1TB PSU: OCZ 700 watt modxstream CD/DVD: LG Dvd Drive Case: Antec 900 OS: Windows 7 Home Premium
Theblackoutow is offline   Reply With Quote
Sponsored Links
Old 04-19-2010, 01:46 AM   #2
Gigabyte Member
 
deanj20's Avatar
 
Join Date: Mar 2010
Location: Corpus Christi, TX
Age: 32
Posts: 957
Default

Hey Theblackoutow,

Try running one of the versions of rkill in safe mode - try the exe first, and if that doesn't work, try the .com, the .scr and the .pif - one is bound to work.

Then, still in safe mode, run Malwarebytes Antimalware. Remove whatever it finds.

Then run HijackThis! and post your log here.
__________________
Jeremy Dean Online
deanMachine11 Specs:
CPU: Intel Celeron Dual-Core E3300 @ 2.5GHz
Mobo: Foxconn G41MXE-V
RAM: 4GB Mushkin DDR3 667MHz
GPU: 1GB Radeon HD5700
PSU: Cooler Master 450W
deanj20 is offline   Reply With Quote
Old 04-19-2010, 02:19 AM   #3
Gigabyte Member
 
Theblackoutow's Avatar
 
Join Date: Dec 2009
Posts: 989
Default

Thanks a lot dude, I ran the RKIll and that aloud me to run System Restore so I restored and everything is running fine but I'm running Malewarebytes now so I can make sure it's clean then I'll post the HiJack log.
__________________
Top 20 Intel / ATI: 16.) 18269 -- Theblackoutow (i7 860 / 5850)
MOBO: Asus P7P55 CPU: Intel i7 860 RAM: 8gb OCZ DDR3 GPU: Asus Radeon 5850 HD: Western Digital Caviar Black 1TB PSU: OCZ 700 watt modxstream CD/DVD: LG Dvd Drive Case: Antec 900 OS: Windows 7 Home Premium
Theblackoutow is offline   Reply With Quote
Old 04-19-2010, 02:52 AM   #4
Gigabyte Member
 
Theblackoutow's Avatar
 
Join Date: Dec 2009
Posts: 989
Default

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:50 PM, on 4/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe
--
End of file - 2919 bytes
Anything not look right?
__________________
Top 20 Intel / ATI: 16.) 18269 -- Theblackoutow (i7 860 / 5850)
MOBO: Asus P7P55 CPU: Intel i7 860 RAM: 8gb OCZ DDR3 GPU: Asus Radeon 5850 HD: Western Digital Caviar Black 1TB PSU: OCZ 700 watt modxstream CD/DVD: LG Dvd Drive Case: Antec 900 OS: Windows 7 Home Premium
Theblackoutow is offline   Reply With Quote
Old 04-19-2010, 03:16 AM   #5
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 30,292
Default

Can you post your malwarebytes log please? As far as your hijackthis log goes you can place a check next to these entries

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: cru629.dat

Then click on fix checked and post a fresh hijackthis log.
johnb35 is offline   Reply With Quote
Old 04-19-2010, 10:38 AM   #6
Gigabyte Member
 
Theblackoutow's Avatar
 
Join Date: Dec 2009
Posts: 989
Default

Are they really that big of a deal, I don't have the laptop anymore and I don't think their will be time to run another virus scan.
__________________
Top 20 Intel / ATI: 16.) 18269 -- Theblackoutow (i7 860 / 5850)
MOBO: Asus P7P55 CPU: Intel i7 860 RAM: 8gb OCZ DDR3 GPU: Asus Radeon 5850 HD: Western Digital Caviar Black 1TB PSU: OCZ 700 watt modxstream CD/DVD: LG Dvd Drive Case: Antec 900 OS: Windows 7 Home Premium
Theblackoutow is offline   Reply With Quote
Old 04-19-2010, 12:19 PM   #7
Gigabyte Member
 
deanj20's Avatar
 
Join Date: Mar 2010
Location: Corpus Christi, TX
Age: 32
Posts: 957
Default

Quote:
Are they really that big of a deal, I don't have the laptop anymore and I don't think their will be time to run another virus scan.
Yes.
From www.file.net
Quote:
CFSServ.exe file information

The process ConfigFree(TM) Search for Wireless Devices Version belongs to the software TOSHIBA ConfigFree or ConfigFree(TM) or Remote Administrator v2.1 KWC by TOSHIBA CORPORATION (www.toshiba.com).

Description: File CFSServ.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 798,720 bytes (47% of all occurrence), 794,624 bytes, 544,768 bytes, 548,864 bytes.
The program has a visible window. The process starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run). File CFSServ.exe is not a Windows core file. Program listens for or sends data on open ports to LAN or Internet. Therefore the technical security rating is 28% dangerous, however also read the users reviews.
Quote:
cru629.dat file information

The process belongs to the software cru629.dat by unknown.

Description: cru629.dat is located in the folder C:\Windows\System32 or sometimes in the folder C:\Windows. Known file sizes on Windows XP are 6,144 bytes (86% of all occurrence), 5,632 bytes, 10,240 bytes.
The program has a visible window. It is a file without information about the maker of this file. The process is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs). cru629.dat is not a Windows core file. cru629.dat seems to be a compressed file. Therefore the technical security rating is 42% dangerous, however also read the users reviews.
__________________
Jeremy Dean Online
deanMachine11 Specs:
CPU: Intel Celeron Dual-Core E3300 @ 2.5GHz
Mobo: Foxconn G41MXE-V
RAM: 4GB Mushkin DDR3 667MHz
GPU: 1GB Radeon HD5700
PSU: Cooler Master 450W
deanj20 is offline   Reply With Quote
Old 04-19-2010, 11:23 PM   #8
Gigabyte Member
 
Theblackoutow's Avatar
 
Join Date: Dec 2009
Posts: 989
Default

Okay, I deleted those files these files
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: cru629.dat
__________________
Top 20 Intel / ATI: 16.) 18269 -- Theblackoutow (i7 860 / 5850)
MOBO: Asus P7P55 CPU: Intel i7 860 RAM: 8gb OCZ DDR3 GPU: Asus Radeon 5850 HD: Western Digital Caviar Black 1TB PSU: OCZ 700 watt modxstream CD/DVD: LG Dvd Drive Case: Antec 900 OS: Windows 7 Home Premium
Theblackoutow is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Having troubles with trojans - please help! yogibeer Computer Security 17 01-26-2010 01:38 PM
Unable to access internet seedling Computer Networking and Servers 18 12-12-2009 04:32 AM
EX tapping into computer computerillitera Computer Security 16 09-09-2008 11:23 PM
spyware problem T34m1nat0r Computer Security 16 09-05-2008 02:06 PM
Computer Problems - A joke Darkomen General Computer Chat 31 10-31-2005 06:37 PM


All times are GMT +1. The time now is 08:52 PM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum