Thats the thing, I haven't created a new connection, this is all happening with no input from me. The connection is already dead, the virus has knocked it off. i'm trying to uninstall everything possible to do with the network connections and reinstall it to get the internet back on
I have a Killer Virus!!!
- Thread starter gaz_dodd
- Start date
Thats the thing, I haven't created a new connection, this is all happening with no input from me. The connection is already dead, the virus has knocked it off. i'm trying to uninstall everything possible to do with the network connections and reinstall it to get the internet back on
Here's the hijack this log but the combo fix wont run anymore, it just delete's itself from my memory stick when I run it. I've tried reinstalling windows but I get the blue screen every time I try
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:07, on 30/08/2051
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm405YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5367 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:07, on 30/08/2051
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm405YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5367 bytes
S.T.A.R.S.
banned
The reason for that can be that your Windows disk does not have the SATA drivers built-in if you have SATA hard disk drive in your laptop.
You have 2 options:
-Go into your BIOS and find SATA CONTROLLER MODE option and if it's set to AHCI,set it to COMPATIBILITY.Now save your changes to CMOS,restart the computer and boot from the Windows disk and reinstall Windows.
Also be sure that your CD/DVD-ROM drive is the first device to boot from and HDD as the second one.
-If you do not have that kind of option in BIOS,you will need to create ISO image file of that Windows disk,built-in the SATA drivers and then burn that ISO image file on a blank CD or DVD disk then boot from it and install Windows from it.
-----------------------------------------------------------------------
By the way there are some viruses who store themselves into a BOOT SECTOR of the HDD and even Windows reinstallation won't help here since it doesn't delete HDD BOOT SECTOR,only the partitions what is 99% of the HDD while 1% is BOOT SECTOR and Windows disk cannot delete that by just reinstalling Windows and formatting the partitions even if you delete all the partitions and perform a slow format.
Also it can be that you got a virus who stores itself on the low level of the HDD and therefore Windows reinstallation AGAIN won't delete it even if you delete all the partitions and perform a slow format.
So if this is the case,you will need to use special formatting tools for HDD which delete the entire HDD BOOT SECTOR and write zeros to EACH sector on the HDD in order to format it COMPLETELY including the HDD BOOT SECTOR and low level of the HDD.
I recommend DOS tool called KILL DISK for this.But run it from the CD directly by booting off that CD disk and NOT from any removable media so that a virus CANNOT store itself on that removable media and mess everything up.
Still let's hope that's not the case with you.
-----------------------------------------------------------------------
RECOMMENDATION: Never ever use HDD which you bought BEFORE formatting it OUTSIDE WINDOWS using special DOS tools for that directly from the CD disk EVEN if the HDD is brand new from the store because you can never know what's on it.I always format each HDD with Kill Disk DOS tool completely before even using it at all even if it's brand new from the store.
Cheers!
Last edited:
You must not have installed and reran malwarebytes yet because you have mywebsearch in your log and thats malware. Run malwarebytes and then redownload the combofix file and run it. Do not run combofix from the flash drive, download it to your desktop.
For some reason that still comes up with malware bytes but the definitions may be out of date and I can't update it because I have no internet. I'll give combo fix a go from my desktop in the morning.
I don't think these test can be considered reliable though, the definitions were all changed a while ago by this virus (sometimes deleted, sometimes the updates wouldn't finish) and the protection levels were all changed on my antivirus. This doesn't seem to be happening anymore though
I've ordered the proper disk from Fujitsu Seimens now so I'll give that a try as soon as it comes, if that doesn't work I suppose I'll have to give Kill disk a go. Would I be able to install windows as normal after this?
I got the disk this morning and I reformatted. I'm back on the internet now but the virus still seems to be there, The start menu and the icons are consantly flashing and I can't click on them, that will stop when I hit Ctrl, and it still cuts out when I move it.
I'm convinced that it's something to do with the wireless because it was fine untill I installed the Atheros wireless driver
I did have some trouble reformatting. I wouldn't go into the setup after the restart it just loaded the disk again, seeing as I had already done a slow format I did a quick one to get into the setup again, the setup worked after that.
Maybe I should do it again on a slow format? and if that doesn't work then it looks like Kill Disk time.
Last edited:
S.T.A.R.S.
banned
-Make sure that the CD/DVD-ROM drive is the first device to boot from,HDD as the second one and the rest and the third one and so on...
-Format your HDD with the Kill Disk FIRST!
NOTE: Be sure that you select your HDD and NOT one of its partitions!!!
After the format is complete,you should have ONLY ONE unpartitioned partition called "Unpartitioned".Now quit Kill Disk and shut down your computer and leave it off for 2 minutes at least.
-Boot from the Windows disk you got.When you get to the part with the partitions,you will have ONLY ONE item called "Unpartitioned space".Be sure that "Unpartitioned space" is selected then click the ENTER button on your keyboard.Next select the option called "Format the partition using the NTFS file system" and then click the ENTER button on your keyboard.
-Wait until the format is complete and then simply follow the setup proceedure...
Report back with the results!
Cheers!
-Format your HDD with the Kill Disk FIRST!
NOTE: Be sure that you select your HDD and NOT one of its partitions!!!
After the format is complete,you should have ONLY ONE unpartitioned partition called "Unpartitioned".Now quit Kill Disk and shut down your computer and leave it off for 2 minutes at least.
-Boot from the Windows disk you got.When you get to the part with the partitions,you will have ONLY ONE item called "Unpartitioned space".Be sure that "Unpartitioned space" is selected then click the ENTER button on your keyboard.Next select the option called "Format the partition using the NTFS file system" and then click the ENTER button on your keyboard.
-Wait until the format is complete and then simply follow the setup proceedure...
Report back with the results!
Cheers!
Try this driver.
http://driverscollection.com/?file_cid=4296144336029a551de8e9016a1
If this don't work, then either you have a hardware issue or possibly a router/wireless issue.
http://driverscollection.com/?file_cid=4296144336029a551de8e9016a1
If this don't work, then either you have a hardware issue or possibly a router/wireless issue.
I'll try the driver when I get it started again but I think we can rule out the router. I have 3 other laptops on it and they're fine
Looks like it.
Strange how it came on so suddenly though. But saying that this laptop has been through a lot. It was in a serious car crash with me last year that actually knocked the RAM out of place, It was shot with a 2.2 air rifle once and it has been used to teach pensioners basic IT (Do not underestimate a pensioners ability to mess up a computer
).
But even though I've had it for 7 years it's still faster than most new home laptops so I really want to save it.
Anyway, Thanks to everyone who helped, I really appreciate it!!!
EDIT: I just bit the bullet and bought a new (manufacturer refurbished) laptop, a Toshiba M400, I stripped the old one down and after a bit of handy work with the soldering iron, got it working but realised just how beat up the thing was. I think it's time to put a dead dog to rest, It wont last much longer anyway
Strange how it came on so suddenly though. But saying that this laptop has been through a lot. It was in a serious car crash with me last year that actually knocked the RAM out of place, It was shot with a 2.2 air rifle once and it has been used to teach pensioners basic IT (Do not underestimate a pensioners ability to mess up a computer
). But even though I've had it for 7 years it's still faster than most new home laptops so I really want to save it.
Anyway, Thanks to everyone who helped, I really appreciate it!!!
EDIT: I just bit the bullet and bought a new (manufacturer refurbished) laptop, a Toshiba M400, I stripped the old one down and after a bit of handy work with the soldering iron, got it working but realised just how beat up the thing was. I think it's time to put a dead dog to rest, It wont last much longer anyway
Last edited: