Virus on my computer, do i need to need format?

S

spikey101

New Member
I have found out i have a virus on my computer, I was going to start formatting it but i thought i would ask on here if there is any other way to get it off without formatting.

Thanks for any advice.
 
Last edited:
jp198780 said:
formatting would probrably be alot easier...
Click to expand...
Um formatting should be a last resort. How do you figure it would be easier? First you have to reformat and reload windows then you have to reinstall all your games, programs and download all your favorite stuff like firefox and other programs you dont have on disk not to mention even if you have them backed up on disk you still have to install everything. Oh and lets not forget about all your pictures and music and changing all you settings back to the way you like them. Last time I did it it took about 8 hours to get my pc back to the way it was.

Easier? :rolleyes:

For the original poster please follow the basic steps in the sticky's and if you are still having problems post a hijackthis log.
 
lol, didnt think about that, it would be easier 4 me, because all i have is Windows, AIM, AVG, AdAware, Spbot, Ewido lol, and 4 some reason i burned em 2 CD's lol.
 
spikey101 said:
I have found out i have a virus on my computer, I was going to start formatting it but i thought i would ask on here if there is any other way to get it off without formatting.

Thanks for any advice.
Click to expand...

Do you wan't to be more specific? can you post a hijack this log so someone can take a look at it?

Do you have antivirus?

Have you tried here:
www.ewido.com
for a free online scan.
 
Yeh i have an antivirus firewall the lot, heres a log i got from my anit-virus.

Filename Virus Action Date
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022867.EXE W32/VB-EMU:VB-Dropper-based!Maximus Failed to disinfect 23/07/2006 19:51:11
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022867.EXE W32/VB-EMU:VB-Dropper-based!Maximus Failed to disinfect 23/07/2006 19:51:12
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022867.EXE W32/VB-EMU:VB-Dropper-based!Maximus Failed to disinfect 23/07/2006 20:50:06
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022867.EXE W32/VB-EMU:VB-Dropper-based!Maximus Failed to disinfect 23/07/2006 20:50:06
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022867.EXE W32/VB-EMU:VB-Dropper-based!Maximus Failed to disinfect 23/07/2006 20:50:06
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1770A43-B811-4EC1-906A-C3650133BF1C}\FIFOED\A0022869.EXE W32/Backdoor.KMA Deleted 23/07/2006 21:46:21

I done another virus scan and has shown up nothing which i think is weird.
 
First run your antivirus in safemode and fix what it finds then post a hijackthis log...your antivirus is detecting the trojan but you cant delete it because it is a running process.
 
Your fine.Your AV looks to be F-Prot and it's done it's job but can't clean the restore folder because it is locked by windows.So just purge this folder by going to 'Control Panel/ System/System Restore' and check the box ' Turn off system restore on all drives' click 'apply' and 'okay'.Reboot your computer and then enable system restore again and create a 'New Restore Point' by going to 'Start/Programs/Accessories/System Tools/System Restore'.Your done!.
 
Well before i read this i went to format the computer just so its clean and to rest my mind that its clean, i come to boot of the windows cd and it just went through POST and did'nt read the cd even though i set it to first bootable in the BIOs so i used floppy boot disks, set the floppy as 1st bootable it was entering setup and before it hits the blue setup screen it stops and says,

File/biosinfo.inf could not be loaded.
The error code is 4096
Setup cannot continue. Press any key to exit

So has it affected my BIOS.

Also i had to do a system restore at one point to flash my writer with newer firmware could the system restore bring the virus back?
 
Last edited:
Logfile of HijackThis v1.99.1
Scan saved at 17:05:13, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
 
As far as system restore and bios I dont know but I do know your log is clean and you dont need to reformat.

Edit: Seen this on another site if ya want to reformat.

1. the easy way is to go to your bios and remove the boot to your hard drive.
2. make sure u boot to your floppy and reboot.
3. if you have the floopy that comes with you harddrive make sure it is in your floopy drive before booting
4. then do a format of hard drive.
5. after reformating boot again and enter at you bios and change boot to your hard drive.
6. save it and reboot. it should begin installing you window xp

Dont know if that helps or not but he was getting the same error code.
 
Last edited:
I had this come up on a virus scan as well, from some WinTV software (was in a zipped file when I downloaded it), and PCGuard (yep same software - coincidence?) didn't pick it up until I began installing it. :S Will edit and post file names if I ever find the log again, lol. I just deleted the files, though that's probably buggered up my software now....! I somehow don't think it's a virus though, as I'm willing to bet that you don't have WinTV?

PCguard Anti-Virus
Scanning Report (07/08/2006 23:33:45)
Master Boot Records and Fixed Disk Boot Sectors
Scanned 1 Master Boot Record(s) for viruses.

Scanned 1 Boot Sector(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Files
Drive C:\
C:\Documents and Settings\[username]\Desktop\CD-Analogue-USB-36e.zip

File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
File infected with "W32/VB-EMU:VB-Backdoor-HRS-based!Maximus" virus and was successfully deleted.
C:\Documents and Settings\[username]\Desktop\CD-Analogue-USB-36e\cd-analogue-usb-36e\Scheduler\sched_install.EXE

File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
File infected with "W32/VB-EMU:VB-Backdoor-HRS-based!Maximus" virus and was successfully deleted.
C:\Program Files\WinTV\scheduler\LOCALE_SISO3166CTRYNAME.exe

File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
C:\Program Files\WinTV\scheduler\LOCALE_SISO639LANGNAME.exe

File infected with "W32/VB-EMU:VB-Dropper-based!Maximus" virus and was successfully deleted.
Files scanned: 63048
Infected files: 4
Disinfected files: 0
Deleted files: 4
Files unable to scan: 0
Report Summary
Files scanned: 63048
Total infected files: 4
Total disinfected files: 0
Total deleted files: 4
Total files unable to scan: 0
Anti-Virus engine status
Last update: 07/08/2006 20:42:15
Virus definition file: avsdk-20062170.msp
File generated by PCguard Anti-Virus
 
Last edited:
You must log in or register to reply here.
Back
Top