|
computer infected(not this 1 )
|
|
|
john1690
Member
|
2. December 2005 @ 10:15 |
Link to this message
|
|
hi i was on my own pc last night and i went to dload from the site astalvista.box , after a second my search and destroy programm came up with the message computer infected or sumething like that .in a box it says reboot so i did ,the comp rebooted ta as far as windows is starting up ,and didnt go any further,plz help
|
|
Advertisement
|
 |
|
|
|
aaxxeell
Senior Member
|
2. December 2005 @ 13:02 |
Link to this message
|
|
|
ddp
Moderator
|
2. December 2005 @ 13:20 |
Link to this message
|
|
try running your anti-virus program in safe mode
|
|
-kemisti-
AfterDawn Addict
|
3. December 2005 @ 00:11 |
Link to this message
|
|
Yep, you can first try to scan with your av in safe mode as ddp said, but please post HjT-log after that.
|
|
john1690
Member
|
3. December 2005 @ 08:17 |
Link to this message
|
|
i cant even start on safe mode as wen im booting up it gets to as far as windows is starting up ,but it just stays there doing nothing ,yet i can move my mouse about . ive tried all modes on startup,any ideas guys, and tnx for the replys
|
|
ddp
Moderator
|
3. December 2005 @ 10:57 |
Link to this message
|
|
what windows are you using & what format is the hd in as in ntfs or fat32??
|
|
john1690
Member
|
4. December 2005 @ 02:09 |
Link to this message
|
|
i am using windows xp pro and my hd is running on fat 32.
|
|
ddp
Moderator
|
4. December 2005 @ 06:41 |
Link to this message
|
|
do you have a win98 boot disk or can get a copy of it?
|
|
john1690
Member
|
4. December 2005 @ 10:40 |
Link to this message
|
|
thank u for ure help i got back on it eventualy started in safe mode ,it was an infection in java vm,although i still cant get rid id of the infections as i dont have java in control panel,to delete the cache, igot this infection name and repair ere
|
|
john1690
Member
|
4. December 2005 @ 10:50 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 20:47:50, on 04/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://radio-slut.org/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
hope this is correct
|
|
ddp
Moderator
|
4. December 2005 @ 11:51 |
Link to this message
|
|
should be more to that log
|
|
aaxxeell
Senior Member
|
4. December 2005 @ 18:22 |
Link to this message
|
|
|
lturchin
Newbie
|
17. December 2005 @ 01:07 |
Link to this message
|
|
Not sure if anyone is seeing this thread but axell's advice saved me a bunch. I bought some new RAM and after installing it (coincidental), I could not get to login screen in xp pro SP2. I am a field engineer in IT and pride myself (does it go before fall?) on troubleshooting ability: I changed the power supply because I read that it's deterioration can slow things down; I blamed my new SATA drive (no viable reason) and because my Norton Antivirus Corp edition is always on, I did not in the least, suspect any viruses. In my favor, I have a copy of power quest desktop which can restore a drive to any state metal to metal and when I needed to reboot my PC, I had to use a 30 day old copy of my hard drive image. Long story short: I found this thread using google and downloaded the ewido prog and it found some ibm virus name that was f***g up my system.
thanks dude, is the least I can say
|
|
Advertisement
|
|
|
|
aaxxeell
Senior Member
|
19. December 2005 @ 18:23 |
Link to this message
|
|
You're welcome & glad to hear you're story :)
|
