|
help me plz...problems, problems, problems
|
|
|
eazyrider
Junior Member
|
27. September 2008 @ 12:43 |
Link to this message
|
so i opened something i shouldn't have. now i've really mucked up my comp..
first off problem;
1. as soon as i was done opening this file, it imeditally made my main hard drive disappear (c:\ for me) but i can somewhat still access it, if i type in c:\ up in the toolbar
2. i can only open "my computer" for about 10 seconds, before it kicks me back to my desktop. (in my computer doesn't show the c:\ drive icon.
3. in my start toolbar, it doesn't show me any of my icons.
4. ran avg in safe mode, didn't fine any virus..
5. after trying to get into "my computer" numerous times and getting kicked out, my comp freezes and i just see my desktop wallpaper with no icons on it..
i would format the whole drive but i would like to get the family pictures off the drive first if i can...
any suggestions...plz help
on the file i downloaded now it says this.
" Passworded and Adware/Spyware/Trojan reported by NOD32 "
|
|
Advertisement
|
|
|
|
|
onya
Suspended permanently
|
29. September 2008 @ 00:05 |
Link to this message
|
Re-formatting is a bit drastic at this point imo. Have you tried system restore (assuming you can get that far) ?
My next step would be to insert the original OS disc and run repair console. Using either of the above should get you in the clear, if not use HiJackthis and post the log (do not use hijack to fix anything)
Howd you go?
|
Senior Member
|
29. September 2008 @ 09:02 |
Link to this message
|
Hi eazyrider
Here are ths instructions for HijackThis. Run them in safe mode.
Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
onya
Suspended permanently
|
29. September 2008 @ 09:37 |
Link to this message
|
Originally posted by cdavfrew:
....Rename HijackThis(.exe) to scanner(.exe)....
Why (if you don't mind me asking) have you made instructions for a file name to be changed?
Curious. :)
|
|
Peshtigo
Senior Member
|
29. September 2008 @ 09:45 |
Link to this message
|
Once you get your machine back in proper running order run HJT again and this time print the log file. If you run into trouble again you'll have a pretty good idea where to start your repair by comparing the "good" scan with the "problem" scan.
|
Senior Member
|
29. September 2008 @ 10:47 |
Link to this message
|
@Peshtigo
HijackThis can be used to determine what malware a person have before fixing them, so that it would be easier.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
makmegs
Newbie
|
29. September 2008 @ 10:58 |
Link to this message
|
Hey, here is the log for from hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:29 AM, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\scrnsave.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Rar$EX00.235\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bitdefender.com/scan8/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1801674531-1580436667-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cynthia')
O4 - HKUS\S-1-5-21-1801674531-1580436667-839522115-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Cynthia')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 4330 bytes
|
Senior Member
|
29. September 2008 @ 11:01 |
Link to this message
|
|
makmegs, please stick with your own thread.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Peshtigo
Senior Member
|
29. September 2008 @ 11:11 |
Link to this message
|
Originally posted by cdavfrew:
@Peshtigo
HijackThis can be used to determine what malware a person have before fixing them, so that it would be easier.
How do you do that without knowing what you had before a problem or posting a log after a problem?
|
Senior Member
|
30. September 2008 @ 06:07 |
Link to this message
|
Originally posted by Peshtigo:
How do you do that without knowing what you had before a problem or posting a log after a problem?
What do you mean?
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Peshtigo
Senior Member
|
30. September 2008 @ 08:19 |
Link to this message
|
Originally posted by Peshtigo:
Originally posted by cdavfrew:
@Peshtigo
HijackThis can be used to determine what malware a person have before fixing them, so that it would be easier.
How do you do that without knowing what you had before a problem or posting a log after a problem?
What I mean is how can the average person determine what malware a person has by just looking at the scan log? The instructions on HTJ warns against blindly fixing anything unless you are a knowledgeable person or otherwise post your scan log. How is it easier than comparing a scan log from your healthy PC against the scan log from your infected PC? Maybe you and I can recognize the malware items in the log but most people will be put off by the warning.
|
|
Advertisement
|
|
|
Moderator
|
30. September 2008 @ 09:06 |
Link to this message
|
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules *** |
