urgent help!! virus or what??

**MohitPreet** · 28-11-09, 06:17 AM

i m not able to install some programs on my clean installed win xp sp3 on my system

those programs include : all the antivirus's , they just wont run the setup including eset nod32 , avira and avast,

i m not able to access task manager by pressing alt+ ctrl+ del keys , it gives me the following ,message "" task manager has been disabled by your adminstrator "

googling for this led me to find a temp solution to this but it reappears when i reboot

secondly my audio hardware is not detected , i m not able to install the software setup file , same problem like antivirus- the program just doesn't run

thirdly, when i run media player classic latest version 5.44 its says RUNTIME ERROR

MICROSOFT VISUAL C++ RUNTIME LIBRARY

R6002- FLOATING POINT SUPPORT NOT LOADED

however the km player is playing videos without the audio

NOW THE PROBLEM IS THAT SYSTEM WAS JUST RUNNING FINE , DONT KNOW WAT SUUDENLY HAPPENED IT STARTED SHOWING ALL THE ABOVE SAID PROBLEMS ,

SO I DECIDED TO DO A CLEAN INSTALL AS MOSTLY THAT SOLVES THE PROBLEMS FOR ME

but not this time

even after clean install i m facing the same problem

my sytem is without an antivirus now , no audio

wat cud be the problem

is it HDD bad sector problem or what?

please help

thanks in advance!!

**mayanksahni** · 28-11-09, 06:30 AM

Mate most probably ur HDD is full of viruses. So i would recommend u to take it to ur friend whom pc is fully protected with a good antivirus and store ur data temporarily on his pc. Then completely format all ur partitions and perform a clean installation. After that take ur data back from ur friend's pc after installing antivirus in ur pc.

Hoping this'll help u.

**MohitPreet** · 28-11-09, 06:46 AM

but how come this happened

i always had the updated version of antivirus

and wat if it infects my frinds pc as well ,

**Rockfella** · 28-11-09, 09:44 AM

Did u install the XP we were discussing that day? from unknown source?

Originally Posted by MohitPreet

but how come this happened

i always had the updated version of antivirus

and wat if it infects my frinds pc as well ,

**MohitPreet** · 28-11-09, 09:50 AM

no its the original one with sp2

**axeman** · 28-11-09, 10:03 AM

Your system is very nicely infected, and looks like a combination of a few.

Run a SDAT from McAfee to verify:

McAfee, Inc. - Downloads - Virus Protection - DAT Files

And post back what you find.

Have you already done a check with HijackThis? Post the output of that too.

**MohitPreet** · 28-11-09, 10:04 AM

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:32:57 AM, on 11/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe

C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C8216F4-B708-42F5-AAA3-D66DBE4ACE78}: NameServer = 218.248.240.79 218.248.240.179

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 3179 bytes

**muzux2** · 28-11-09, 10:20 AM

I had faced similar problem many times, it was indeed a Virus.

Your all partitions are infected with Virus, even if you format primary partition, it will be still sitting there with other partitions with Autorun files which are hidden..

Do following

> Burn latest Norton Internet Security 2010 Trial on CD at friends computer..

> Clean install windows and don't click on any partition.

> Install Norton from CD..

> Run Full system scan

**sato1986** · 28-11-09, 10:50 AM

I have faced a similar problem where the virus doesnt let you run setups and specially disables the shields of antivirus softwares.

Solution: Download Dr. Web CureIt trial version. Its a standalone antivirus system which never gets detected by viruses. This should work well.

Do post the outcome if you follow my advice.

**anfjavid** · 28-11-09, 10:56 AM

C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe

C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe

both the above things (as per your hijackthis report) are viruses/malware for sure !!!

registry editor has been disabled by the malware.

If the reg editor or the task manager is disabled, then its a sign of infection for sure...

Solution :

1st step:

run system restore and restore sytem to a date when your system was working fine

ensure your system is O.K now.

then switch off system restore on all drives (this will remove the system restore points so that if any virus/malware resident in these locations will be removed as well)

now switch system restore on.

IF this doesnt solve the issue then....

2nd step:

just get active boot disk or download it and burn to cd. boot system from disk. You will get graphical user interface like windows. Save all your data to a particular location in your HDD. Now wipe of the entire c drive by formatting it. remove any .inf files especially the autorun.inf file which exist in the root folder of other partitions. also remove the recycle bin, system volume info and other windows related directories from all the partitions.

Your system shud be in this state:-

C drive - fully formatted

other partiions - only folders which you require should exist and unwanted files/folders in the root directory to be removed

If your unable to delete certain windows related directories, then try to rename it

(all the above to be done from within active boot disk screen)

install winxp. See what happens and get back to me...

**Rockfella** · 28-11-09, 11:16 AM

Mohit try downloading COMBOFIX and run it.

**satanheart** · 28-11-09, 11:20 AM

Dude its a malware so use any anti spyware software . For me k7 total security worked download it and scan your drive I had the same problem

**MohitPreet** · 28-11-09, 12:14 PM

nothing working!!

**Superbad** · 28-11-09, 12:44 PM

You can try installing vista or win 7.and then scan your system. It has user activation settings which will help you to enable or disable some unknown softwares from installing .then scanning would be easier or else try on the new setup.if the os does remain in hanging state after booting then it could be a case of dying hard disk.

**MohitPreet** · 28-11-09, 01:08 PM

scan results in progress

complete scan!!

D:\Dumps\Nero\nero6.3.03\NBR6303eng.exe - Win32/Sality.NAU virus

this is the virus shown by eset nod32 - Win32/Sality.NAU virus

Infected with Win32/Sality.NAO Virus

this is the same thing- very bad virus!!

**muzux2** · 30-11-09, 07:37 AM

^ Sality is the most dangerous virus i came across.. dude, say bye bye to your .exe files if infected..

i tried almost all AV out there only Norton 2010 was able to clean the same virus.. follow steps that i specify in the earlier post.. good luck

**Rockfella** · 30-11-09, 08:14 AM

Combofix fixed his PC. Was Norton 2010 able to clean everything without damaging software and other dump files? I hate that virus like plague.

Originally Posted by muzux2

^ Sality is the most dangerous virus i came across.. dude, say bye bye to your .exe files if infected..

i tried almost all AV out there only Norton 2010 was able to clean the same virus.. follow steps that i specify in the earlier post.. good luck

**muzux2** · 30-11-09, 05:32 PM

^ Yes it was able to clean without any damage. I had big hope on McAfee,though it manage to clean an infected .exe but the file was damaged.. Only Norton was able to clean & without damage..

I'm trying Norton only when other AV's fail to clean...I'm quite happy with KIS 2010..

**MohitPreet** · 30-11-09, 05:44 PM

so the problem has been solved

it was a sality virus , it took away all the executalble file .exe files with it

nod32 deleted all files automatically, there was no choice

so damge control

will have to d/l 1 gigs of softwares bus thats it

computer is fine n running again

combofix did the trick!!

the eset nod32 i was using wa not updated i guess that led to all this

i have seen a virus first time in my pc and was shocked to see how each of the files were deleted in front of my eyes one by one automatically

**Rockfella** · 30-11-09, 06:21 PM

Data is never safe

Originally Posted by MohitPreet

so the problem has been solved

it was a sality virus , it took away all the executalble file .exe files with it

nod32 deleted all files automatically, there was no choice

so damge control

will have to d/l 1 gigs of softwares bus thats it

computer is fine n running again

combofix did the trick!!

the eset nod32 i was using wa not updated i guess that led to all this

i have seen a virus first time in my pc and was shocked to see how each of the files were deleted in front of my eyes one by one automatically