Jump to content

Reduce Width Increase Width

urgent help!! virus or what??

- - - - -
Started by MohitPreet, Nov 28 2009 01:47 AM

22 replies to this topic

#1
MohitPreet
Posted 28 November 2009 - 01:47 AM

i m not able to install some programs on my clean installed win xp sp3 on my system
those programs include : all the antivirus's , they just wont run the setup including eset nod32 , avira and avast,

i m not able to access task manager by pressing alt+ ctrl+ del keys , it gives me the following ,message "" task manager has been disabled by your adminstrator "

googling for this led me to find a temp solution to this but it reappears when i reboot

secondly my audio hardware is not detected , i m not able to install the software setup file , same problem like antivirus- the program just doesn't run

thirdly, when i run media player classic latest version 5.44 its says RUNTIME ERROR

MICROSOFT VISUAL C++ RUNTIME LIBRARY
R6002- FLOATING POINT SUPPORT NOT LOADED

however the km player is playing videos without the audio

NOW THE PROBLEM IS THAT SYSTEM WAS JUST RUNNING FINE , DONT KNOW WAT SUUDENLY HAPPENED IT STARTED SHOWING ALL THE ABOVE SAID PROBLEMS ,
SO I DECIDED TO DO A CLEAN INSTALL AS MOSTLY THAT SOLVES THE PROBLEMS FOR ME :P

but not this time
even after clean install i m facing the same problem

my sytem is without an antivirus now , no audio

wat cud be the problem
is it HDD bad sector problem or what?

please help

thanks in advance!!

#2
mayanksahni
Posted 28 November 2009 - 02:00 AM

Mate most probably ur HDD is full of viruses. So i would recommend u to take it to ur friend whom pc is fully protected with a good antivirus and store ur data temporarily on his pc. Then completely format all ur partitions and perform a clean installation. After that take ur data back from ur friend's pc after installing antivirus in ur pc. :D

Hoping this'll help u. :D

#3
MohitPreet
Posted 28 November 2009 - 02:16 AM

but how come this happened
i always had the updated version of antivirus :P

and wat if it infects my frinds pc as well ,

#4
Rockfella
Posted 28 November 2009 - 05:14 AM

Did u install the XP we were discussing that day? from unknown source?

MohitPreet said:

but how come this happened
i always had the updated version of antivirus :P

and wat if it infects my frinds pc as well ,

#5
MohitPreet
Posted 28 November 2009 - 05:20 AM

no its the original one with sp2

#6
axeman
Posted 28 November 2009 - 05:33 AM

Your system is very nicely infected, and looks like a combination of a few.

Run a SDAT from McAfee to verify:

McAfee, Inc. - Downloads - Virus Protection - DAT Files

And post back what you find.

Have you already done a check with HijackThis? Post the output of that too.

#7
MohitPreet
Posted 28 November 2009 - 05:34 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:57 AM, on 11/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C8216F4-B708-42F5-AAA3-D66DBE4ACE78}: NameServer = 218.248.240.79 218.248.240.179
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 3179 bytes

#8
muzux2
Posted 28 November 2009 - 05:50 AM

I had faced similar problem many times, it was indeed a Virus.

Your all partitions are infected with Virus, even if you format primary partition, it will be still sitting there with other partitions with Autorun files which are hidden..

Do following

> Burn latest Norton Internet Security 2010 Trial on CD at friends computer..

> Clean install windows and don't click on any partition.

> Install Norton from CD..

> Run Full system scan

:)

#9
sato1986
Posted 28 November 2009 - 06:20 AM

I have faced a similar problem where the virus doesnt let you run setups and specially disables the shields of antivirus softwares.

Solution: Download Dr. Web CureIt trial version. Its a standalone antivirus system which never gets detected by viruses. This should work well.

Do post the outcome if you follow my advice.

#10
anfjavid
Posted 28 November 2009 - 06:26 AM

C:\DOCUME~1\mohit\LOCALS~1\Temp\ejvhtx.exe
C:\DOCUME~1\mohit\LOCALS~1\Temp\winjislqo.exe

both the above things (as per your hijackthis report) are viruses/malware for sure !!!
registry editor has been disabled by the malware.
If the reg editor or the task manager is disabled, then its a sign of infection for sure...

Solution :

1st step:

run system restore and restore sytem to a date when your system was working fine
ensure your system is O.K now.
then switch off system restore on all drives (this will remove the system restore points so that if any virus/malware resident in these locations will be removed as well)
now switch system restore on.

IF this doesnt solve the issue then....

2nd step:


just get active boot disk or download it and burn to cd. boot system from disk. You will get graphical user interface like windows. Save all your data to a particular location in your HDD. Now wipe of the entire c drive by formatting it. remove any .inf files especially the autorun.inf file which exist in the root folder of other partitions. also remove the recycle bin, system volume info and other windows related directories from all the partitions.

Your system shud be in this state:-
C drive - fully formatted
other partiions - only folders which you require should exist and unwanted files/folders in the root directory to be removed
If your unable to delete certain windows related directories, then try to rename it
(all the above to be done from within active boot disk screen)

install winxp. See what happens and get back to me...

#11
Rockfella
Posted 28 November 2009 - 06:46 AM

Mohit try downloading COMBOFIX and run it.

#12
satanheart
Posted 28 November 2009 - 06:50 AM

Dude its a malware so use any anti spyware software . For me k7 total security worked download it and scan your drive I had the same problem

#13
MohitPreet
Posted 28 November 2009 - 07:44 AM

nothing working!!

#14
Superbad
Posted 28 November 2009 - 08:14 AM

You can try installing vista or win 7.and then scan your system. It has user activation settings which will help you to enable or disable some unknown softwares from installing .then scanning would be easier or else try on the new setup.if the os does remain in hanging state after booting then it could be a case of dying hard disk.

#15
MohitPreet
Posted 28 November 2009 - 08:38 AM

[url=http://www.imgx.org/public/view/20096]Posted Image[/URL]

scan results in progress


[url=http://www.imgx.org/public/view/20097]Posted Image[/URL]

complete scan!!

D:\Dumps\Nero\nero6.3.03\NBR6303eng.exe - Win32/Sality.NAU virus

this is the virus shown by eset nod32 - Win32/Sality.NAU virus

Infected with Win32/Sality.NAO Virus

this is the same thing- very bad virus!!

#16
muzux2
Posted 30 November 2009 - 03:07 AM

^ Sality is the most dangerous virus i came across.. dude, say bye bye to your .exe files if infected..

i tried almost all AV out there only Norton 2010 was able to clean the same virus.. follow steps that i specify in the earlier post.. good luck :)

#17
Rockfella
Posted 30 November 2009 - 03:44 AM

Combofix fixed his PC. Was Norton 2010 able to clean everything without damaging software and other dump files? I hate that virus like plague.

muzux2 said:

^ Sality is the most dangerous virus i came across.. dude, say bye bye to your .exe files if infected..

i tried almost all AV out there only Norton 2010 was able to clean the same virus.. follow steps that i specify in the earlier post.. good luck :)

#18
muzux2
Posted 30 November 2009 - 01:02 PM

^ Yes it was able to clean without any damage. I had big hope on McAfee,though it manage to clean an infected .exe but the file was damaged.. Only Norton was able to clean & without damage..

I'm trying Norton only when other AV's fail to clean...I'm quite happy with KIS 2010..:)

#19
MohitPreet
Posted 30 November 2009 - 01:14 PM

so the problem has been solved
it was a sality virus , it took away all the executalble file .exe files with it
nod32 deleted all files automatically, there was no choice

so damge control

will have to d/l 1 gigs of softwares bus thats it
computer is fine n running again

combofix did the trick!!

the eset nod32 i was using wa not updated i guess that led to all this

i have seen a virus first time in my pc and was shocked to see how each of the files were deleted in front of my eyes one by one automatically

#20
Rockfella
Posted 30 November 2009 - 01:51 PM

Data is never safe :)

MohitPreet said:

so the problem has been solved
it was a sality virus , it took away all the executalble file .exe files with it
nod32 deleted all files automatically, there was no choice

so damge control

will have to d/l 1 gigs of softwares bus thats it
computer is fine n running again

combofix did the trick!!

the eset nod32 i was using wa not updated i guess that led to all this

i have seen a virus first time in my pc and was shocked to see how each of the files were deleted in front of my eyes one by one automatically

Back to Operating Systems · Next Unread Topic →


  1. TechEnclave
  2. Software Zone
  3. Operating Systems