Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


lolvirus

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk
View previous topic :: View next topic  
Author Message
xlnfinityZero
Grandmaster Cheater
Reputation: 0

Joined: 26 Sep 2006
Posts: 537
Location: my fluffy room

PostPosted: Thu Jun 12, 2008 8:48 pm    Post subject: lolvirus Reply with quote

I am /r/equesting help regarding my virus-ridden laptop. I don't see any posts regarding virus help here, but hey, I read the rules and The Man doesn't seem to have anything against it as far as I can tell.

Anyway, so...

Now, this is a story all about how
My life got flipped-turned upside down
And I'd like to take a minute, just sit right there,
I'll tell you why I'm cussing and crying in my chair.

In South California, born and raised
On the interbutts was where I spent most of my days
Chillin' out maxin' relaxin' all cool
And all shootin up some noobs in Gunz The Duel
When a couple of guys who were up to no good
Startin' makin' more trouble than I ever could
I got one lil virus and my roommate got scared
He said 'If I can't go on /b/ I'll kill you I swear"

- Extremely slow startup, taking about thirty minutes for explorer.exe to get going, as well as another ten minutes for the rest my of startup programs to begin
- In the time space on my taskbar, VIRUS ALERT! is written
- At startup, I receive a notice labelled "System Configuration Utility" informing me that I changed the way Windows starts.
- Task Manager is disabled
- Safe Mode cannot be used due to the absence of "stpd.sys" (this might have began earlier; I don't really use Safe Mode very often)
- Three icons on my desktop labelled "Error Cleaner", "Privacy Protector", and "Spyware&Malware Protection" that return whenever I reboot and direct me to viruswebprotect2008,
- Frequent notices telling me that Windows has detected an Internet attack attempt and that somebody is trying to infect my PC (this is obviously fake due to the wording and the fact that it wants me to download a Spyware remover I've never heard of). Pressing OK opens Internet Explorer and leads me to safewebnavigate2008.
- No internet connectivity whatsoever; it seems to be forever acquiring the network status from the look of the icon in the system tray, but hovering over the icon says "Local Area Connection: A network cable is unplugged" (this is supposed to be my wireless..)
- My C: Drive seems to have disappeared from My Computer, but is still accessible by typing C:\ in the address bar
- When running HJT, I am denied access to the hosts file.
- When running HJT, I get an error, which I'm encouraged to submit.
- I often get a "System Alert" from my system tray that informs me of "virus activities".
- Registry editing is disabled.
- A warning that Worm.Win32.Netbooster has infected me. Clicking "Yes" takes me to savewebnavigate2008.

When I try to log on to my friend's account (he uses my laptop to play CounterStrike, etc), I can use the Task Manager. When I try to log on to my Administrator account, the desktop does not load and I am stuck at the login screen.

In order to prove I'm not completely inept, here's a HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27: VIRUS ALERT!, on 2008-06-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\ehome\ehtray.exe
F:\WINDOWS\stsystra.exe
F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
F:\WINDOWS\eHome\ehmsas.exe
F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\system32\igfxsrvc.exe
F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\3M\PSNLite\PsnLite.exe
F:\PROGRA~1\3M\PSNLite\PSNGive.exe
F:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
F:\Program Files\Trend Micro\HijackThis\Crusty.exe
F:\WINDOWS\system32\mspaint.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\regedit.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = gunz.ijji.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.146.127.98:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {1838F132-A66D-4F6C-B38D-C01524870DD0} - F:\WINDOWS\kvsdpfeavdg.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {49F86EE3-8B9D-49DB-A439-3835A3A57B19} - F:\WINDOWS\system32\rqRKDuRl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CF55DD2E-1E2C-44F7-8514-A94864AC2990} - F:\WINDOWS\system32\yaywxXqN.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: rtsplgob - {8EA4273D-8CC9-49D9-BEC4-5134C34E3CA0} - F:\WINDOWS\rtsplgob.dll
O4 - HKLM\..\Run: [ehTray] F:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WindXpUpdate32] WindXpUpdate
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [advap32] F:\DOCUME~1\Aaron\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [WindXpUpdate32] WindXpUpdate
O4 - HKLM\..\RunOnce: [*Restore] F:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: post-it.lnk = F:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#16 in chain of 17 missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186542459044
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: WinCtrl32 - F:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: yaywxXqN - F:\WINDOWS\SYSTEM32\yaywxXqN.dll
O21 - SSODL: rnopbfgt - {BDAC9B29-6477-4118-967A-960687952E93} - (no file)
O21 - SSODL: xkefqtgs - {CDA9D7E7-2F86-4CE2-996A-B3676B5C13AE} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - F:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - F:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10804 bytes


Thanks for taking a few minutes to read this.

_________________
Back to top
View user's profile Send private message AIM Address
Madman
I post too much
Reputation: 1

Joined: 04 May 2006
Posts: 3976

PostPosted: Thu Jun 12, 2008 9:06 pm    Post subject: Reply with quote

Have you tried safe mode?
_________________
Back to top
View user's profile Send private message
xlnfinityZero
Grandmaster Cheater
Reputation: 0

Joined: 26 Sep 2006
Posts: 537
Location: my fluffy room

PostPosted: Thu Jun 12, 2008 9:15 pm    Post subject: Reply with quote

For some reason, I can't use Safe Mode. It gets to stpd.sys (as in it says "Press ESC to stop loading") and then sits around. I left it on for at least two hours and got nothing.
_________________
Back to top
View user's profile Send private message AIM Address
Localhost
I post too much
Reputation: 0

Joined: 28 Apr 2007
Posts: 3402

PostPosted: Thu Jun 12, 2008 9:16 pm    Post subject: Reply with quote

There are so many questionable things in your log... DELETE EVERYTHING! then reinstall what is neccesary!

PS: Go back to 4ailchan...
Back to top
View user's profile Send private message MSN Messenger
Madman
I post too much
Reputation: 1

Joined: 04 May 2006
Posts: 3976

PostPosted: Thu Jun 12, 2008 9:17 pm    Post subject: Reply with quote

That sounds like a shit load of viruses to me, not just one...

I'd have to recommend a reformat instead of trying to deal with all of them...

_________________
Back to top
View user's profile Send private message
xlnfinityZero
Grandmaster Cheater
Reputation: 0

Joined: 26 Sep 2006
Posts: 537
Location: my fluffy room

PostPosted: Thu Jun 12, 2008 9:30 pm    Post subject: Reply with quote

Yeah, my thought was that there's a shitload of viruses on me, too. But I have quite a few irreplaceable things in this laptop, and for some reason neither the laptop in question nor this laptop is burning CD's properly, so I can't burn my things to a CD or even transfer my things to this laptop to burn..


EDIT:
[quote=My Lord And Savior]
First we need to fix the safeboot problem, as I know fixes for most these nasties, but most have to be run from safe mode.

You can download combofix to another computer and transfer with a thumb drive, just make sure to install it to the infected desktop

Combofix

* Download Combofix to your desktop.
* Double click combofix.exe & follow the prompts.
* A window will open with a warning.
* When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt [/quote]

This man will help me and I will repay him with internets. Thanks for the concern, though.

_________________
Back to top
View user's profile Send private message AIM Address
Madman
I post too much
Reputation: 1

Joined: 04 May 2006
Posts: 3976

PostPosted: Thu Jun 12, 2008 10:17 pm    Post subject: Reply with quote

Just use a flash drive to store the data then...
_________________
Back to top
View user's profile Send private message
Missi0n
Grandmaster Cheater
Reputation: 3

Joined: 20 Jul 2007
Posts: 820
Location: Around

PostPosted: Fri Jun 13, 2008 3:22 am    Post subject: Reply with quote

get an external HD, and back things up on that.
_________________

☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭☭
Back to top
View user's profile Send private message
FullyAwesome
I post too much
Reputation: 0

Joined: 05 Apr 2007
Posts: 4438
Location: Land Down Under

PostPosted: Fri Jun 13, 2008 3:32 am    Post subject: Reply with quote

tried system restoring? assuming that you're using windows. no need to transfer your files if it works.
_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites