Oye! I`m suffering from VIRUS

Discussion in 'Software Q&A' started by sr_ultimate, Sep 16, 2004.

Thread Status:
Not open for further replies.
  1. sr_ultimate

    sr_ultimate New Member

    Joined:
    Mar 18, 2004
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Suspense
    Hi this is probably my 3`rd or 4`th post on digit I have BIG problem

    here , it`s been 2 months since I have this , I run AVG virus scan it

    detescts W32.Parite.B and VBS/Redlof and when I searched other forums

    they said its W32.Blaster.Worm and for removal I have to go to symantec

    or McAfee website ,but my computer opens the pages , I downloaded

    Stinger from Mc Afee and searched but no use . Now see the

    Problem

    1. My Xp hangs in the middle or restarts .

    2. When Computer is started they show many programs want to

    connect to the net like :
    [​IMG]

    3. My computer`s look changes , i.e some of the icons are almost

    disgusting .
    [​IMG]

    4. When I try to install 98 at start it says Boot record VIRUS

    (Y/N) ,when press Y it continues with the installation, then the same

    message appears at the installation stage but this time system hangs

    5. I cannot install Norton or McAfee as system starts running

    DAMN slow .

    6. AVG Antivirus do not stand after restart that is it has to be

    reinstalled again if PC is restarted.
    [​IMG]

    7. System Hangs when i install Xp sp II

    What I have done

    1. When I run AVG antivirus it finds W32.Parite and VBS/redlof

    and removes them but the problem persists.

    This is how my Task manager looks like :
    [​IMG]

    Please tell me some way if you can`t help it this way tell me if
    changing the harddisk work?
     
  2. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    Run 'msconfig' and disable th entry 'svchostt.exe' in th Startup tab. This is probably th infected file. Search for th file and delete it. Now run 'Regedit' and search for 'svchostt.exe' and delete all entries related to it. IMPORTANT : Backup ur registry before u do this!!
    Also, disable any entries u do not recognise as programs that u hv installed. And, go to [Control Panel]>>[Internet Options] and in th Connections tab, select th 'Never Dial A Connection' radio button. This way, Windows will not ask u to connect to th internet even if some prog requests it.
     
  3. OP
    OP
    sr_ultimate

    sr_ultimate New Member

    Joined:
    Mar 18, 2004
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Suspense
    1. How Am I supposed to back up the registry?
    2. How am I gonna search ,`cause when I search it says " A file required to run the search companion is not working.
    3. what about the boot sector Virus.
     
  4. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    [1]Start Regedit and Click on th File menu. Click on Export, give a filename and select th option 'All' in Export Range.

    [2]If u can't search, don't worry. Th file is most likely to be in C:\WINDOWS or C:\WINDOWS\SYSTEM32\ Go to those directories and look for th file.

    [3]Boot using th Windows XP CD. Press 'r' when setup asks if u want to use th Recovery Console. At th Recovery Console, type fixboot. It will write a new boot-sector to ur drive. Also, type fixmbr to fix ur Master Boot Record. Do this only if there is no other OS installed alongwith XP.
     
  5. icecoolz

    icecoolz Active Member

    Joined:
    Jul 30, 2004
    Messages:
    1,221
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Bangalore
    Backing up registry:

    Start->run
    type : regedit

    From the window that opens up goto File-> export . Select the location you want to export the file to and save it with some name.

    This will back up your registry.

    Boot Sector VIRUS should be removed by NAV or McAfee...install it..run it...even if it is slow...let it remove the virus...and then uninstall it...
     
  6. JAK

    JAK What the Heck !

    Joined:
    Apr 11, 2004
    Messages:
    237
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Ask Me !
    Hmm...

    First make a Mcafee/ Norton Boot Disk with latest Virus Defn on a friends computer
    Make a Cold Boot(shut down and turnoff all power to the CPU)
    Now bootup with the Floppy and Run a Full scan and hope fully it will get rid of ur Boot sector Virus and any other virus and then try to boot up in windows and see if things are back to normal.... :wink:

    after getting back in windows i wud recomment doin another full scan of ur system using some reliable antivirus with latest Virus definitions.... :wink:
     
  7. IG

    IG New Member

    Joined:
    Mar 17, 2004
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    is svchost somekind of absolutely required service by windows...cos my xp pro also has several instances running at the same time...
     
  8. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Please post your HijackThis Logfile for better assesment of your problem.
     
  9. FunkyB

    FunkyB New Member

    Joined:
    Jul 6, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    in the twilight zone...
    hey guys hold on...! ! ! svchost.exe is a windows core process which always runs multiple instances and if u try to stop it, the system will hang up...it is not the infected file...try using norton by attachin ur HDD to another comp and run a full scan...obviously update norton first. u shud get the names of the virus after the scan and then just go to www.symantec.com and download the respective virus removal tools...scan...and u shud be up and runnin soon...best of luck...;)


    oops...soory wildy...hey me am just a non-techie dude ;)...just thought was helpin...thanx for the info...hopefully i havnt got him into any trouble...
     
  10. Wildstyle

    Wildstyle New Member

    Joined:
    Jul 1, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Siliguri
    IG & FunkyB: You guys should do your homework before posting! You see, svchost.exe may be a key Windows component, but there *is* a virus out there that makes an infected copy of this file. None other than the Welchia worm. Don't you guys ever read Digit?????? That's where this issue was announced in the Virus alert column.

    Here's some info on symptoms & removal (provided that in sr_ultimate's case it is Welchia and not some other variant):

    http://www.pchell.com/virus/welchia.shtml

    Do as it_waaznt_me thingy, dude. Paste the log the HijackThis creates on your computer and that way we might solve your problem.
     
  11. IG

    IG New Member

    Joined:
    Mar 17, 2004
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    point taken.

    i had an lsass shutdown an few hours back but my av says there is no infection.the problem did not repeat .heres my hijackthis logfile

     
  12. aadipa

    aadipa New Member

    Joined:
    Feb 12, 2004
    Messages:
    997
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Palghar, Mumbai
    May be virus but it can also be faulty hardware. Check processor temp. and check ur RAM

    Go to Internet Options by right clicking IE icon on desktop

    under connections tab, select, Never dial a connection.

    If u have any other browser set as default browser, change the settings these too for not to dial any connection.

    I bet this to be a virus.

    This is Virus protection offered by BIOS.
    Whenever Master Boot Record (MBR) of ur HDD changes, u will get this warning.
    U can disable this from BIOS.


    This is due to Virus.


    No need to change ur harddisk.

    I think one of ur CD from which u install ur applications have these virii
    As batty said give ur HijackThis log file.

    btw to stop Redlof follow this

    First, start msconfig
    under startup tab, deselect Kernel.dll as this is virus file.

    Now, Go to folder options and select "Show Hidden and Operating system protected files"
    Now search for desktop.ini and folder.htt
    delete all these files.
    Again check for kernel.dll's entry in msconfig
    now restart windows. Redlof is removed.

    Check again with good antivirus.


    About stinger, download latest version of it on some other machine which is not infected with any virus. Now copy it to floppy and then make the floppy read only by seting the switch/ Burn it to cd.
    Now run stinger from this read only source.



    Best Of Luck....
     
  13. #/bin/sh

    #/bin/sh New Member

    Joined:
    Apr 20, 2004
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    42.65 N 73.76 W
  14. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    @FunkyB and IG, see th filename :

    [​IMG]

    It's 'svchostt.exe'. Viruses deliberately use filenames that resemble system files. In this case, th filename is similar to 'svchost.exe'. So, it's not a system process, but a virus.
     
  15. IG

    IG New Member

    Joined:
    Mar 17, 2004
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    no svchostt here...guess its something else.
     
  16. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    @IG, check this file : C:\WINDOWS\System32\winmon.exe. Is it something u installed ? It is also registered as a service. Check its properties (date created, modified) and also see its description in services ([Start]>>[Run]>>'services.msc).
     
  17. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Re: point taken.

    You got a virus ... Here is the removal info ..

    To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
    Please make sure that all Internet Explorer and Windows Explorer windows are closed.
    And btw .. You sure you posted the whole log ..? I dont see any DPF info here .. And not the version info too ..
     
  18. OP
    OP
    sr_ultimate

    sr_ultimate New Member

    Joined:
    Mar 18, 2004
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Suspense
    OK now my whole computer is not working , I`m in Cyber cafe , My computer says disk error , while rebooting XP it has to restart but after restarting it again says boot failure , that means it does not boot now !!!!!!!!!!!!!!!1


    MAN I`m Dead
     
  19. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    What did u do ? Explain in detail.
     
  20. FunkyB

    FunkyB New Member

    Joined:
    Jul 6, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    in the twilight zone...
    @ Kl@w-24
    enlightened and humbled...thankfully my task manager seems to show nothin suspicious...

    hey can u guys help me out too...we hav a 128k PPPoE net con in office...it was an 'always on' type con. but recently Calcutta Telephones has introduced a dialer as an authentication interface. the prob is...that the con works fine on the machine that it is directly connected to but we cant share it...even after enabling ICS on WinXP Pro and disabling the inbuilt firewall nothin works. also...before the dialer, the main machine was assigned a static ip, now it has dynamic ip...any suggestions or links where i can get more info...do i hav to install a proxy server, and if i hav to which one is the best? we hav about 12 machines on lan right now and want to share the con with only 2...help plz...
     
Thread Status:
Not open for further replies.

Share This Page