Oye! I`m suffering from VIRUS

Hi this is probably my 3`rd or 4`th post on digit I have BIG problem

here , it`s been 2 months since I have this , I run AVG virus scan it

detescts W32.Parite.B and VBS/Redlof and when I searched other forums

they said its W32.Blaster.Worm and for removal I have to go to symantec

or McAfee website ,but my computer opens the pages , I downloaded

Stinger from Mc Afee and searched but no use . Now see the

Problem

1. My Xp hangs in the middle or restarts .

2. When Computer is started they show many programs want to

connect to the net like :


3. My computer`s look changes , i.e some of the icons are almost

disgusting .


4. When I try to install 98 at start it says Boot record VIRUS

(Y/N) ,when press Y it continues with the installation, then the same

message appears at the installation stage but this time system hangs

5. I cannot install Norton or McAfee as system starts running

DAMN slow .

6. AVG Antivirus do not stand after restart that is it has to be

reinstalled again if PC is restarted.


7. System Hangs when i install Xp sp II

What I have done

1. When I run AVG antivirus it finds W32.Parite and VBS/redlof

and removes them but the problem persists.

This is how my Task manager looks like :


Please tell me some way if you can`t help it this way tell me if
changing the harddisk work?

 

Run 'msconfig' and disable th entry 'svchostt.exe' in th Startup tab. This is probably th infected file. Search for th file and delete it. Now run 'Regedit' and search for 'svchostt.exe' and delete all entries related to it. IMPORTANT : Backup ur registry before u do this!!
Also, disable any entries u do not recognise as programs that u hv installed. And, go to [Control Panel]>>[Internet Options] and in th Connections tab, select th 'Never Dial A Connection' radio button. This way, Windows will not ask u to connect to th internet even if some prog requests it.

 

1. How Am I supposed to back up the registry?
2. How am I gonna search ,`cause when I search it says " A file required to run the search companion is not working.
3. what about the boot sector Virus.

 

[1]Start Regedit and Click on th File menu. Click on Export, give a filename and select th option 'All' in Export Range.

[2]If u can't search, don't worry. Th file is most likely to be in C:\WINDOWS or C:\WINDOWS\SYSTEM32\ Go to those directories and look for th file.

[3]Boot using th Windows XP CD. Press 'r' when setup asks if u want to use th Recovery Console. At th Recovery Console, type fixboot. It will write a new boot-sector to ur drive. Also, type fixmbr to fix ur Master Boot Record. Do this only if there is no other OS installed alongwith XP.

 

Backing up registry:

Start->run
type : regedit

From the window that opens up goto File-> export . Select the location you want to export the file to and save it with some name.

This will back up your registry.

Boot Sector VIRUS should be removed by NAV or McAfee...install it..run it...even if it is slow...let it remove the virus...and then uninstall it...

 

Hmm...

First make a Mcafee/ Norton Boot Disk with latest Virus Defn on a friends computer
Make a Cold Boot(shut down and turnoff all power to the CPU)
Now bootup with the Floppy and Run a Full scan and hope fully it will get rid of ur Boot sector Virus and any other virus and then try to boot up in windows and see if things are back to normal....

after getting back in windows i wud recomment doin another full scan of ur system using some reliable antivirus with latest Virus definitions....

 

is svchost somekind of absolutely required service by windows...cos my xp pro also has several instances running at the same time...

 

Please post your HijackThis Logfile for better assesment of your problem.

 

hey guys hold on...! ! ! svchost.exe is a windows core process which always runs multiple instances and if u try to stop it, the system will hang up...it is not the infected file...try using norton by attachin ur HDD to another comp and run a full scan...obviously update norton first. u shud get the names of the virus after the scan and then just go to www.symantec.com and download the respective virus removal tools...scan...and u shud be up and runnin soon...best of luck...


oops...soory wildy...hey me am just a non-techie dude ...just thought was helpin...thanx for the info...hopefully i havnt got him into any trouble...

 

IG & FunkyB: You guys should do your homework before posting! You see, svchost.exe may be a key Windows component, but there *is* a virus out there that makes an infected copy of this file. None other than the Welchia worm. Don't you guys ever read Digit?????? That's where this issue was announced in the Virus alert column.

Here's some info on symptoms & removal (provided that in sr_ultimate's case it is Welchia and not some other variant):

http://www.pchell.com/virus/welchia.shtml

Do as it_waaznt_me thingy, dude. Paste the log the HijackThis creates on your computer and that way we might solve your problem.

 

point taken.

i had an lsass shutdown an few hours back but my av says there is no infection.the problem did not repeat .heres my hijackthis logfile

 

May be virus but it can also be faulty hardware. Check processor temp. and check ur RAM

Go to Internet Options by right clicking IE icon on desktop

under connections tab, select, Never dial a connection.

If u have any other browser set as default browser, change the settings these too for not to dial any connection.

I bet this to be a virus.

This is Virus protection offered by BIOS.
Whenever Master Boot Record (MBR) of ur HDD changes, u will get this warning.
U can disable this from BIOS.

This is due to Virus.


No need to change ur harddisk.

I think one of ur CD from which u install ur applications have these virii
As batty said give ur HijackThis log file.

btw to stop Redlof follow this

First, start msconfig
under startup tab, deselect Kernel.dll as this is virus file.

Now, Go to folder options and select "Show Hidden and Operating system protected files"
Now search for desktop.ini and folder.htt
delete all these files.
Again check for kernel.dll's entry in msconfig
now restart windows. Redlof is removed.

Check again with good antivirus.


About stinger, download latest version of it on some other machine which is not infected with any virus. Now copy it to floppy and then make the floppy read only by seting the switch/ Burn it to cd.
Now run stinger from this read only source.



Best Of Luck....

 

download the removal for W32.Parite.B and VBS/Redlof

http://www.pandasoftware.com/download/utilities/

 

@FunkyB and IG, see th filename :



It's 'svchostt.exe'. Viruses deliberately use filenames that resemble system files. In this case, th filename is similar to 'svchost.exe'. So, it's not a system process, but a virus.

 

no svchostt here...guess its something else.

 

@IG, check this file : C:\WINDOWS\System32\winmon.exe. Is it something u installed ? It is also registered as a service. Check its properties (date created, modified) and also see its description in services ([Start]>>[Run]>>'services.msc).

 

Re: point taken.

You got a virus ... Here is the removal info ..

To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
Please make sure that all Internet Explorer and Windows Explorer windows are closed.

And btw .. You sure you posted the whole log ..? I dont see any DPF info here .. And not the version info too ..

 

OK now my whole computer is not working , I`m in Cyber cafe , My computer says disk error , while rebooting XP it has to restart but after restarting it again says boot failure , that means it does not boot now !!!!!!!!!!!!!!!1


MAN I`m Dead

 

What did u do ? Explain in detail.

 

@ Kl@w-24
enlightened and humbled...thankfully my task manager seems to show nothin suspicious...

hey can u guys help me out too...we hav a 128k PPPoE net con in office...it was an 'always on' type con. but recently Calcutta Telephones has introduced a dialer as an authentication interface. the prob is...that the con works fine on the machine that it is directly connected to but we cant share it...even after enabling ICS on WinXP Pro and disabling the inbuilt firewall nothin works. also...before the dialer, the main machine was assigned a static ip, now it has dynamic ip...any suggestions or links where i can get more info...do i hav to install a proxy server, and if i hav to which one is the best? we hav about 12 machines on lan right now and want to share the con with only 2...help plz...