Comp Conked! Please help

I am an undergrad student and I am part of a LAN in the college which connects about a 1000 computers.

My computer is suddenly going bonkers. I had taken my hdd to a friends place and attached it as secondary for some data transfer. Ever since then, its crazy. And recently, i found a couple of .exe files with a folder icon, in my shared folders(with write permission). I double clicked one and after realising my folly, deleted both of them. (I dont remember their names)

I started getting problems with lsass.exe, msmsgs.exe and ftpupd.exe after that. ZoneAlarm kept showing me program warnings etc. about them.

After that, i ran a Zone alarm virus scan and to my surprise i found that i was very badly infected. The scan results showed hundreds of copies of
Win32/Robknot.AI , Win32/Korgo.S, Win32/Berkor.B and Win32/Blackmal.F.
All the infected files and stuff were removed by ZoneAlarm.

Now, after this, I thought my comp was clean. Only to find that there exists no "Folder Options" under the Tools menu in Windows Explorer. I am really worried that there might be many other things which might have run into trouble with this virus feast!

I have attached the HijackThis log file after doing a Normal Bootup.(I used to use the msconfig startup options to disable many processes from starting up).

Please do help me out with this.

 

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

I need to see the other logs in order to help you and if you read the instructions we do not want you to disable programs through msconfig.

 

I am a newbie here.. Thanks for that reply. I have done all that and i am still facing some troubles i guess.
Before i get into what happened when i was doing what you asked me to, i need to mention the fact that i was using Norton 2005 all these days.. I switched over to ZoneAlarm a couple of days back only.

Okay, I booted into safe mode and cleaned out all the temp files and web logs etc etc. using CCleaner. After that, i could not enable viewing of hidden files, system files or file extensions coz, as i had mentioned earlier, the Folder Options was missing under the Tools menu in Explorer.
I ran Spybot and detected about 4 problems. It fixed them.
After that, I ran CounterSpy and detected problems too. I have attached the log file here, since i still have problems with my system.

After this, I booted into safe mode with networking but somehow, i couldnt connect to the internet. So, i rebooted into the normal mode and ran the online scans.
I have attached the log files of BitDefender and PandaActiveScans.

Now, after this, I ran GetRunKey.bat and windows kept popping the error
"Registry editing has been disabled by your administrator". The errors stopped coming only when i closed the command prompt window which had opened up.
After that, i ran ShowNew.bat and I have attached the log file here.

Please do help me out. I think i am in trouble here. I am unable to open/view/edit the registry. Even the Start--> Run --> Regedit command gives the same error as the first bat file.

 

The remaining two logs are here!

Keeping my fingers crossed...

 

Is this computer owned by the school/university that you are attending? Or is this your own personal computer that you bought from a store/online/etc.?

 

oh.. it is my own personal pc.

And now to complicate problems.. My comp refuses to reboot!! I will tell you the things that happened.

1) After all those viruses/worms were deleted, i wanted to defrag my hdd. I did it successfully on 2 drives. On the third drive, when defrag was going on, suddenly the comp hanged! Did not respond to keyboard nor the mouse.
2) I rebooted. It said it needs to check files system for file inconsistency (the normal blue screen with the 10 to 1 countdown to cancel disck check and all that). The countdown stopped at 7 ! and just hanged.
3) I rebooted and canceled disk check on that drive, windows wanted to do it for C drive too this time. I cancelled that too and then it hanged then and there.
4) I shut down my system and waited for 5 minutes and rebooted. This time windows showed me a black screen with white text and said (something similar to) "Windows could not start properly due to some errors" and gave me a couple of options to choose from which included "Boot normally" and "boot in the last known good/working configuration".
I chose boot normally and then it went to another black screen and then just hanged.
5) I rebooted and this time chose "last known working configuration". It booted!! and showed me my desktop and my startup programs were loading. About 45 seconds later(or may be less) the comp just hanged! Totally.
6) I tried rebooting. The green light on the cpu goes on. The red one blinks once in a while and there is no display shown on the monitor. There is a noticeable reduction in sound coming from the cpu.
7) I removed my RAM and rebooted. CPU made noises. (I am assuming that this means that my RAM was working properly)
8) I connected my seagate hdd onto a friends comp. (windows xp) and it recognised my drives, ran a diskcheck too. But since we were afraid that my hdd was filled viruses, we dint boot in fully. Instead, chose to turn off system when it asked for the username & pwd.

I am in a fix. My mobo is ASUS K8N. Seagate 80 GB SATA hdd and a 512 MB Hynix RAM.
Should i be posting this in the other forum or something? Please help me!

 

Someone please help! I am getting desperate! (

 

If you can boot your own computer into safe mode (tapping F8 during startup), I need to know.

If not, and you are using your friends pc and your drive as a slave - I need to know the drive letter of your drive.

 

Oh.. I think i forgot to mention it. I tried booting in Safe mode and it dint work. When i press the power button of my comp, i get the green light, bright and clear as usual. The hdd light blinks and there is a reduced amount of sound than normal. There is no monitor display. The keyboard lights(num,scroll and caps lock lights) all of them light up for a brief moment (as usual). Nothing happens after that.

Right now, i am using my hdd as a slave in my friends comp and the drive letter of that drive which contains my OS is F.

Am i in deep shit?:cry

 

And i have a feeling that my processor fan might be running at a lower speed than normal. I am not really sure about this.. but just a feeling.

 

Ok! it turned out that my computer's SMPS was screwed and so it dint boot. Now it is repaired and the hardware is all fine!!

Now.. please do help me with the malware/spyware/virus problems. When i type 'regedit' in Start -> Run, the error message shown is "Registry editing has been blocked by your administrator" !!
I am not sure where else the virus might have effected changes.. but this one is the only one i could notice. Please do help me out with this..
also it would be nice if you could.. tell me where else i can look for possible changes/problems that this virus might have caused. (and how to solve them too! )

Hope you can do it as soon as possible!

 

Run HijackThis and check the following line:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Click FIX CHECKED

Attach a new HijackThis log.

 

Thats fixed now. But i would like to know what else a virus would have caused a change in my system... or system settings. Is there a checklist that i can compare with.. things a "normal, uninfected computer" can do... that a infected one cant?

Please do reply asap! Thanks a lot for all the help till now.

 

There is no checklist - just running many scans, changing settings back to default, System Restore/reformat. It depends on make, model, year, software installed, etc. - There are too many variables for a simple checklist - sorry.

 

You need to rename HijackThis as stated in the READ & RUN ME FIRST instructions.

Reboot in SAFE MODE (Tap F8 during startup)

Click START>RUN then type notepad

Copy/paste the following information into NOTEPAD

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\System]
"DisableRegistryTools"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ CurrentVersion\Policies\System]
"DisableRegistryTools"=- 

Click File > save as - choose desktop for location
Filename: fix.reg
Save as: ALL FILES

Double-click FIX.REG and allow it to merge with the registry

Reboot and attach a new HijackThis log and a new runkeys.txt