Serious Virus Issues! Please Help Me!!

Ok, for the last 4 days I have been having serious issues with all the programs on my computer. Well only the programs that need to connect to the internet to be used. For example my Msn Messenger, Kazaa, and I run a website so I can't publish my update using frontpage because it says my proxy settings are inncorrect. I know I have the "Automaticlly detect settings" checked in my Conections/Lan. I have NO clue what I did to screw it all up. I know I installed and ran a new virus program that told me I had 14 viruses! I also ran a registry check program and found out I had 1009 problems with my system registry. Even though I fixed all that it's still not working. All I can remeber doing is running msconfig and turning off some things that start up when I boot my computer. Could I have turned off something that now has everything all screwed up? I am in a bit of a panic here , can anyone help me? Thanks A Bunch!

I have uninstalled Kazaa completely since this problem started. I also ran spybot and got rid of anything that showed up. Now I am being told that it's a virus. Also that possible I uploaded the virus to my website and now people downloading from my website are downloading the virus!!! Of coarse since my Frontpage can't access the internet I can't even shut down the site temporarily until I can fix this issue! I am completely lost!

 

Kazaa is a piece of junk - it just loves to screw up computers. And if you're getting music, etc., it's illegal. I'd stay rid of it.

My best advice is to download ad-aware and run it through and delete/quarentine everything it finds. Then if it still isn't running to well, if you have Windows XP, I would do System Restore - a miracle in itself (at least it has been for me).

You might want to give your ISP a call.

 

I'm not a tech by a long shot,but I found a Panda Active scan useful. I have Norton 2003 all updated,SpyBot,Adaware. Still Panda picked off a Trojan today.

 

Can you access the internet with a browser? If so the previously mentioned Panda and Housecall are online scanners that can help:
http://www.pandasoftware.com/activescan
http://housecall.trendmicro.com

 

"Ok, for the last 4 days I have been having serious issues with all the programs on my computer. Well only the programs that need to connect to the internet to be used. For example my Msn Messenger, Kazaa, and I run a website so I can't publish my update using frontpage because it says my proxy settings are inncorrect. I know I have the "Automaticlly detect settings" checked in my Conections/Lan. I have NO clue what I did to screw it all up. I know I installed and ran a new virus program that told me I had 14 viruses! I also ran a registry check program and found out I had 1009 problems with my system registry. Even though I fixed all that it's still not working. All I can remeber doing is running msconfig and turning off some things that start up when I boot my computer. Could I have turned off something that now has everything all screwed up? I am in a bit of a panic here , can anyone help me? Thanks A Bunch!

I have uninstalled Kazaa completely since this problem started. I also ran spybot and got rid of anything that showed up. Now I am being told that it's a virus. Also that possible I uploaded the virus to my website and now people downloading from my website are downloading the virus!!! Of coarse since my Frontpage can't access the internet I can't even shut down the site temporarily until I can fix this issue! I am completely lost!"


I wouldn't worry to much about passing this possible virus on to your website. I'm pretty confident that the site that is hosting your web pages have thier own tight protection. When you run adware and spy bot programs be carefull of what you delete. If your not sure about something, quarintine the items as compared to out right deleting them. My suggestion to you would be to save all of your Frontpage data into a folder not located in the program folder, and re-install Frontpage.

 

Might some of those be in your system restore?
I had some baddies I couldnt find till some one in here told me to turn off system restore and scan etc.
It worked for me.

 

I'm no geek, but for what it's worth, I would definitely try system restore first. It's worked for me. Go back to before you made the changes and restore from a point there.

Then take stock.

If things look okay, run the scans suggested to ensure there is nothing lurking. If you do have a virus found that won't be deleted, then there is a good chance, as Vonnie said, that traces of it are in the system restore files. The only way to get rid of that is to turn off system restore and reboot, which will delete all the system restore files. You would then turn system restore back on to create a new restore point.


But note: You don't want to do that unless you are happy with the state of your computer at the time, because there will be no way to restore to a point before that, as they will all have been deleted.

 

Ok here is what I think the problem is. For some unknown reason my Panda Platinum is refusing to do a full system scan. It starts, but shuts down one third of the way through. So I downloaded the trial version of AVG. It found a bunch of viruses and healed them, but there are 3 that it won't heal, delete, or move to the virus vault. They are in

C:/Documents and Settings/User/Local Settings/Temp/bi6.cab:/biprep.exe

C:/Documents and Settings/User/Local Settings/Temp/biH.cab:/bi.dll

C:/Documents and Settings/User/Local Settings/Temp/biH.cab:/biprep.exe

It says they are Trojan Horse PSW.Bispy.B
Trojan Horse PSW.Bispy.A
Trojan Horse PSW.Bispy.B
I have no idea what files those are, they are windows cabinet files that open with windows explorer. Unfortunatly I have no system restore dates, because when this first happened I was going to restore to an earlier date, only to discover that some how my system restore had been turned off! So I turned it back on, but all that's going to restore me too is 4 days ago when this whole mess started

 

Hi Samantha!! I found this on Google:


http://www.computercops.biz/modules.php?name=Forums&file=viewtopic&p=178771


It's nasty. If you need any further help, please stay tuned!!

 

http://www.majorgeeks.com/vb/showthread.php?t=27385

 

Ok I have read the threads, downloaded and ran numerous programs, and still nothing is working for me. To top it all off I broke my right arm and am now twisted up like a pretzel trying to use my mouse and keyboard with my left hand. Below is my hijack this log. If anyone at all can help me I would GREATLY appreciate it. Thanks


Logfile of HijackThis v1.97.7
Scan saved at 7:00:42 PM, on 6/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {22D48CE3-9FF9-8ADC-8202-F7A815C19581} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Documents and Settings\User\Desktop\Viral Programs\srv122\StartRight.exe" -go
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Documents and Settings\User\Desktop\Viral Programs\srv122\StartRight.exe" -pre
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free Software - C:\Program Files\Xtractor Plus\hh.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

 

What symptoms are you having now?

Did you disable Sytem Restore and reboot to clear all restore points?

Your log is fairly clean, but you can fix these items:
O2 - BHO: (no name) - {22D48CE3-9FF9-8ADC-8202-F7A815C19581} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Do you have any idea what these lines belong to?
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Documents and Settings\User\Desktop\Viral Programs\srv122\StartRight.exe" -go
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Documents and Settings\User\Desktop\Viral Programs\srv122\StartRight.exe" -pre
If you recognize 'Viral Programs\srv122\StartRight' as being OK, then leave it alone.

 

Yes I turned off system restore and rebooted. The main problem...well the only problem is that my Frontpage, msn, and any other programs that need to connect to the internet to run, don't work. They say my proxy settings are wrong, or cannot find port, or all different kinds of things. My IE and e-mail work fine though. I have 3 viruses that my anti virus programs found, but they can't delete them, heal them, or move them to the vault. So I am convinced that these 3 viruses are what's causing the problem, except I don't know how to get rid of them. They are listed below .........C:/Documents and Settings/User/Local Settings/Temp/bi6.cab:/biprep.exe

C:/Documents and Settings/User/Local Settings/Temp/biH.cab:/bi.dll

C:/Documents and Settings/User/Local Settings/Temp/biH.cab:/biprep.exe

Trojan Horse PSW.Bispy.B
Trojan Horse PSW.Bispy.A
Trojan Horse PSW.Bispy.B

 

Were the online scanners able to clean those trojans?

Try this: Reboot to Safe Mode (tap F8 while booting) and delete everything in this folder:
C:/Documents and Settings/User/Local Settings/Temp

 

I thought that was a possibility, but I had that proggie on my box awhile ago and I don't remember the "Viral Programs" dir, so I wasn't sure.

 

Yes I have Start Right installed on my computer. I also started up in safe made and deleted eveything in that temp folder, but I am still having the same problem. For example, when I try to publish an update to my website using Frontpage it says : Accessing HTTP servers requires 32-bit TCP/IP networking which is not installed or may be misconfigured.

When I try to sign into the newer version of messenger it says it cannot connect to the internet. Same when I try to update my anti-virus program....it says a connection to the internet cannot be established, yet I'm on here right now typing this, so obviously my internet connection is fine. I am lost.

 

That may not be virus/trojan related. Try LSP-Fix:
http://www.cexx.org/lspfix.htm

 

Thanks for the advice. I tried it, but unfortunately it didn't change anything. Am I going to have to format and lose everything you think, and would that fix it?

 

Some research turned up this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;265032
It's likely a Zone Alarm issue.

From your HijackThis log I can see you have components of both Zone Alarm and Panda Platinum Firewall enabled. It's not a good idea to have two software firewalls running simultaneously. Disable Zone Alarm completely and see if that helps.

 

Not sure if this will work. Not sure if you tried already. Give Kazaabegone a try. It's a an additional utility to remove Kazaa junk that the other uninstall programs didn't catch. You can probably find it here at MG, or type it in a search engine, then install.

Doug

 

Oh God!! You have no idea how thankful I am!!! It was the zone alarm thing!! I removed it and all is fixed!!! Thank you, Thank you, Thank you!!!

 

You're welcome, welcome, welcome, glad you're all sorted



Is there an echo in here?