hi my computer is behaving in a bizarre fashion

i had posted a thread in network forum cos i thought that was the right place. later i was told to do the read and run thingy and post here. well the probs have deteriorated. in the beginning my computer would shut down ifi used any chat software like yahoo messenger and gmail chat. that is when i posted there and i went thru the read and run me procedure. i shall attach the files. ccleaner doesnot not clean everything like before. one file always remain.... IE temporary internet file 64 kb. and avast is not able to delete many infections. i did a scan and these couldn be removed a few days ago. kernel32.dll, winsock.dll, wssock32.dll. today after read and run i scanned using avast but i couldn save the log. so i'm scanning again now. it says its not able to delete certain adware. now the issue is that i'm not able to type in windows. and suddenly a number of firefox windows open. and a host of other problems which i seem to forget.

 

Hi Gothichero!
Welcome to the Malware Forum!

Please rerun AVG Antispyware and have it fix everything it finds.

Also, go to add/remove programs and uninstall Viewpoint Media Player.

Attach the new AVG log with your next post if there is one or let me know if it fixed those things it found.

Thanks.
abri

 

hi.... i ran avg anti spyware. it found a few trojans and adware which i fixed. but the problems have multiplied. i still cant use chat softwares. i cant type anything in the box. the moment i type new firefox browser opens or the computer shuts down completely. now i cant even browse properly. i cant type anything anywhere. the mouse also stops workin most of the times. it doesn click at all usually. and typing is also a big problem. its only deteriorating. it baffles me.:cry
i ran it twice cos i faced problems while running too. so i have posted both reports and i cant find avast log. i mean the report. it found a couple of adwares but now i dont find the repost. and yeah i uninstalled viewpoint media player

 

Hi gothicero,
Your computer is not yet okay. The things which need to be done can't all be done in one step. I need to be sure about a couple of things and then I will post another set of instructions to you. Thanks for being patient.
abri

 

Hi gothichero,

If your Avast is updated and running, it should have picked up at least one of the viruses your computer has. Is your antivirus program running?

Now please do the following:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [status] present

Do the following belong to programs you know or want to keep? If not, please fix them as well.


O17 - HKLM\System\CCS\Services\Tcpip\..\{CBD810AD-5774-48EB-B011-7938E5B3B1B6}: NameServer = 125.22.47.125,202.56.250.5


After you click fix, just close hijackthis.



2) Download and install Erunt. Use it to create a backup of your registry.

3) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

4) Go to add/remove programs and uninstall the below:

Viewpoint Media Player

5) Run CCleaner at the default setting with the Windows tab as the one on top.


6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates.


Let me know how things are running now?

abri

 

I'm not able to download erunt from any one of the mirrors. it says file not found. i fixed those three files using hijackthis. and i'm not able to open any google related websites.

 

Hi gothicero,

I have a question for you and then some instructions. Please try each step and let me know how this goes.

1) I mentioned in post 5 that Avast should have picked up and fixed the particular infection your computer has. Since it didn't, I would like to know if Avast is not running or not running properly? Can you tell? It may be compromised and will have to be reinstalled after we finish cleaning your computer.

2) Can Google be opened via IP address rather then by URL? To do this, go to Start / Run and type in ping www.google.com and note (quickly) the IP number that comes up. The number will look something like this number 64.233.167.147 Put the number you get into the address bar of your browser and hit enter and see if you get Google using this rather than by using the usual URL address. Let me know if this works or if it doesn't.

3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Policies\Explorer\Run: [status] present

After you click fix, just close hijackthis.

4) Now, please go to the Trend Micro website where there is an automatic removal tool for the infection that your computer has. It can be found at this address:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.BDN&VSect=Sn

If the automated removal tool doesn't work, report this to me and we will remove it manually using Process Explorer.

5) You have an old version of the MGTools. Please download the correct version, allow it to install over the old version and then rerun it according to the instructions. It will produce a new log which I would like for you to attach with your next post. To download the current version, go to the Windows XP Cleaning Procedure and look for the link to MGTools.

Thanks.
abri