bitdefender and keyboard diabled, ?virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by jspinolo, Jun 28, 2008.

  1. jspinolo

    jspinolo Private E-2

    Started 3 or 4 days ago. Microsot wireless KB not working (typing this on OSKB) but mouse OK. Tried a good corded kb and did not work Had to use LogMeIn from laptop to start because I coud not do ctrl/alt/del. Found out that Bit Defender was disabled; cannot even update it. Run online Panda and Kaspersky, nothing found (only "not.a.virus" in Logmein). Unable to start XP in Safe Mode either. STUMPED AND P#SSED. Please help.
     

    Attached Files:

    jspinolo, Jun 28, 2008
    #1
  2. jspinolo

    jspinolo Private E-2

    Here is the 4th log
     

    Attached Files:

    jspinolo, Jun 28, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can start by removing/deleting all of this:

    Code:
    C:\
dfr12c.tmp    May 21 2008           0  "DFR12C.tmp"
dfr14.tmp     May 11 2008           0  "DFR14.tmp"
dfr15e.tmp    May  3 2008           0  "DFR15E.tmp"
dfr181.tmp    May 27 2008           0  "DFR181.tmp"
dfr19.tmp     May 19 2008           0  "DFR19.tmp"
dfr19f.tmp    Jun 19 2008           0  "DFR19F.tmp"
dfr1b7.tmp    Apr 27 2008           0  "DFR1B7.tmp"
dfr1f7.tmp    Apr 30 2008           0  "DFR1F7.tmp"
dfr20c.tmp    May  4 2008           0  "DFR20C.tmp"
dfr231.tmp    Jun 13 2008           0  "DFR231.tmp"
dfr232.tmp    Jun 10 2008           0  "DFR232.tmp"
dfr25.tmp     Jun 15 2008           0  "DFR25.tmp"
dfr2a.tmp     May 25 2008           0  "DFR2A.tmp"
dfr2c.tmp     Apr 22 2008           0  "DFR2C.tmp"
dfr2e.tmp     Jun 11 2008           0  "DFR2E.tmp"
dfr34.tmp     Apr 28 2008           0  "DFR34.tmp"
dfr363.tmp    Jun 10 2008           0  "DFR363.tmp"
dfr3a6.tmp    May 18 2008           0  "DFR3A6.tmp"
dfr3ac.tmp    Jun 10 2008           0  "DFR3AC.tmp"
dfr435.tmp    May  6 2008           0  "DFR435.tmp"
dfr560.tmp    May  8 2008           0  "DFR560.tmp"
dfr6f.tmp     Jun  7 2008           0  "DFR6F.tmp"
dfr77d.tmp    May 10 2008           0  "DFR77D.tmp"
dfr9c.tmp     Jun 19 2008           0  "DFR9C.tmp"
dfrb.tmp      Jun 20 2008           0  "DFRB.tmp"
dfrc6.tmp     Jun  9 2008           0  "DFRC6.tmp"

C:\WINDOWS\system32\"
bda102.tmp    May 12 2008           0  "bda102.tmp"
bda116.tmp    May 23 2008           0  "bda116.tmp"
bda117.tmp    Jun 12 2008           0  "bda117.tmp"
bda11c.tmp    Jun  9 2008           0  "bda11C.tmp"
bda11e.tmp    May 29 2008           0  "bda11E.tmp"
bda12d.tmp    May 21 2008           0  "bda12D.tmp"
bda134.tmp    Jun 12 2008           0  "bda134.tmp"
bda13a.tmp    May 12 2008           0  "bda13A.tmp"
bda13b.tmp    Jun  9 2008           0  "bda13B.tmp"
bda13d.tmp    Jun 12 2008           0  "bda13D.tmp"
bda144.tmp    Jun 21 2008           0  "bda144.tmp"
bda150.tmp    Jun  9 2008           0  "bda150.tmp"
bda158.tmp    Jun 12 2008           0  "bda158.tmp"
bda159.tmp    Jun  9 2008           0  "bda159.tmp"
bda16b.tmp    Jun 22 2008           0  "bda16B.tmp"
bda185.tmp    Jun 22 2008           0  "bda185.tmp"
bda18c.tmp    Jun  9 2008           0  "bda18C.tmp"
bda191.tmp    May 29 2008           0  "bda191.tmp"
bda1a7.tmp    Jun 22 2008           0  "bda1A7.tmp"
bda1b4.tmp    Jun  9 2008           0  "bda1B4.tmp"
bda1bf.tmp    Apr 27 2008           0  "bda1BF.tmp"
bda1c0.tmp    Jun 13 2008           0  "bda1C0.tmp"
bda1cd.tmp    Jun 23 2008           0  "bda1CD.tmp"
bda1cf.tmp    Jun  9 2008           0  "bda1CF.tmp"
bda1e4.tmp    Jun 10 2008           0  "bda1E4.tmp"
bda1f.tmp     Jun 21 2008           0  "bda1F.tmp"
bda1f8.tmp    Jun 10 2008           0  "bda1F8.tmp"
bda1fc.tmp    Jun 16 2008           0  "bda1FC.tmp"
bda20c.tmp    Jun 10 2008           0  "bda20C.tmp"
bda215.tmp    Jun 10 2008           0  "bda215.tmp"
bda21e.tmp    Jun 16 2008           0  "bda21E.tmp"
bda234.tmp    Jun 23 2008           0  "bda234.tmp"
bda23e.tmp    Jun 10 2008           0  "bda23E.tmp"
bda246.tmp    Jun 23 2008           0  "bda246.tmp"
bda24f.tmp    Jun 23 2008           0  "bda24F.tmp"
bda258.tmp    Jun 23 2008           0  "bda258.tmp"
bda25d.tmp    Jun 10 2008           0  "bda25D.tmp"
bda262.tmp    Jun 23 2008           0  "bda262.tmp"
bda273.tmp    Jun 10 2008           0  "bda273.tmp"
bda286.tmp    Jun 23 2008           0  "bda286.tmp"
bda293.tmp    Jun 24 2008           0  "bda293.tmp"
bda29c.tmp    Jun 10 2008           0  "bda29C.tmp"
bda2a5.tmp    Jun 10 2008           0  "bda2A5.tmp"
bda2b0.tmp    Jun 10 2008           0  "bda2B0.tmp"
bda2b9.tmp    Jun 10 2008           0  "bda2B9.tmp"
bda2cc.tmp    Jun 24 2008           0  "bda2CC.tmp"
bda2cd.tmp    May  5 2008           0  "bda2CD.tmp"
bda2e9.tmp    May  5 2008           0  "bda2E9.tmp"
bda2f.tmp     Jun 11 2008           0  "bda2F.tmp"
bda2f1.tmp    Jun 10 2008           0  "bda2F1.tmp"
bda306.tmp    May  5 2008           0  "bda306.tmp"
bda312.tmp    May 14 2008           0  "bda312.tmp"
bda342.tmp    Jun 24 2008           0  "bda342.tmp"
bda34e.tmp    Jun 10 2008           0  "bda34E.tmp"
bda368.tmp    Jun 24 2008           0  "bda368.tmp"
bda37a.tmp    Jun 24 2008           0  "bda37A.tmp"
bda383.tmp    Jun 24 2008           0  "bda383.tmp"
bda38b.tmp    Jun 10 2008           0  "bda38B.tmp"
bda38c.tmp    Jun 24 2008           0  "bda38C.tmp"
bda3a8.tmp    Jun 24 2008           0  "bda3A8.tmp"
bda3af.tmp    Jun 10 2008           0  "bda3AF.tmp"
bda3b5.tmp    Jun 25 2008           0  "bda3B5.tmp"
bda3ba.tmp    Jun 10 2008           0  "bda3BA.tmp"
bda3c5.tmp    Jun 10 2008           0  "bda3C5.tmp"
bda3e6.tmp    Jun 10 2008           0  "bda3E6.tmp"
bda3f1.tmp    Jun 10 2008           0  "bda3F1.tmp"
bda3f7.tmp    May  6 2008           0  "bda3F7.tmp"
bda3fa.tmp    Jun 10 2008           0  "bda3FA.tmp"
bda412.tmp    Jun 10 2008           0  "bda412.tmp"
bda454.tmp    May  7 2008           0  "bda454.tmp"
bda4a6.tmp    May  7 2008           0  "bda4A6.tmp"
bda533.tmp    May  8 2008           0  "bda533.tmp"
bda58.tmp     Jun 11 2008           0  "bda58.tmp"
bda657.tmp    May  9 2008           0  "bda657.tmp"
bda6c8.tmp    May 10 2008           0  "bda6C8.tmp"
bda73.tmp     May 28 2008           0  "bda73.tmp"
bda88.tmp     Jun 22 2008           0  "bda88.tmp"
bda91.tmp     Jun 11 2008           0  "bda91.tmp"
bda92.tmp     Jun 22 2008           0  "bda92.tmp"
bda93.tmp     Jun 19 2008           0  "bda93.tmp"
bdab8.tmp     Jun 19 2008           0  "bdaB8.tmp"
bdacb.tmp     Jun 19 2008           0  "bdaCB.tmp"
bdada.tmp     Jun 12 2008           0  "bdaDA.tmp"
bdae6.tmp     May 21 2008           0  "bdaE6.tmp"
bdaea.tmp     Jun  9 2008           0  "bdaEA.tmp"
bdaf.tmp      Jun  8 2008           0  "bdaF.tmp"
bdaff.tmp     Jun  9 2008           0  "bdaFF.tmp"

    Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Jun 28, 2008
    #3
  4. jspinolo

    jspinolo Private E-2

    Thank you, TimW. Here it goes,
     

    Attached Files:

    jspinolo, Jun 28, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This doesn't appear to be malware related, however you are running two anti-virus programs:
    ThreatFire
    BitDefender

    Please choose one and remove the other.
    You can also telll me what this is:
    C:\Documents and Settings\All Users\Application Data\WholeSecurity

    I also see this:
    Code:
    C:\Program Files\
MI558C~1      Jun 26 2008              "Microsoft IntelliType Pro"
MIFB84~1      Jun 26 2008              "Microsoft IntelliPoint
    Microsoft IntelliType Pro software provides full functionality for the Microsoft Natural Keyboard Pro, Internet Keyboard Pro, and Internet Keyboard. It also gives you the power to customize your keyboard Hot Keys and settings. This software is not intended to work with Microsoft Natural Keyboard Elite or any non-Microsoft keyboard.

    I would suggest that you post in the software section. This is probably an issue with either your drivers or the result of Tweak XP Pro.

    Since we are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2. Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 29, 2008
    #5
  6. jspinolo

    jspinolo Private E-2

    Hi TIm,

    I uninstalled Threat Fire (was this a good move? should I have uninstalled BitDefender instead?) but BitDefender not working yet.

    I really don't know what is in C:\Documents and Settings\All Users\Application Data\WholeSecurity; should I remove it?

    Regarding the Keyboard, this is the software it came from; I uninstalled and reinstalled it twice but still not working, whereas the mouse that came in the same box is fine.

    Hopefully these will be my last questions to you. I will go to the Software forum after your reply.

    Thanks,

    Jorge
     
    jspinolo, Jul 1, 2008
    #6
  7. jspinolo

    jspinolo Private E-2

    I Googled Whole Security. They are an antiphishing branch of Symantec. No idea why itis i tht foder.
     
    jspinolo, Jul 1, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No this is okay Tim! ThreatFire is designed to work along side of antivirus programs to help improve their protection.
     
    chaslang, Jul 1, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    My mistake on Thread Fire.....I am afraid this is time to head to software. Do other keyboards work...because maybe you got a dud keyboard. Or other drivers you installed are blocking your keyboard.
     
    TimW, Jul 1, 2008
    #9
  10. jspinolo

    jspinolo Private E-2

    Thank you again, TimW. I will head to software. Other keyboards did not work at all... probable conflict somewhere when I was fooling around with TweakXP Pro.

    You guys are great!
     
    jspinolo, Jul 2, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem...good luck. :)
     
    TimW, Jul 2, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds