computer virus?

Discussion in 'Malware Help (A Specialist Will Reply)' started by urnt, May 1, 2009.

  1. urnt

    urnt Private E-2

    hi!
    my computer (running windows xp) recently opened an infected file which avg alerted me to, but before i could click to move it to the vault, my system lagged and seemed liked it was downloading a lot of stuff. i have a feeling this happened because i hadnt updated many of my programs lately. anyway, as the computer was being unresponsive, something opened adobe acrobat and then it rebooted on its own! when my desktop came back on my audio settings had been changed, windows live messenger wont work, and my computer seems much slower. i got an error message saying "run dll as an app" was unresponsive and also my computer has crashed to the blue screen a couple of times but i didnt think to write down the error messages. i'd appreciate any help or ideas! thank you!!
     
    urnt, May 1, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!


    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide


    Helpful Notes:


    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid addtional delay in getting a response, it is strongly advise that after completing the READ & RUN ME you also read this sticky Don't Bump! It Only Hurts You!!!. Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    TimW, May 4, 2009
    #2
  3. urnt

    urnt Private E-2

    hi!
    sorry the response took so long! i was away on business.
    i've still been having the same problems: seemingly random bsod's reading something like either bad_pool_header or driver irql not less or equal with stop messages. mostly i'll be surfing and i get the message "internet explorer has encountered a problem and needs to close". windows live messenger still wont open. once, while surfing, i also got a message saying "NT AUTHORITY SYSTEM" and it told me to save my work because it was shutting down in 60 seconds. i figure thats some kind of virus. ccleaner found nothing and the other scan results are attached. thanks very much!!
     

    Attached Files:

    urnt, May 18, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am only seeing one thing.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    c:\docume~1\JEFFTO~1\LOCALS~1\Temp\mc28.tmp

    Re-run Combo.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 20, 2009
    #4
  5. urnt

    urnt Private E-2

    i wanted to let you know that my computer became completely inoperable and i had to reformat. thank you very much for trying to help me though!
     
    urnt, May 23, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry to hear that........but good to know you are sorted. :)
     
    TimW, May 24, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds