Computer wont connect to internete and multi viruses??

Discussion in 'Malware Help (A Specialist Will Reply)' started by shell38, Jul 12, 2007.

  1. shell38

    shell38 Private E-2

    Hi

    I really hope somone can help me with this, My cousin pc would not connect to the internet so i no alittle bout computers that i have learnt through forums such as urself. Though the problem was a little more complicated than i thought.

    She is running windows xp home edition service
    pk 1 her ram is only 198 so very slow. She had norton anti virus on it and wen she came to try to connect to the internet it wld come up wiv a warning, now i have had dealings wiv norton before so i thought hey i no i will go and sort this........ erm think bitten off more than i can chew. Anyway i run the norton removal tool that i dl from this pc. it seems to have removed it. But still cant connect to the internet. She has ad-ware and think it called search destroy so of course cld not up date these but did a run of it in safe mode and normal and it threw bk several trojons. i deleted these. I cld not how ever use Avg as for some reason this wld not open and wld not let me uninstall it either, error came up unable to install file incomplete.. I also noticed she had zone alarm on there to but did nothing with that.

    wen i try to start the pc up it comes up wiv serveral warnings.

    first about AVG file cld not be found and cant run

    RunDLL error loading c:\windows\system32\jbi32.dll

    RunDLL error loading c:\program files\acceleration software\anti-virus\sstsmon.dll could not be found.

    Then here comes the funny bit
    it comes up with the same sort of warning but instead of words its square boxes and lots of swiggly lines. (wen i looked in run msconfig the same funny sqaure boxes were in there. so i unchecked them and restartd the computer but it came bk everytime)

    Now i persum that she is quite badly infected, but with out being able to connect to the internet i cant do alot. I hve thought about putting Hijack on a disk and taking that round, then posting a log on my pc, but she lives quite away from me and just wondered if there was anyting i cld do. I have told her to phone sky (her internet provider) today to see if they can check the settings just to make sure this is not the prob.

    im sorry if this is asking to much,

    Many thanx
    shell
     
    shell38, Jul 12, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes...her ram amount is extremely low to be running xp ....and it may be faulty.

    You need to find in add/remove programs acceleration software and unistall it.

    Now ...Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

    You may have to use a different computer to download and transfer some of the programs onto her computer.
     
    TimW, Jul 12, 2007
    #2
  3. shell38

    shell38 Private E-2

    Thanx for getting bk to me so quick

    I cld not uninstall from add remove programs this was the first place i checked.

    Also how is the best way to put all this on a cd and then install it on her pc. Some of the programes i wont be able to use as i cant gain access to the internet on her pc (i believe the virus have put a stop to it) so how will i update and run some of the internet programes ie Avg and the Panda etc.

    Will it be ok to put on a cd-rw only sometimes i have had problems with these and have to use cd-r to put programs on.

    Also is Regclean not a good idea, i have used this along while ago on another pc.

    As said she lives away from me so all the information i can have before hand and get in one go wen i go over there the easier it will be.

    many thanx
    shell
     
    shell38, Jul 12, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    CD-R will be fine ( that way you will have tools for future usage).
    I would suggest you download a few installation files:
    ClamWin Portable
    Counterspy
    HJT
    GetRun
    Shownew

    All are here at MG's ...download to your desktop and then either transfer them to a thumb drive or to your cd.
    ClamWin will run from the CD ....do it first.
    Then you should be able to move the others to her desktop to unzip / install and run.
    Let me know how you make out.
     
    TimW, Jul 13, 2007
    #4
  5. shell38

    shell38 Private E-2

    Thanx i wil put them on cd over the weekend but probwill not be able to get over there till early part of next weekk, so i wil get bk to u as soon as i do it.

    So just to make sure that i am correct i follow all the instructions that are on the help page wiv all the dl and the others that u have mentioned on here minus the online ones it that correct and wat order shall i put the extra ones u have said today..

    The other thing i wanted to ask is as i have done a search on the other dll virus. i cant do the othert one which is full of sqaures and wiggly lines, have you ever heard of this, i take it, it is a virus.

    many thanx shell
     
    shell38, Jul 13, 2007
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The order I gave is correct to run except for HJT ...do it last!

    If you are able to run both or either ClamWin or Counterspy ..they may clean enough off to get you back on line.:)
     
    TimW, Jul 13, 2007
    #6
  7. shell38

    shell38 Private E-2

    Thanx i will download all programs and go in the early part of next week to try to sort this out. will let you no how i get on.

    thanx shell
     
    shell38, Jul 13, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Look forward to your results.
     
    TimW, Jul 14, 2007
    #8
  9. shell38

    shell38 Private E-2

    Hi

    Well i managed to do a few things last night, the main thing able to connect bk to the internet :). I did not manage to do all the scans. and im not sure i did runkeys and shownew right.

    here is summery:
    After doing everything i seemed to have got rid of the Error loading c/windows/jbi32
    rundll error loading c\progfiles\acceleration
    But how ever
    there are still 2 boxes coming up with wat looks like squares and chinese writing.

    Run cc cleaner fine :)
    cld not run clamwin in safe mode like suggested:(
    counterspy wld not run in safe mode :(
    Avg ran log saved :)
    Bit defenender ran log saved :)
    get run keys ran (not sure if i did this right):eek:
    shownew (not sure if i did this right) :eek:
    panda online would not run :(
    HJT ran ok and log saved :)

    please find enclosed the following logs

    many thanx will post the other logs on another message
    shell
     

    Attached Files:

    shell38, Jul 19, 2007
    #9
  10. shell38

    shell38 Private E-2

    Please see the other logs
    manythanx

    shell
     

    Attached Files:

    shell38, Jul 19, 2007
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to re-run AVG and have it fix/quarantine all that it finds.
    Please uninstall ZangoToolbar and HOtBar and SpamBlockerUtility, Viewpoint Media Player

    Please find and delete:
    C:\Program Files\Common Files\logishrd

    C:\Program Files\Hijackthis\HijackThis.exe ---> rename to C:\Program Files\HJT\Analyse

    Download and Install RogueRemover Free

    Run RogueRemover and select Scan and the program will walk you through the remaining steps.

    * Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
    * On the page that opens, scroll down to MicroSoft Media Tools
    * then right click the entry, select Properties and press Stop Service.
    * When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
    * Click OK until you get back to Windows.

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking fix, exit HJT.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Please attach new logs for:
    ShowNew
    GetRun
    HJT
     
    TimW, Jul 19, 2007
    #11
  12. shell38

    shell38 Private E-2

    Hi

    Thanx for getting bk to me so quick. Just few things i want to ask.

    Please uninstall ZangoToolbar and HOtBar and SpamBlockerUtility, Viewpoint Media Player

    There is no option in anyway to uninstall zango hotbar and spam block utility, i dont even remember seeing viewpoint media player either. I did a search on zango and tried to delete it the way they said but i dont think it did. There is not an option in programs either. So could you plz tell me how to delete these programs.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    i understand it all apart from allow it to merge wiv reg i take it once its installed on the desk top and u open it, that is how it merges.(plz forgive my ignorance) do i have to also keep it on the desktop or can it be removed once this task is completed.

    Did i do the log correct for shownew and get run keys.

    Not sure wen i will be going over there again but i will try to get over there very soon. I also have now got a problem with my pc so can i say it in this thread or do i have to start it in another.

    many thanx
    shell
     
    shell38, Jul 19, 2007
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should be able to open your browser and click on Tools / manage add-ons and uninstall the toolbars.

    Yes...you can remove the registry patch from the desktop.

    Let me know how the rest of the fixes ran and attach the requested logs.:)
     
    TimW, Jul 20, 2007
    #13
  14. shell38

    shell38 Private E-2

    ok thanx will try to get over there as soon as poss
    then let you no.
    many thanx shell
     
    shell38, Jul 20, 2007
    #14
  15. shell38

    shell38 Private E-2

     
    shell38, Jul 24, 2007
    #15
  16. shell38

    shell38 Private E-2


    am now enclosing the logs u requested

    hope this helps.
    thanx shell
     

    Attached Files:

    shell38, Jul 24, 2007
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use windows explorer to find and delete:
    C:\Documents and Settings\bec\Application Data\ZangoToolbar
    C:\Program Files\ZangoToolbar


    Please download DelCmdService, and save it to your Desktop.

    * Unzip the content to your Desktop (a folder named delcmdservice)
    * Double-click on the delcmdservice folder
    * Double-click on delreg.bat to launch the tool
    * When the tool has finished, please reboot your computer


    Please download and install Registrar Lite. Make sure you select a Majorgeeks download link and not the Authors!

    Run Registrar Lite navigate to each of the following keys (one at a time) and take ownership of them (I explained how to do that further down).


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000]

    To take ownership of the key do the following:

    * Copy & Paste the registry key from above into the Address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
    * Click-on Security in the top Menu
    * Select Take Ownership
    * Repeat these steps for all of the registry keys given above before continue to the next steps below.
    * Now leave RegistrarLite running and continue
    * Now run the fixME.reg REGISTRY PATCH below in this message.
    * Tell me the results. Any error messages?
    * Now in RegistrarLite click View and then Refresh
    * Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
    * If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.


    Here is the Registry Patch

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    PART 2 - Setting Permissions for Everyone

    Run the below if some of the registry keys still exist after running the above steps.

    Now I want you to use Registar Lite again to navigate to each of the below keys (one at a time) by pasting them into the Address Bar and hitting return. But this time click the Security menu item and select Edit Permissions so we can change permissions to everyone ( I describe this down below the list of registry keys).
    After click Edit Permissions , here is what I expect you to see in the Group or user names area of the form:

    Everyone
    SYSTEM

    Select Everyone by clicking on it. Now at the bottom in the Permissions box click the check box for Full Control. The click Apply and then OK to get back to the main Registrar Lite screen. Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

    Then reboot your PC!

    Now run GetRunKey again and attach a new log!
     
    TimW, Jul 25, 2007
    #17
  18. shell38

    shell38 Private E-2

    please find enclosed new runkey log and HJT
    one thing i was surprised bout wen running HJT on my pc it takes seconds on hers it take quite a while to do, does this indicate a prob or is this normal.

    many thanx
    shell

    Ps can we delet all the other programs that we have now used to sort this pc if not which ones do we need to keep.:):)
     

    Attached Files:

    shell38, Jul 25, 2007
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please don't quote my instructions ....just makes thing longer.

    Did you do every step that I gave you to take ownership of the Legacy network monitor keys?

    They are still showing.

    Please run through all the steps again and then post a new GetRun log.

    You can remove Counterspy.

    We will do the rest later, when we are sure you are clean.
     
    TimW, Jul 25, 2007
    #19
  20. shell38

    shell38 Private E-2

    As i cant get round there for a week, i have had to do this over the phone with her. Yes she went step by step with the instructions. everyone came bk that it had been made ownership.

    wen i paste it in the adress bar we did not include the [ ] i take it that was correct. When we then refreshed it, she cld not see any of the files in the name bit is she looking in the right place for them.

    wen we re do them do we need to do the reg patch. inbetween. like first instructions.

    many thanx
    shell
     
    shell38, Jul 25, 2007
    #20
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I understand this is difficult long distance .....so let's try a different approach:
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    ote]
    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt
    Attach both a GetRun and the avenger logs.
     
    TimW, Jul 25, 2007
    #21
  22. shell38

    shell38 Private E-2

    ok thanx will prob do this tomorrow now, do i include reg keys to delete in the copy and paste just making sure.

    thanx shell
     
    shell38, Jul 25, 2007
    #22
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes....everything in the quote box. Let me know how it goes.:)
     
    TimW, Jul 26, 2007
    #23
  24. shell38

    shell38 Private E-2

    Hi

    just a quick question, we are just about to do the logs as requested, but i found out she had no firewall at all so tried to install one from ur site. but wen she did this which was the comodo one this is the warning she got

    c:/ documents and settings/ bec/local settings/temp internet files/contents.i.es/1H02W7SJ/c
    CEP-set up[1].exe

    page on files is to small for op to complete.

    why is this and has this been partially installed and can we remove what has been installed, its not in the program list as yet..

    Also last night a warning came up on her avg not sure if it was the spy ware or the virus one but it said to check avg. i was not there and she did a counter spy check. i have told her to make sure both avg are updated and to do scans on both and see what happens.

    thanx
    shell
     
    shell38, Jul 26, 2007
    #24
  25. shell38

    shell38 Private E-2

    Hi

    Please find enclosed logs u ask for i have also enclosed a HJT i no u did not ask for it but as the pc got a warnin just wanted to make sure nothing had slip again.

    manythanx for ur time on this matter
    shell
     

    Attached Files:

    shell38, Jul 26, 2007
    #25
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please uninstall Counterspy as we are finished with it and it is a trial application.

    Turn off / disable or uninstall ALL anti-virus / firewall / and anti-spyware.
    We are going to try this again:

    Run Registrar Lite navigate to each of the following keys (one at a time) and take ownership of them (I explained how to do that further down).


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000]

    To take ownership of the key do the following:

    * Copy & Paste the registry key from above into the Address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
    * Click-on Security in the top Menu
    * Select Take Ownership
    * Repeat these steps for all of the registry keys given above before continue to the next steps below.
    * Now leave RegistrarLite running and continue
    * Now run the fixME.reg REGISTRY PATCH below in this message.
    * Tell me the results. Any error messages?
    * Now in RegistrarLite click View and then Refresh
    * Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
    * If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.


    Here is the Registry Patch

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    PART 2 - Setting Permissions for Everyone

    Run the below if some of the registry keys still exist after running the above steps.

    Now I want you to use Registar Lite again to navigate to each of the below keys (one at a time) by pasting them into the Address Bar and hitting return. But this time click the Security menu item and select Edit Permissions so we can change permissions to everyone ( I describe this down below the list of registry keys).
    After click Edit Permissions , here is what I expect you to see in the Group or user names area of the form:

    Everyone
    SYSTEM

    Select Everyone by clicking on it. Now at the bottom in the Permissions box click the check box for Full Control. The click Apply and then OK to get back to the main Registrar Lite screen. Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

    Then reboot your PC!

    Now run GetRunKey again and attach a new log!
     
    TimW, Jul 27, 2007
    #26
  27. shell38

    shell38 Private E-2

    Hi

    Right i just want to make sure of a few steps for i start this.

    When i paste for example
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR]

    do i or do i not include the [ ] into the address bar of reg lite.

    Second once u refresh where would it show if the files are deleted or not. as last time we did this they all said took ownership ok but wen we refreshed the page it came up with a page but none of the reg we put in there were there. So this makes me think that we were looking in the wrong place for it. last time we did this we did not run step 2.

    if we have to go on to step 2, how do we no if its truly deleted.

    many thanx shell
    sorry to be pain but i am having to do this as told u over the phone so i need to explain it in bit more detail sorry
     
    shell38, Jul 27, 2007
    #27
  28. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes...with the [ ...] ...
    Now in RegistrarLite click View and then Refresh
    * Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
    * If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.

    Step two:
    Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

    They show in the GetRun log.

    Let me know if you get it.
     
    TimW, Jul 27, 2007
    #28
  29. shell38

    shell38 Private E-2

    yes understand the process totally, just once we view and refresh if they are still there they will b on the page that comes up after refresh, last time there were none on that page hence y we did not do step 2

    thanx shell
     
    shell38, Jul 27, 2007
    #29
  30. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    They can be stubborn ...check it in safe mode also. You have removed all your browser toolbars?
     
    TimW, Jul 27, 2007
    #30
  31. shell38

    shell38 Private E-2

    Hi

    sorry not got bk to u before. We have had a few problems this end. im hoping to sort this prob out in the next week, it might b today. What did u mean bout removed tool bars on ur last message.

    The other bit is that on that prog wen we refresh the page that comes up will show any of the the pieces we shld have removed if they are not showing on that page then they not there. Im still not sure where i am looking to see if they have been deleted or not

    thanx
    shell
     
    shell38, Aug 12, 2007
    #31
  32. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I was talking about your internet browser toolbars ....depending on which browser you use..it will be under either the view tab or the tools tab.

    The items we are trying to remove will, hopefully, after running the proceedures (without spyware and virus programs running during the fix) be absent from the GetRun log.
     
    TimW, Aug 12, 2007
    #32

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds