help system unsuable!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Snipergod87, Jul 24, 2005.

  1. Snipergod87

    Snipergod87 Specialist

    i dont know what exactly i did and normalyl im pretyt good at keeping ym system safe but recently i got a barrage of viruses (thanks to edonkey2k) including: BackDoor.Beasty x3 (is that aurora handler?), VBS.Loveletter.CI x3
    and alota spyware. i removed it all and also ran microsoft anti spyware, spybot searcha dn destory 1.4, and ad-aware se, when i boot into windows i get sysnet.exe once and sdaemon.exe infity times. here is my hijack this log

    Unrequested, inline log removed -Kodo



    i also researched on the web:
    http://forums.spywareinfo.com/lofiversion/index.php/t36888.html
    is onyl thing i found relating to my problem unfortunally no solution.

    please help me i dont wish to reformat!! ahh the horrors of reformating!
     
    Last edited by a moderator: Jul 24, 2005
    Snipergod87, Jul 24, 2005
    #1
  2. Snipergod87

    Snipergod87 Specialist

    by removing pc secrutriy i got rid of sdaemon.exe error (or at least it didnt happen on this reboot by sysnet.exe still comes
     
    Snipergod87, Jul 24, 2005
    #2
  3. Kodo

    Kodo SNATCHSQUATCH

    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    Kodo, Jul 24, 2005
    #3
  4. Snipergod87

    Snipergod87 Specialist

    hijack this log
     

    Attached Files:

    Snipergod87, Jul 24, 2005
    #4
  5. Snipergod87

    Snipergod87 Specialist

    removes sysnet.exe because its a worm according to what i researched
     
    Snipergod87, Jul 24, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The first thing we need to do is disable SpybotSD's TeaTimer as it can get in the way of cleanup.

    To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
    Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
    Now quit Spybot!

    Is the below start page valid?

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omgrawr.net/quote/random


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - (no file)
    O4 - HKLM\..\Run: [Sysnet] F:\DOCUME~1\SNIPER~1\LOCALS~1\Temp\sysnet.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    F:\Documents and Settings\SNIPER~1\Local Settings\Temp\sysnet.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jul 24, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds