i need help

Discussion in 'Malware Help (A Specialist Will Reply)' started by Sam the piano man, Jul 13, 2007.

  1. Sam the piano man

    Sam the piano man Private E-2

    Recently I have had some spyware problems. I had run in safe mode and delted all the spyware crap i could find and scanned my computer for viruses. However, I must have clicked on something again and messed my computer up even more. I have taken a picture with hijackthis.

    let me inform you I saw the process Wmiprvse.exe running and know it's a virus. I am trying to get rid of it. ALSO, for some reason... one of my folders that had tons of audio files on it are now marked with .zip (ie. rhcp.mp3.zip) and (when clicked on) opens up to a setup.exe (probably another virus).
     
    Last edited by a moderator: Jul 13, 2007
    Sam the piano man, Jul 13, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use the Malware forum for help with your issues ....and Welcome to MG's

    Follow the Read and Run First sticky in Malware.
     
    TimW, Jul 13, 2007
    #2
  3. Sam the piano man

    Sam the piano man Private E-2

    i haven't used your website yet and it's very hard for me to navigate to the malware. HOW?
     
    Sam the piano man, Jul 13, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jul 13, 2007
    #4
  5. wildwolf220

    wildwolf220 Oracle of Doom

    hi and welcome to MG's.
     
    wildwolf220, Jul 14, 2007
    #5
  6. Sam the piano man

    Sam the piano man Private E-2

    Hey,
    Still having a lot of problems. Pandavirus scan kept shutting off on me so I never got the log file from them. Please help me and I can't not afford much more time computer is getting slower and more files are appearing that shouldn't be there.
     

    Attached Files:

    Sam the piano man, Jul 19, 2007
    #6
  7. Sam the piano man

    Sam the piano man Private E-2

    here are the rest of the files
     

    Attached Files:

    Sam the piano man, Jul 19, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to stop using warez cracks!

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix, exit HJT.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Attach new logs for:
    ShowNew
    GetRun
    HJT
    Avenger

    Tell me how things are running.
     
    TimW, Jul 20, 2007
    #8
  9. Sam the piano man

    Sam the piano man Private E-2

    my computer seems to be running a lot smoother. did i happen to see a pop up or was that just a website while trying to reach this forum?
    anyways...
    didn't find the following things to fix on Hijackthis...
    02- BHO: (no name) - {C2EA6021-1E87-4FB5-9CB0-DOEF0122FC03} - C:\WINDOWS\system32\gebca.dll...
    other than that one file I did everything else you said. I have a feeling there is still some spyware on this computer but nothing a safemode boot and spyware program wont fix...
    any suggestions in what to purchase for a good spyware and/or internet security to keep this situation from happening again? feel free to let me know
     

    Attached Files:

    Sam the piano man, Jul 20, 2007
    #9
  10. Sam the piano man

    Sam the piano man Private E-2

    here is the rest of the files
     

    Attached Files:

    Sam the piano man, Jul 20, 2007
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:
    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Attach new logs for:
    ShowNew
    GetRun
    HJT
    Avenger
     
    TimW, Jul 20, 2007
    #11
  12. Sam the piano man

    Sam the piano man Private E-2

    alright, I found all of the stuff you told me to do. here are the logs
     

    Attached Files:

    Sam the piano man, Jul 20, 2007
    #12
  13. Sam the piano man

    Sam the piano man Private E-2

    here is the rest
     

    Attached Files:

    Sam the piano man, Jul 20, 2007
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:
    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    And to be sure....Download this file - Combofix.exe
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log for you. Attach this log to your next reply

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    I expect it to be clean ...
    Attach both the avenger log and the ComboFix log.
     
    TimW, Jul 21, 2007
    #14
  15. Sam the piano man

    Sam the piano man Private E-2

    tried running the last program and it couldn't 'create a zip folder'. asked me to continue by hitting ok or cancel.. i canceled
     
    Sam the piano man, Jul 21, 2007
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just double click on the exe file.
     
    TimW, Jul 21, 2007
    #16
  17. Sam the piano man

    Sam the piano man Private E-2

    sorry should have rephrased my sentence. the avenger file told me that it could not create zip. so I canceled the program. the exe file I didn't get to. still continue with just the exe file?
     
    Sam the piano man, Jul 22, 2007
    #17
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I still don't understand the problem with avenger ....you ran it successfully before and it doesn't create a zip file. If you can not run it, try using windows explorer to find and delete the listed files.

    Or we can try Pocket Kill:Pocket KillBox

    Save it to its own folder somewhere that you will be able to locate it later.
    run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:

    * Delete on Reboot
    * then Click on the All Files button.*(or on the folders option)*
    * Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    And yes then do ComboFIx.
     
    TimW, Jul 22, 2007
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds