New member...Internet 101

Hello there! I found this site through a search for virus removal...due to my BIOS system being overrun with...who knows what...I know nothing at all about computers and have fallen to the hands of my recovery disk...I am currently reformatting my hard drive in my other computer which is having a lot of trouble...some ghost.err???...I wish there was someone nearby that could show me what to do....I lost a lot of important stuff...I did use 10 in 1 Mcaffee...still I was invaded...so here I am...hello...I have a lot of reading to do...thank you for offering help to those in need...
PS the link on the malware thread which goes to bleeping computers sent me a trojan...Autoit.A...Now my recovery disk is infected...is there a method to clean any of my computer or disk without spending anything? I really need help...luv

 

Hi! i was reading the posts in this forum...combo.exe link is giving me the Autoit.A trojan...via bleeping computers...is there another link that is clean?

 

Chaslang
Thank you for your reply. I did post this in the hardware section last night (early am)...somehow it was redirected here...I had to check my postings to see where this went...anyways...
On June 30th Win Def started to pick up Winfixer and Downloader.Win32...I chose to reinstall my McAfee 10 in one and remove Spysweeper with Anti Virus...My system got worse...pop ups galore unable to reboot in safe mode etc...so I did a google search and found bleeping computers...after I read through some of the malware forums I followed the advice to run multiple programs to fix my machine. The problem that one poster had was almost identical to mine. I downloaded CW Shredde, About Buster (Which removed my IE but pop ups of IE remained), Smitrun, Ad Aware, AVG, Run CC, Ewido and a few others...It helped my computder for about an hour then it shut down with the blue screen...I called Microsoft and the tech said I had an infection in the Systems Bios settings...since my computer wouldn't run the recovery disk (original from Toshiba) He told me my disk was infected...That is when I found this forum...I had used a recovery disk from my older Dell computer...which worked I then shut off my machine with the drive open....when it was off I put in recovery disk (Toshiba disk) and started it up...it worked!!! I did wash my cd off with soap and water...I thought that is what cleaning your disk was...whatever I did it worked...thank you for replying...luv

 

Chaslang
Thank you very much for the link. I have been working on getting these programs installed...but my machine has been very slugish...and I have had to remove my router...which has gone from 100 mbs to 10 mbs...my computer was not showing I had one connected...hmmm I think I will just follow your advice and install the needed programs...skip my wireless/router and deal with it...once again I thank you for your knowledge and assistance..if you notice misspelled words...it is another issue I will need to resolve...my computer is not recording all of my key stokes...bye for now!--Lu

 

Once again...Thank you! I do have a "newbie question...Did I download the correct "Java" file...Sun Download Manager 2.0 (Web)? There were non with the exact name mentioned and I honestly do not have a clue what its for...I do know that a lot of programs need it and thats all I know. Thank you!!!

Also, Do I have the correct anti spy, spam, malware, virus and firewalls? I have disabled Microsoft Windows firewall...
a squared free 3.0
a squared HiJackFree 3.0
CCleaner
COMODO Firewall Pro
J2SE Runtime Environment 5.0 Update 1
PC Tools AntiVirus 3.1
Spybot-Search & Destroy 1.4
SpywareBlaster v3.5.1
Windows Defender
Whew!! I hope I have done this correctly! Please let me know...also which ones NEED to be in the start up directory. Many Thanks!-Luv

 

Ok...I am so sorry to take up so much of your time...it would be a lot easier if someone were here to walk me through this process...that is my method of learning...so i may seem slow to catch on...really I am not its just i need to see it done while you tell me what you are doing...otherwise i can read the messages and do the process but i am not learning much...EXCEPT I want you to know that i DO appreciate your help...I would not be on the internet right now if you hadn't helped me...Now the java dillemma...I wil do my best to choose the right one...they all look the same...and thre ar so many programs...oops...will the java fix my keyboard...since it is not logging all my keystrokes...you are brilliant! :dood Thank so much for your tim!
Luv

 

Chaslang i have a preliminory report in reference to the Malware (showed its ugly face...may I send it PM...confidentiality reasons...There have been 3 incidents where my comp rebooted itself...if ok I will PM the info. I appreciate your patience with me. Yes I have been off topic quite a bit...I do think it is all related to malware issues...I hope to hear from you soon!!

 

Re: New member...Internet 101---My computer is now posessed....

As a starving student single parent and interning adult I am very sad about these Dialers, Trojans, registry deleters And turning my password protected computer on?? I might as well leave the front door to my house open...has anyone seen chaslang??? I will PAY him--all of you as witnesses--to get this fixed...my biggest concern is my computer is not just private use...it had confidental, sealed documents...etc...I guess uncle sam needs to invest in a different AV, FW etc...seriously most of the stuff is on write protected disks...but there is still a history etc...correct? I will wait for chaslang...i need help before I can reboot in safe mode...I think these "sheetsy" things that are infecting us were released ---there goes my comp again...it shut off...wait it is the screen that is flashing...I will shut up now...oh yeah...I wonder if some brilliant person decided to celebrate the 4th by infecting so many computers???? Just a thought....luv

 

Chaslang-
I attempted to use the Toshiba recovery disk 3 times...at about 20-25% it would give me an error about ghost.err? i think then insert disk...then to the DOS screen choose retry abort and another option. I was frustrated and thought I can use my DELL windows disk which is included in their recovery disk. The problem witnessed by a sr tech at microsoft is there were chages done with the BIOS as soon as the computer would read the dik it would just stop...no f2 no f8 and no f 12...it froze went to the DOS screen and said C:\delfiles.cmd file is missing type in a new path...some thing similar at least
Thisa happened each time i attempted to format the computer.
I got the idea of a BIOS infection from the microsoft guy....I dont recall his name...he did say he was from india...STRONG accent. incidences happened prior to reformatting the hard drive the computer had

I am not one of the “great communicators through email, forums, etc…
Here is a copy of what is on my add/remove programs window…these changes happened between 10:05 and 10:15 this am. I know this because I was working on the Sun systems issue. Nothing will uninstall. I did see this issue on another forum when I did a yahoo search on my other computer…here is the other thread second to last post…

http://forums.pcpitstop.com/index.php?showtopic=135264&pid=1334546&st=0&#entry1334546

ADD/REMOVE PROGRAM LIST
**At the time of this report there were no remove/repair buttons of any kind. Many of the programs “vanished” When I did a search for a program…just anyone my machine warned me the virtual memory was low…over the course of just the past 3 days the system has shown that warning at least 6 times…it went into sleep mode then would wake up with files moving around on the desktop.and whenever I deleted one then one would pop up.
I did copy the report(detailed)

**AiO_Scan (no size noted) ---It disappeared
CD Keys (.30 MB) I added this one
Free PDF Converter (1.84 MB) I added this one
HP Driver Diagnostics (1.86 MB) I added this one
HP Photosmart Essential (12.29 MB) I added this one
J2SE Runtime Environment 5.0 Update 1 I added this one (I tried to remove it so I could install the correct one but nothing will uninstall)
Keyfinder Advanced 2007 (Trial Version) (.94 MB) I added this one
Microsoft .NET Framework 1.1 (no size noted)
Microsoft Office Standard Edition 2003; 175.00 MB
Microsoft Works 285 MB
MSXML 4.0 SP2 (KB927978) 2.56 MB
**QFolder (no size noted)
**Scan (no size noted)
Shipping Assistant 3.1 (8.35 MB) I added this one
Sonic DLA 2.60 MB
Sonic RecordNow! 13.9 MB
**WebFldrs XP (no size noted)
Windows Defender 9.57 MB
**Denotes files I did not and the system restore disk did not install…Please note There is NO option to ADD/REMOVE ANY of these!

Much of my stuff is gone but many things show up in Software Explorers…strange here is the start up list….
Agere SoftModem Messaging Applet
ATI Desktop Component
CD/DVD Drive Accoustic Silencer
COMODO Firewall Pro
LtMoh Application
Microsoft Userinit Logon Application
Microsoft Windows Explorer
PC Tools AntiVirus Client
PC Tools AntiVirus Client
RAMASST
Software Upgrades
tfswctrl
THotkey
TOSHIBA Virtual Sound
Windows Defender

Windows defender has in history with ?’s This program has potentionally unwanted behavior for each of the following :
07/08/07
TvsTray.exe
thotkey.exe
RAMASST.lnk
Ltmoh.exe
AGRSMMSG.exe
tfswctrl.exe
toscdspd.exe
atiptaxx.exe

07/07/07
inspect.sys
cmdagent.exe
cmdmon.sys

07/06/07
hpqscnvw.exe
hpqkygrp.exe
HKCU@S-1-5-21-1707895500-344746961-98094002-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
HKCU@S-1-5-21-1707895500-344746961-98094002-1006\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\\provider
HKCU@S-1-5-21-1707895500-344746961-98094002-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
wpsdrvnt.sys
Teefer.sys

07/05/07
a2hijackfree.exe
a2free.exe
NDSTray.exe
ACU.exe
cfmain.exe
AVFilter.sys
AVHook.sys
AVRec.sys
file: C:\WINDOWS\tasks\At21.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At21.job

file: C:\WINDOWS\tasks\At18.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At18.job
file: C:\WINDOWS\tasks\At22.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At22.job

file: C:\WINDOWS\tasks\At16.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At16.job

file: C:\WINDOWS\tasks\At15.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At15.job

file: C:\WINDOWS\tasks\At13.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At13.job

file: C:\WINDOWS\tasks\At3.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At3.job


file: C:\WINDOWS\tasks\At14.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At14.job


file: C:\WINDOWS\tasks\At1.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At1.job

file: C:\WINDOWS\tasks\At2.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At2.job

file: C:\WINDOWS\tasks\At10.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At10.job


file: C:\WINDOWS\tasks\At4.job
file: C:\WINDOWS\system32\tn6K54vk.exe
taskscheduler: C:\WINDOWS\tasks\At4.job

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}
regkey:
HKLM\SOFTWARE\CLASSES\TYPELIB\{07E69192-65E2-41A1-B9F4-3B5A619E4732}\1.0
070507 (con’t)
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}
regkey:
HKLM\Software\Classes\*\shelles\contextMenuHandlers\PCTAVShellExtension
contextmenu:
HKLM\Software\Classes\*\shelles\contextMenuHandlers\PCTAVShellExtension
typelibversion:
HKLM\SOFTWARE\CLASSES\TYPELIB\{07E69192-65E2-41A1-B9F4-3B5A619E4732}\1.0
Typelib:
HKLM\SOFTWARE\CLASSES\TYPELIB\{07E69192-65E2-41A1-B9F4-3B5A619E4732}
File:
C:\Program Files\PC Tools Antivirus\PCTAVShellExtension.dll

There are a couple more…if you nee them let me know…I need a typing break…I haven’t even seen outside since this happened TUESDAY!!

There is Nothing in Quarantine
There is Nothing in Allowed items
That concludes Windows Defender…

*Currently in the Quick Launch are:
A2, IE, PC Tools AV, Desktop, Spybot, Media Player, Yahoo Mail and YIM (left side)
Task Manager, PC Tools AV, COMODO, Local Area Connection, volume and CD/DVD Drive Acoustic Silencer (right side)
I have verified msconfig is set normal start up…but will I be successful in SAFE MODE with the malware still in system???

19:15 070807
A-squared is running a quick scan. I shut down the computer (Toshiba) disabled the LAN, WIRELESS and 1394 to keep it from going to the internet. I did this to both computers, earlier…shut them down d/c the cables etc…Well I was gone for about an hour…when I came home the computer was on and files were moving around….I HAVE THE WELCOME SCREEN PASSWORD PROTECTED…LET ME BACK UP FOR A MOMENT TO GIVE YOU A SCENARIO…JUST AFTER EASTER MY WIRELESS WAS GONE IN A MATTER OF A FEW SECONDS I PURCHASED THE ROUTER ON 4-13-07 ON THE 18TH MAJOR PROBLEMS…SERIOUSLY…I WAS DOING HOMEWORK GRABBED A BITE TO EAT…BACK IN LESS THAN 5 AND THE WHOLE INTERNET CONNECTIONS WAS GONE…NOTHING IN PROGRAMS ETC…I EVEN HAD A GEEK SQUAD GUY TAKE A PEEK..HE ASKED ME IF I FORGOT TO INSTALL THE WHOLE DISK…IT WAS SUPPOSED TO BE PREINSTALLED…? The point is it worked before this incident,,,They had to have been there. DRIVERS…ETC…SO I WENT TO BELKIN SITE AND THERE WAS A BIG NOTICE ABOUT MY VERSION OF ROUTER AND TO CALL MY ISP. I CALLED BELKIN ANYWAYS…THE MAN WAS HELPFUK UNTIL I MENTIONED THE MODEL…HE SHUT UP QUICKLY AND TOLD ME I HAD TO CALL THE OTHER NUMBER…LEGAL STUFF…BACK TO THE PRESENT…IT WASN’T UNTIL I DID A QUICK CHECK TO VERIFY THE ROUTER IS THERE…THE PROGRAMS THAT I TRIED DON’T LOCATE A ROUTER OR ANYTHING CLOSE TO THE WORD BELKIN!!! I REQUESTED A REFUND THEY SAID I HAVE TO FILL OUT A FORM THEN VERIFY THE “VALIDITY” OF MY REQUEST….WHAT A BUNCH OF CREEPS…I BOUGHT THE ROUTER IN APRIL HAD IT HACKED IN APRIL…CONVINCED BY CLEARWIRE THAT IT IS OK NOW…LIKE THEY CAN TELL OVER THE PHONE…
July fourth the neighbor had told me that she too had problems with all three of their computers.


A-SQUARED HAS FOUND---
Heuristic.dialer.RAS
location is
C:\SystemVolume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP3\A0002188.exe
C:\SystemVolume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP3\A0002190.exe
The scan was brief,,,the computer froze up
07/08/07
20:25

 

OK for the crap cleaner it wants to delete 100.1MB...is this ok to do?

 

Three files attached

 

View attachment avg scan report.txt

I was DENIED access to counter spy....even in the administrator profile.
Since my scans:

Virus or unwanted program 'TR/Hijack.Explor.3615 [TR/Hijack.Explor.3615]'
detected in file 'C:\WINDOWS\system32\tn6K54vk.exe.
Action performed: Move file to quarantine

 

Pefect! Thank you for your help and resources!