Request For Help

Re: PC shutsdown during virus scan (help please)

Welcome to Majorgeeks!

Do you have all of your Windows updates???

Please try to follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments. You should be able to do quite a bit of this. When doing any scans that do not require you to be online (most do not), physically unplug your cable that connect your PC to the internet. This can sometimes stop the NT Authority shutdowns from occurring.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Re: Hijackthis log file attach

Why are you starting another thread? Please stay in one thread. I will merge this back to your starting thread.

We did not ask you to run Ad-Aware. No you did not follow the directions in the READ ME or in my instructions to you. SIX logs were requested. HJT was the last thing we wanted not the first and it must be run after ALL other steps are complete. Also you did not even install and rename HijackThis as requested which is more evidence that the READ ME was not followed.

 

Re: PC shutsdown during virus scan (help please)

Just search for your threads!

You don't have to have updates for all the items in the READ ME. You will have to get the programs onto the laptop though. How did you get HijackThis on to it? Get the others there the same way.

 

Re: PC shutsdown during virus scan (help please)

Well then if necessary, copy the other tools there the same way. You have a lot of problems and we need the other logs inoder to locate all components of your infections so we can remove them. I will also give you a another tool to run below, but we need to whole READ ME to be run after this.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

No look in Add/Remove programs for Drive Cleaner and uninstall if found.


Now complete the steps of the READ & RUN ME and attach the requested logs.

 

Re: PC shutsdown during virus scan (help please)

Yes you need internet access to run BitDefender and Panda. Will your PC stay running long enough to run these online scans? If not, them skip them but make sure you have completed all other steps and attach the requested logs.

ComboFix did remove a lot of problems. When infection I need to give you a serious warning about.

IMPORTANT NOTE: You have been infected with a Password Stealing Trojan: Trojan.W32.Torpig

See this links for what you have: http://www.liutilities.com/products/wintaskspro/processlibrary/ibm00001/
http://www.liutilities.com/products/wintaskspro/processlibrary/syshost/

You must take this possible threat seriously, especially if you use this PC for financial related matters.

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned. If you have network compters, start checking them for problems too.
2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

 

Skip the two online scans for now and complete all other steps. But answer this, does your PC connect to the internet in safe mode. If so, does it run more reliably in safe mode? Is it long enough to run the online scans?

 

Did you run Spybot? If not, please do so.

Then attach logs from GetRunKey, ShowNew, and HijackThis (per instructions in step 7 for HJT).