shuts down mcafee and explorer

I cannot open Mcafee VirusScan or Firewall (when I try to run them, the window opens and closes quickly) and I cannot even search the web for anything with the word 'virus' because Explorer shuts down when I try.

I have gone through your tutorial, installed and used all the suggested programs, done it in safe mode, etc. and still nothing!

I found that I can't even open a Word file with the word virus in the title.

This is really frustrating me... can you help?

Thanks,

FB

 

Thank you for responding so quickly.

Now when I click on the Hijack This link on your website so that I can download it, Explorer shuts down. I was able to get in there before, but now I can't.

What do I do now, then?

 

I had that one, I eventually formatted and restored.

It's a pain in the ass.

 

go to start.. run.. paste this in it and hit enter

http://files1.majorgeeks.com/files/76444b3132fda0e2aca778051d776f1c/spyware/hijackthis.zip

 

I tried to cut and paste that in Run and it didn't work... it just won't run.
I find it very strange that I was able to get into it before, that is, when I already had the other problems, and now I can't. I mean, I don't know anything about spyware and viruses, but it seems this one learned something.

Is there anything I can do now, since I can't seem to find a way to get Hijack This to work?

Thanks for all the help so far.

 

Ok, maybe this will help, since I can't get Hijack This...

Every time I run Spybot SD these two things come up: DSO Exploit and Kazaa.Irc.Spybot13.World and everytime I run AdAware these two things come up: something that ends in Winlogon."Shell" and something that ends in System."DisableRegistryTools" ...
Again, I don't know much about this, so I have no clue what these are... but I do know that every time I delete them with these programs and every time they come back.

Still having all the same problems... can't open or run McAfee, Explorer shuts down when searching for virus related things, and now can't download Hijack This, which appears to be what could help me the most right now.

What to do?

 

Yes, I did run CWShredder during the tutorial, apparantely to no avail.

I was able to download WinMaid but it gets stuck when it is scanning

Should I try to re-install it or something?

 

Since I haven't yet been able to run WinMaid, I've attached a list of the results of the online scan I did, in hopes that it may help.

This is really frustrating...

Thanks again for the help so far.

 

I am sorry I should have read this before I posted. This is the exact same problem I am having with this computer!! I mean identical. I am like you at a loss for ideas on what to do. May go see if I can burn Hijack This to a disk at home and bring it back here. Think that would work?

This did the same thing you are talking about. At first I was able to get into certain antivirus sites then all of a sudden those were blocked too. On the last computer I was working on I just wiped it all out and redid the whole thing, but I am hoping to avoid that this time. Oh, what to do??!!?? lol

 

Did the scan clean those files?


virus info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.tibick.html

 

I found the virus that was causing it. It will not let you go to antivirus sites, or at least certain ones. Try going to http://housecall.trendmicro.com It worked for me this time and I was actually able to scan the computer, find the viruse, delete all but two which were currently running proicesses which I ended and deleted them too. Good luck,

 

So, I know it's infected with this W32.Tibick shit, but how do I remove it? It won't let me go to the links you guys posted. The place where the scan worked is Symantec Security, but I don't know what to do to clean the infected files. I heard it's bad to have more than one anti-virus program in the computer, but does that apply since I can't open, run, or uninstall McAfee? How the hell am I supposed to fix this problem if it does apply?

Any suggestions?

Again, thanx for the help.

 

Ok, I'll try that now... I have to say though, I've never downloaded "cracks" or "keygens", cause I don't even know what the hell those are!

I'll post again once I've done what you said.

Thanks for the help!

 

Ok... I deleted the msview, the Troj/Killav-L thing, and the W32/Gaobot.LZ. thing... however I did not delete the keys from the registry, cause, to be honest, I don't know how to do that.

Also, when I click on the link, it gives me a "page not available"...

The problems are still here.

Next step?

 

Ok... what I found using RegLite, as you told me, was apvxdwin.exe... that's the only thing that looked familiar. I did not find svcnet.exe.

I can't download the W32 Removal tool, cause it won't let me get to the page. (I didn't see W32/Gaobot.LZ on the list of variants though... does that mean even if I did run it, it wouldn't clean that one?)

Also, I'm not positive how to check if the files were really deleted. As you can tell I'm not too computer savvy...

What should I do next?

 

Yes, I deleted the file.

I went back into safe mode and ran Symantec's Scan again, and this time it only found one infected file, and it was infected by "IRC Trojan"...

The file was something like bak.exe, and when I tried to delete it, I got a message saying the file could not be deleted.

Could this be the thing that's still causing my problems, or have I not found it yet?

I'm going to make sure I got all of the W32 out, but I'm almost positive I did.

What now?

 

I did not find the file (the processes tab in task manager appears empty), but I ran the Symantec scan again in safe mode and this time it came up clean.

I still can't even download Hijack This, cause it won't let me.

I did download WinMaid, but every time I try to run it, it gets stuck and doesn't respond.

What can I do? This is making me go crazy.

Thanks for the help.

 

I had downloaded and run both you mentioned, and nothing.

I will PM you my email.

Thanks again!

 

Hey Chas -- great job. I was just thinking, based on his response to this note of yours (what are cracks and keygens???) and since I can't answer it for him -- you (or someone) may want to answer this sometime after all the other major problems are resolved.

If this is the source of his problems, then he needs to avoid making the same problems start back up.

 

I did run CWShredder... I have version 1.59.0.1.

I'll try the Hijack This stuff now.

 

I received the email you sent me, but am still unable to download Hijack This... after I choose its destination and click save the window pops up and closes quickly. I tried changing the name and that didn't work either.

I double checked my CWShredder and it is the most current version.

By the way, I never downloaded these cracks and keygens (cause I really had no clue what they were)... could they have come as music files from a file sharing program?

What else can I do to get Hijack This by whatever is stopping it?

 

The exact same thing happens when I click on the link to ProcessExplorer... the window quickly pops up and goes away!

I have XP by the way.

This tricky thing is blocking my access to all these files!

What do I do!!!?

 

Hi Guys,
Im new to this, so I dont know if I'm posting to the right area. Recently I found that I was infected by 12 different Trojan Viruses. I came here and I followed the instructions step by step for removing them. However, it said to run trend micro's scan and symantec security check, which i couldnt do from safe mode. I did everything else, and got rid of alot of problems with my computer that i wasnt even aware were an issue before I did those steps.
My problem now is that I still have 1 of the trojans on here and I cant get it off. Ive looked all over for information on it but cant find any. Its called TROJ QDOWN.L, and they are located in the following files :
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\QDOW_AS2.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\QDOW_AS2.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\QDOW_AS2.DLL
C:\NULL

I found this information by running the scan from trend micro. It gives me the option to delete these files, but I havent done that because I'm scared it's going to mess up my computer and I dont want to have to crash it yet again.
Can someone please help me??

 

Here it is...

127.37.67.75 www.symantec.com
127.199.192.18 securityresponse.symantec.com
127.179.97.49 symantec.com
127.218.91.136 www.mcafee.com
127.104.202.169 mcafee.com
127.31.182.121 us.mcafee.com
127.148.7.49 www.sophos.com
127.250.83.46 sophos.com
127.39.178.242 www.viruslist.com
127.198.14.151 viruslist.com
127.134.89.245 f-secure.com
127.150.100.95 www.f-secure.com
127.53.26.108 kaspersky.com
127.56.152.96 www.avp.com
127.66.170.49 www.kaspersky.com
127.171.96.230 avp.com
127.124.194.208 www.networkassociates.com
127.156.236.136 networkassociates.com
127.218.45.165 www.ca.com
127.123.86.121 ca.com
127.152.222.8 my-etrust.com
127.75.231.169 www.my-etrust.com
127.250.228.118 secure.nai.com
127.57.176.5 nai.com
127.180.24.45 www.nai.com
127.157.103.181 trendmicro.com
127.98.203.201 www.trendmicro.com
127.245.142.57 housecall.trendmicro.com
127.163.230.187 www.pandasoftware.com
127.246.69.158 www.bitdefender.com
127.163.64.166 www.ravantivirus.com
127.202.97.85 www3.ca.com
127.65.14.22 v4.windowsupdate.microsoft.com
127.16.147.68 windowsupdate.microsoft.com
127.25.181.10 www.windowsupdate.com
127.69.202.51 windowsupdate.com

 

I found these two files that looked suspicious in my registry... one is DLLDisk "syssrv.exe" and the other is LXSUPMON. They could be harmless files that I need, but I thought I'd check.

Thanks.

 

your hosts file should like like this

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

If there is anything after the local host entry, please delete it and then click file save , not file save as.

 

I don't understand... is what I pasted not the correct list?

 

Ok... how do I make the list look like the one he gave me? Am I not getting something? I'm confused here...

(I'll try to take care of the syssrv.exe problem...)

 

Hi, open your host file with notepad and manually delete the entries that Kodo told you shouldn't be there. When you're done, save the file. Make sure that you go back and check that the host file didn't get saved with a .txt extension on it and you should be all set.

 

Ok, I think I was able to edit that list.

I wasn't able to delete syssrv.exe from the registry. It just comes right back.

For one thing, I've been using Registrar Lite, cause when I type regedit in the run box nothing happens. So I couldn't really follow all the steps listed.

 

Well, I opened the hosts list and everything I deleted was back!

What am I doing wrong here? Nothing seems to be working... I still have the same problems.

 

I managed to run Hijack This!!!

I tried viewing the Processes tab again and again in Task Manager, and it was always coming up blank, like something was hiding it... then one time it came up and I ended the syssrv.exe ... then I was able to run Hijack This!

So, attached is the log...

Hopefully now we can really make some progress!

Thanks for the help! Really!