Viruses?

Hi All
I am running Xp, and have scanned for viruses and have 5 in quarantine plus 2, I don't know where they are. When I am using MS word and try to continue my assignment or cut and paste, everythings ok till I save it and before I do it exits word. Virus scan enterprise says I have IPSentry, RemAdm and something like MTX.cab. The instructions on removal are to scan which I did, and the word problem still remains. I have done a HJT and would appreciate advice or if someone can take a look at my log.

Thanx alot guys
Amanda x

 

Hi Amanda,

Please start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and will save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis ! Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Best luck
PP

 

Hi, sorry but I don't know how to enable hidden files. I have downloadedand run everyhting off tutorial. Seemed to do some stuff then found ms word is corrupt. My av, virus scan enterprise 7.0 has detected viruses such as F22776.EXE,nhidden32.exe, PSKILL.EXE and V28.EXE. I ran both trend micro and symantec and before scans completed and gave a reportmy pc decided to shut them down with no notice leaving just the desktop icons.

I have attached a HJT log as asked.
Forever gratefull
Amanda x

 

Hi Amanda,

Your HijackThis is waay old and should be run from a safer location as I mentioned in my last post. Please D/L new version from link I gave and follow the instructions in last post.

There are instructions in the Cleanup Tutorial (Getting Prepared, Stp. #3) for enabling the viewing of hidden files.

Please attach fresh HJT Log.

Hang in there

PP

 

Hi
Here is my HJT log as asked. I downloaded it and saved it to my c drive as hJT as I dont know how else to save it.

Amanda x

 

Me again, sorry!
I have done the view hidden files as in tutorial but dont know how you see them....LOL.

Trend micro found a hacker and spyware and removed them
HKTL BRUTFORCE.A
ADW SUBSEARCH.A
like I said, pc switched itself off before report of scan. All was done in safe mode with sytem restore off. I have run all the other stuff in the tutorial except sting which am going to do now. Lots was found and deleted but still my av is picking up stuff on the on access scan yet (F22776.EXE, hidden32.exe, PSKILL.EXE, V28.EXE, and 8,22,2004_10) when I do on demand scan there is nothing. I have used search to find theses things as most are in AdAware.exe applications with the last one in cideamon.exe which my black ice has now blocked.
Confused
Amanda x

 

Hi Amanda,

I do not see anything in your HJT Log that looks particularly evil.

You could FIX these entries with HJT:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...k/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/uk/*http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/uk/*http://www.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe


It looks like you are running both Norton and McAfee for AV. If so, you should pick one and remove the other as they may conflict.

I do not see any reference to the baddies that you listed. I suggest you install and run Microsoft® Windows AntiSpyware and let it fix what it finds. Then, try the Online Scans again and see if they will complete now.

How many active user accounts are on your machine?

I am not sure about the problem with Word. Did you try removing it and reinstalling? I've never seen a case where it was "infected" before.
Anyhoo, try the above and let me know how you fare.

PP