xo8wr9 Virus!

Other said that this is a new Virus, since I'm kinda busy right now, I need a little help to remove this one.

It makes my pc slower than before
I can't open any Hard Disk Local C: and D:
My YM beta 9 and CounterSpy were disabled and I always encountered error while running them.

Right now I am dependent on NOD32 Anti-virus, The scan is almost complete and updated, no threats was detected.

I just wonder if theres another way than Posting HiJack Logs and others.

Any advice is accepted.

Help a little boy ~_~

 

Why? Because you're in a hurry or because you can't open your harddrives?

To remove this virus requires more than HijackThis. Kaspersky can identify it, and if you download their trial version, it may get rid of it for you. We use a number of tools including HijackThis, but also a number of others which allow us to identify where the files are in the registry.

Can you do anything with your C and D drives in Safe Mode?

abri

 

So sir any advice on what should I do?

I can access to my drive by putting its name in the address bar, but clicking it won't open.

And I am using NOD32 Anti-Virus, should I switch to Kaspersky?

Any help is accepted.

 

I'm sorry, but this is not clear to me. Can you open Windows Explorer? What operating system are you using? What address bar? If you can access your harddrive by any means at all, then you should be able to run the READ & RUN ME FIRST

Please go to the link below and download the free 30-day trial version of Kaspersky Antivirus. Download the installation program but do not install the program yet. First disconnect your computer from the internet completely and then uninstall NOD32 via add/remove programs (making sure you have the activation code so you can reinstall it later). After uninstalling NOD32, reboot your computer, but do not connect to the internet again. First install the Kaspersky Antivirus trial version and then allow it to scan your computer. Have it quarantine or delete anything it finds.

Kaspersky Antivirus Trial

Let me know if you are able to do this.
abri

 

Anyway sir someone told me that I should refer to THE READ & RUN ME FIRST.

However my follow all the instructions smoothly, I end up in the Folder Option considering to Unhide all Folders of my System.

Since I use Windows XP

Code:

 * Right Click Start.
    * Select Explore
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
[COLOR="Red"]    * Under the Hidden files and folders heading select Show hidden files and folders.[/COLOR]
    * Uncheck the Hide extensions for known file types option.
[COLOR="Red"]    * Uncheck the Hide protected operating system files (recommended) [/COLOR]option.
    * Click Apply.
    * Click OK.

The Red One can't be followed. I mean everytime I click it and Press Apply then Ok, its still the same when I get back. The check can be transferred though but it returns to its original place when I return.
The other one "Uncheck the Hide extensions for known file types option." is ok.


@Abri, oh sorry sir, I didn't know you were there and replied already.
Ok, I will try Kaspersky as you said.

 

Hi Rayster!

Do you have administrative capabilites for your computer?
Also, which operating system are you using?

Thanks.
abri

 

Yes I am the Admin of this Computer and I use Windows XP.

Right now I'm running the Virus Scan.

 

Hello sir Abri, right now my scan is 90% and Kasperksy Found 8 threats, the other 4 is a riskware which can be found in my DVD-RW, which I can't erase.

The other 4 is ok, but no xo8wr9 virus has not been found.

Maybe I did not finish the scan? I just did it 'coz I have classes then the last scan is just my DVD-RW.

I just type this one at school 'coz I have classes thats why.

And in my observation. Kaspersky Found more threats than NOD32 does.
So I guess I should stick with this one for 30 days.

And I also uninstall my ZoneAlarm Firewall 'coz of a software incompatibilities.

Need your advice again.

So I should run the scan again if I got the time?

 

Hi Rayster,
It's important that Kaspersky trial version fixes whatever it finds. After that I would like for you to try and run Combofix and download the MGTools. Please go to the READ & RUN ME FIRST. Scroll down to the bottom of the page and click on the link for the instructions for your operating system. On the page that opens up, please find Combofix and MGTools and see if you can download and install them. If not, please let me know.
abri

 

Here is my log files sir. And I just found out that ComboFix manage to unhide my files, back to normal. It almost fixes my problems now.

Just in case here are the files

 

Hi Rayster,

1) Your msconfig is not in normal startup mode, therefore we can't look at the startup items in the way we need to. Please go back to the READ & RUN ME and follow the instructions in the first part where it tells you how to put your computer into normal startup mode.

2) Next go to add/remove programs and uninstall the below:[/b]

- Java(TM) 6 Update 3

3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:(if you recognize any of these files, tell me before you delete them. The files are listed with English malware sites, but the descriptions of these files are not in a language I can read.)

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Run CCleaner at the default setting with the Windows tab as the one on top.


6)And finally, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger logs.

Let me know how things went.

abri

 

I've done all what you said.

Here is my LogFiles.

Right now my computer gone better.

Just want to ask, should I use Kasperksy? Since it detects more than NOD32 did.
I also have 3 Anti-Spyware. Spybot, Ad-aware 2007 Free, and SuperAnti Spyware. Which one should I stick to?
And any recommendable softwares to add in my protections?

Tnx.

 

Hi Rayster!

Please do the following:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

After you click fix, just close hijackthis.

2) Next, look at the following files. Is the first of the two something you want on your computer? It's a tool for desktop surveillance. If not, please go ahead and delete both of the below files using Avenger as you did in post 11. Either copy all the contents of the following box this time, or if you want to keep iun6002.exe, then delete that one entry before you copy the contents of the box. Remember to include the words Files to delete: when you copy the contents.

3) Next, run CCleaner at the default setting with the Windows tab as the one on top.

4) And now, please attach the Avenger log and rerun the C:\MGTools\Getlogs.bat and post a fresh MGlogs.zip so I can make sure the above entries are gone. The MGlogs.zip can be found directly under C:\

As to your questions, there is a thread here called How to protect yourself from malware. As soon as we finish up your computer, I will give you that link as a part of the final instructions. There you will see what we recommend in terms of Antivirus, Antispyware and Firewalls. Kaspersky has a very good antivirus program as long as your system is fast enough to handle it. Some of the older computers (5 years old) had trouble with it because it uses a lot of resources.

abri

 

Hello sir abri,

Sorry to disappoint you but I guess my pc gone wild this time. I just let my sister use my pc since I'm gone just hours ago, and now, its kinda slow than before. In Folder Option thing again, the unhide of folders did it again.

Especially when I try run my pc in Normal StartUp, all start up icons made my computer hang!

And from the start of your steps sir abriin Step 1, I did not found any "O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe" in my HijackThis..

Hmm so what is this suppose to mean?

Should I follow all the instructions from the start? in the "The READ ME" Thread.
Then a create new thread? And download AVG ANti Spyware? what about Ad-Aware and others?

I am so sad right now since I need to do some works.. :cry

And yea, when I left it was connected to the internet, all she did was only upload her phtos in Friendster.

 

Hi Rayster,

Here is what I want you to do. I want you to set your computer back one restore point (probably yesterday). I'll tell you how to do this. After you set your computer back one restore point, then I will have you do the instructions over again from before your sister came and worked on your computer. Let's try this. Begin as follows:

The first thing I want you to do is to restore the operating system to a previous state. If you've never done this before, please follow these instructions:

1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click on System Restore. A window for System Restore will open.
2. On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
3. On the Select a Restore Point page, look at the calendar and click the most recent date which is highlighted and which is before the problems started again today. We will try to find the point right after you installed Avenger. Then click Next. A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
5. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then it will restart the computer.


After you do the above, please tell me how your computer is working. Is Kaspersky still installed? We will probably have to do the instructions in post 11 over again, but I would like to look at your logs one more time to make sure we got everything.

To get a fresh set of logs, please go to the MGTools folder under C and find the GetLogs.bat file. Double click on it to run it. When it's finished it will say something like hit any key to close the window.

Then go directly under C:/ and find the MGlogs.zip next to the superman icon. Upload the MGlogs.zip as an attachment with your next post. Do not worry at this time about doing some things over. I want to see if this will help before we try more complicated steps.

abri

 

I really hate my life sometimes! :cry

First of all, I can't return my pc to a Restore point Yesterday and the other day because of "Restoration Incomplete" Error. Due to same configuration.
Yesterday and the other day is the only Restore Point I have so far thats why I can't restore my pc.

I think my pc got more malwares than I think.

My pc hangs sometimes and opening such applications takes time.
My internet connection was affected I think, 'coz it made it slow even loading this forum.
Lastly, when all of my startup applications load yesterday, I just notice an extra CD Drive which is CD Drive (G which I know I have only 2 Disc Drive, 1 CD Drive and 1 DVD Drive, so I wondered why it became 3? When I just check what start up application I only use then restart it just vanished.
Lastly, look at this one
http://i58.photobucket.com/albums/g252/rayster025/Hayzzz.jpg

Is this a normal connection? As I know, only my Ethernet is only my Lan Connection.

:cry

So my only choice is to reformat?

 

Reformatting is not usually a recommendation we make. Please be patient while I have a second person look at your thread.

Thanks.
abri

 

Thank You sir, also for the fast reply.

 

Anyway, sir chaslang I've uploaded a new MGlogs.

And here it is the Drive G: when I boot my system into Normal Start Up:
http://i58.photobucket.com/albums/g252/rayster025/CDDriveG.jpg

Suppose to be. I only have Drive E and Drive F.

 

Here are the Log Files sir chaslang.

My Problem right now is in the Folder Option, under View Tab, and also under "Hidden Files and Folder" there is a radio button.
After I run the GetLogs.bat the "dot"(.) in the radio button vanish, as I click it back, it returns to the first selection which is "Do not show hidden files and folders".
Then all the hidden files will be hidden again.


Right now I do have the following questions:

Kaspersky Anti-Virus < Which is good than NOD32
Spybot, Ad-aware 2007, or SUPERAntiSpyware? Which should I use?
Do I need firewall? Zonealarm do not mix with Kasperksy.
Also when I install all of these, does that mean I'm safe from Malwares?
Cracks or Free Versions?

 

Thanks for the fast reply. I just did control the StartUp 'coz of the applications been running, its eatings my pc's resources and cause lag.

So what should with it?
I need only small application from the start up.

So I need to submit a new MG?

Ok sir I will follow the new post u've made.

 

Ok,I just read it and following the instructions.

I mean about MG is MGLogs.

So this means that my pc is clean? :confused

 

Waw sir, you do respond so fast!

I need MaegaUpload Toolbar for downloading purposes.
And what alternative Download Manager should I use instead of FDM? Firefox's DownLoadThemAll?
And can I use StartCPL to disable some startup items?

Tnx again

 

Sorry for being hard headed and the offtopic question.

Thanks for helping me again. ^_^

 

Sir, I just notice this little problem a while ago.

I Right Click "My Computer" > Under "Advanced Tab" then Performance > Settings.

Under "Visual Effects Tab" Then for Custom > "Animate windows when minimizing and maximizing" < I always uncheck this one, but sometimes it switches back to checked one.:cry

I am wondering if this is cause by a malware? I want to minimize and maximize my window without any effects.

I hope anyone will still willing to help me.