Please save my system Virus

Got a virus? Need to know about removing spyware?. Or how to make your PC Secure? Ask in here.



Post Reply
senthilchats
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Mon Apr 09, 2007 5:57 am

Please save my system Virus

Post by senthilchats » Mon Apr 09, 2007 6:18 am


there is a strange problem in my system

no other  drives in my system is opening when i double click on any drives it displays an error message that
"Windows cannot find copy.exe" and in the startup of my system "windows cannot find svchost.exe "

these two errors are fustrating me please give me a solution for this

awaiting for your earliest reply

User avatar
Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

Re: Please save my system Virus

Post by Squeezebox » Mon Apr 09, 2007 6:22 am

Your problem is most likely a virus infection. Essexboy is our resident expert on these, please wait for him to answer.

While you are waiting, you can do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Last edited by Squeezebox on Mon Apr 09, 2007 6:27 am, edited 1 time in total.
Image

User avatar
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: Please save my system Virus

Post by Essexboy » Mon Apr 09, 2007 3:32 pm

Cheers Dave I am on the ball this thread is to notify  :tiphat:
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

senthilchats
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Mon Apr 09, 2007 5:57 am

Re: Please save my system Virus

Post by senthilchats » Thu Apr 12, 2007 7:20 am

hi friends her i have attached my HJT log file please give me a solution to solve this virus

awaiting for your earliest reply

Logfile of HijackThis v1.99.1
Scan saved at 9:28:51 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\{F820F786-07E2-1033-0703-030723200001}\Update.exe
D:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
D:\PROGRA~1\VITALS~1\Net.Medic\Program\syshook.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{F820F786-07E1-1033-0703-030723200001}] "D:\Program Files\Common Files\{F820F786-07E1-1033-0703-030723200001}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\Run: [{F820F786-07E2-1033-0703-030723200001}] "D:\Program Files\Common Files\{F820F786-07E2-1033-0703-030723200001}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\Run: [nxpclient] D:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Net.Medic.lnk = D:\Program Files\VitalSigns\Net.Medic\Program\netMedic.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C03D6B74-34DA-419C-82BA-6FF36E78C626}: NameServer = 203.145.184.13,202.56.250.5
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

User avatar
Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: Please save my system Virus

Post by Essexboy » Thu Apr 12, 2007 5:50 pm

Hi there senthilchats yep you have a trojan so lets get you cleaned up.  Please follow the steps in sequence

FIRST

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [{F820F786-07E1-1033-0703-030723200001}] "D:\Program Files\Common Files\{F820F786-07E1-1033-0703-030723200001}\Update.exe" mc-110-12-0001291
O4 - HKLM\..\Run: [{F820F786-07E2-1033-0703-030723200001}] "D:\Program Files\Common Files\{F820F786-07E2-1033-0703-030723200001}\Update.exe" mc-110-12-0001291


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.

NEXT

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    D:\Program Files\Common Files\{F820F786-07E1-1033-0703-030723200001}
    D:\WINDOWS\svchost.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button.  Click Yes at the Delete on Reboot prompt.  Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

FOLLOWED BY

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply
NEARLY THERE

I will also need an uninstall list

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post

Logs required are Superantispyware, Hijackthis and an Uninstall list It may take several posts  :tiphat:
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Post Reply