bad virus =[

[devilboy6]

well this is how the story goes. im surfing the web and i get attacked by a trojan. i didnt know it at first i thought my computer was just being laggy because it was an old one. next thing i knew things started changeing. there were programs that were installed that i didnt install. like this progmarn with an icon wif a girl. i tried to uninstall it but it wouldnt work. next i restarted my computer and all the icons showed up but the wallpaper was a message that said i should scan my compuer with any virus scanner i had avilable. i tried a 2 but they both fail to delete the virus. spyware doctor didnt even find t he virus and said everything was alright but thenm i used ae spyware scanner (<i forgot the name i havent used that computer ever since.) if found a couple infected files but couldnt delete them it promped me and ask me if i want to remove them at the next retarst and i said yes. i restarted my computer but i wouldnt go away. I dont want to go online with that computer while the virus is still on there and i want to still use that computer. is there anyway i could remove the virus?


p.s. after the computer is started up for some reason it wont reconise the cd craive and say that it is missing i tried unplugging the cables and replugging them but still nmo luck but for some reason if there is a disk inserted at startup like norton antivirus then it would run the disk. i tried the norton emergency virus remover but it wouldnt even scan I wound start the scan and it would say finished nothing found. =[

the computer is windows ME

any help apricheated (god i cant spell)

 

[dyserq]

Ok, well first, it sounds like your downloaded a 'payload', which is usually spyware and adware ... whole lot of other stuff mainly for unwanted advertising and nasty stuff
First off, go to run and type in 'msconfig' and then remove all the startup items that you don't know or you don't need ... but make sure you leave your firewall running
Next, i would get a virus scanner and spyware/adware scanner, AVG Free Edition is a good virus scanner, and i would personally use a combination for spyware/adware removal, i would get Ad Aware, Spybot S&D and Microsoft AntiSpyware ...
After you've gotten that, you can boot in safe mode which basically only loads system processes and nothing else, you can do this by tapping F8 while the computer starts up and select safe mode
Run FULL scans on your computer, making sure that all of them have updated definitions ... from what i see, you should remove a fair amount of infections
Also, you might want to download CCleaner so that you can remove temporary internet files in case something is hiding in there
Good luck

 

[lukechal]

Hey i have some useful tools u can get

I have several programs that can help you with these types of viruses. You may sometimes have to remove these manually so you have to be careful u don't delete n e thing u need i'll list some programs u can use...

Startup.exe (Give u control over what to startup on start up and can delete stuff u don't want)

Hijackthis.exe ( this gives u control over IE you can remove many things that slow ur system)

also another free program that fixes issues and cleans IE is CCleaner

All these programs are free and you should look into them also get AdAware which is useful too

Hopefully ur computer is not too bad and u can get these. If not u know back up and format C:\ lol that is the big fix when your completly F#cked.. but yea good luck laterz

 

[devilboy6]

thank you both but i still have a problem. there still seems to be a virus on it. i didnt update the virus definitions because i didnt go onlie scarde that i wuold get more viruses. i ran ad-adware and it found the virus but it cant remove it. the file its in is C:\WINDOWS\isrcs. the folder has some file in it the files are : a folder named icons with 2 pictures inside named spywareavenger and virushunter, another program called desktop, another called edmond, and another called ffisearch, +3 .dll files called mfilt3.dll, msdbhx.dll, and sysupd.dll. i may have spelled one or more things wrong. thank you for any help anyone gives

 

[dyserq]

Hmm ... run HijackThis! and then post the system log on here or one which deals with such problems such as the Bleeping Computer one ... it's simply just an evaluation of your computer and it may be helpful

 

[HRHunteRHR]

well this is how the story goes. im surfing the web and i get attacked by a trojan. i didnt know it at first i thought my computer was just being laggy because it was an old one. next thing i knew things started changeing. there were programs that were installed that i didnt install. like this progmarn with an icon wif a girl. i tried to uninstall it but it wouldnt work. next i restarted my computer and all the icons showed up but the wallpaper was a message that said i should scan my compuer with any virus scanner i had avilable. i tried a 2 but they both fail to delete the virus. spyware doctor didnt even find t he virus and said everything was alright but thenm i used ae spyware scanner (<i forgot the name i havent used that computer ever since.) if found a couple infected files but couldnt delete them it promped me and ask me if i want to remove them at the next retarst and i said yes. i restarted my computer but i wouldnt go away. I dont want to go online with that computer while the virus is still on there and i want to still use that computer. is there anyway i could remove the virus?


p.s. after the computer is started up for some reason it wont reconise the cd craive and say that it is missing i tried unplugging the cables and replugging them but still nmo luck but for some reason if there is a disk inserted at startup like norton antivirus then it would run the disk. i tried the norton emergency virus remover but it wouldnt even scan I wound start the scan and it would say finished nothing found. =[

the computer is windows ME

any help apricheated (god i cant spell)

Is the girl icon by chance named Lisa?
Does it by chance say "cant read from source" when you try deleting her?

Mak ea shortcut of her then you will be able to delet her.

 

[The Drizzle1]

Hey start in safe mode use hijack this or startup normaly and scan find the virus the anti virus program wont get and find it and manually delete it if it says you cant then unplug your internet (this will cut the trojan off from its server) and you should be able to delete it if not go to settings and internet options then delete all delete all internet files and cookies also a very good anti virus program is spy sweeper free trial should do the trick

if that dosent work just get a new comp lol
look who got caught out in the drizzle

 

[devilboy6]

to reply to hunter, i wouldnt know the name of the girl on the icon.
AND
heres the log from the hijack this scan
Logfile of HijackThis v1.99.1
Scan saved at 7:28:50 PM, on 11/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Andrew.ANDREW-DMTL5UTN\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1"
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O15 - Trusted IP range: 67.19.185.246
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - Unknown owner - C:\WINDOWS\System32\npkcsvc.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

[devilboy6]

i think these are viral programs
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
the norton dont work for a reason and i dont connect that computer tho the internet just yet
thank you very much for any help =]