Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-01-2009, 06:45 AM   #1
Baseband Member
 
Join Date: Jan 2005
Posts: 79
Default can't system restore

WHY!? god damn just formatted, and same virus has come back, but now only WORSE

every 5 secs, it reactivates or something

it disables my task manager and regedit, i enable em, 5 secs later it disables both again...

nothing came up with hijack, use counterspy, found some shit, del'd it, and yeah, can't install avast antiv virus, cause its not seeming to complete, everytime i press next, dialog disappears, think cause of the virus. will try AVG next though

anyone know what sgoing on, everytime i system restore, it fixed the virus, and i found that it was coming from my ipod. i cleared it. and its back, and system restore isn't working. its says, it failed to restore. i tried restoring and undoing my previous restore. no luck with both..
__________________

mykul is offline   Reply With Quote
Old 02-01-2009, 09:12 AM   #2
Daemon Poster
 
allendale2008's Avatar
 
Join Date: Dec 2008
Posts: 781
Default Re: can't system restore

what? "disables task manager and regedit"

^ who cares? Why would you need task manager and regedit to get rid of a virus?

And even the best antivirus cannot detect everything.

And the last paragraph just confuzzles me.

Why don't you format your ipod and do a system repair.

edit: oh ok. You might have deleted your system restore point. I can't really think of anything else. The only way to go from here is to get something to destroy it, or IMHO just simply repair/reinstall windows.
__________________

__________________
OCZ 550 Watt Modular|Intel E7300 Core 2 Duo @ 2.66ghz|Gigabyte EP45UD3R|4 GB Corsair 800 DDR2|Geforce 8800 GTX|Seagate 250GB 7200RPM SATA|Samsung 160GB 7200RPM SATA|120 GB External WD Passport HD|Microsoft 3 Button Optical Mouse|Lite-On 2 Tone Standard Keyboard|ViewSonic 22in Wide Screen|Logitec x-540|Windows 7 Ultimate 64 bit
allendale2008 is offline   Reply With Quote
Old 02-01-2009, 07:12 PM   #3
Baseband Member
 
Join Date: Jan 2005
Posts: 79
Default Re: can't system restore

sigh, i dont know the pass word when i go to repair..

and i just reformmated 1 week ago

i picked up like heaps of viruses on the last scan, but its not getting rid of em.. zzz

last paragraph: I had the problem where i couldn't view, things like.

"Folder Options" "Run" "Regedit" "Task Manager" and so on..

so i system restored it to a few days ago, and it would be fine.

now when i system restore, it doesn't restore, it says it didn't work, same as undoing the restore.
mykul is offline   Reply With Quote
Old 02-01-2009, 07:24 PM   #4
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: can't system restore

If the system restore point was infected (which is pretty common), that'd be why it got worse and why it failed.

Have you tried running the scans in safe mode?
__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Old 02-01-2009, 07:27 PM   #5
Baseband Member
 
Join Date: Jan 2005
Posts: 79
Default Re: can't system restore

Nah not yet. I'll try that after. Anyways, this is the result from AV Scan. ONE WEEK from formatting, and this..


"C:\DOCUME~1\vince\LOCALS~1\Temp\bjpyxp.exe";"Troj an horse SpamTool.CDK";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\bjpyxp.exe (3660)";"Trojan horse SpamTool.CDK";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\yqsqgs.exe";"Troj an horse Agent.AWPR";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\yqsqgs.exe (3580)";"Trojan horse Agent.AWPR";"Reboot is required to finish the action"
"C:\Documents and Settings\vince\Desktop\aswclnr.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A4BFC_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A4FE4_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A48A1_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A5459_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AACE9_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\vlc-0.9.8a-win32.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\WinXP_2K(77.72)\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\NVIDIA\Win2KXP\93.71\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\AVG\AVG8\avgfrw.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AAFE6_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AB380_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AB758_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AE86B_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AEB97_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AEF02_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AF358_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1382_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1883_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1BCF_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B819E_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B8528_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B88D1_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B8D08_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\bjpyxp.exe";"Trojan horse SpamTool.CDK";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\yqsqgs.exe";"Trojan horse Agent.AWPR";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\install_flash_player.exe";"Vir us identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (1372)";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\livecall.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iedw.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\uninstall\helper.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\msnmsgr.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\MsnMsgr.Exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN Messenger\msnmsgr.exe (1808)";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digc ore.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msnc li.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe";"Viru s identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNIA\msniasvc.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\msnmsgr.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN Messenger\msvs.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k_xp\us\kb835221.exe";"Virus found Win32/Parite";"Healed"
"C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k3\us\kb901105.exe";"Virus found Win32/Parite";"Healed"
"C:\Program Files\SigmaTel\C-Major Audio\setup.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\SonicFocus\iasetup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\WDM\suhlp.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvcControl.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBShredder.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBWSC.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
mykul is offline   Reply With Quote
Old 02-01-2009, 07:28 PM   #6
Baseband Member
 
Join Date: Jan 2005
Posts: 79
Default Re: can't system restore

"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\VideoLAN\VLC\uninstall.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\BNUpdate.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\Frozen Throne.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\war3.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\Warcraft III.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\World Editor.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\worldedit.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\WinPcap\daemon_mgm.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\WinPcap\npf_mgm.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\WinPcap\rpcapd.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\WinPcap\Uninstall.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\RECYCLER\S-1-5-21-1715567821-412668190-682003330-1003\De4.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\WINDOWS\system32\nwiz.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"

That was last night, now i rebooted, and now fricking AVG pops up every 5mins saying one of my exe is infected with the tanatos virus, and it can't be healed/fixed!! FAR, and i still have the task manager problem, i go via GPEdit.msc to fix it, 5 seconds later, its disabled again. ZZZ
mykul is offline   Reply With Quote
Old 02-01-2009, 07:32 PM   #7
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: can't system restore

Ok, two things you can try. First one is malwarebytes. It can remove so much it's not even funny.

Then I'd either do eset's online scanner, or get a 30-trial of their NOD32 anti-virus and run it.
__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Old 02-01-2009, 10:38 PM   #8
Solid State Member
 
Join Date: Jan 2009
Posts: 8
Default Re: can't system restore

After reformatting, do you have enough time to run an ERASE program like Cyberscrub? http://www.cyberscrub.com/products/privacysuite/

You might run this program with your firewall blocking all traffic.

This is only a suggestion, and I don't know if it will work.

Or Cybercide :http://www.cyberscrub.com/products/cybercide/
Valvoline is offline   Reply With Quote
Old 02-01-2009, 11:13 PM   #9
Baseband Member
 
Join Date: Jan 2005
Posts: 79
Default Re: can't system restore

Um problem. I cant run in safe mode

everytime i do, it gets up the that line, mup.** or whatever, and comp restarts, and it goes, windows was unable to **..... and then, i can pick to boot in safe, so i do, again, it restarts, whats wrong?
__________________

mykul is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 09:56 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0