Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chinese Navigation and my Pc crashes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby pokhim » November 7th, 2006, 4:27 pm

about 120gb of music and vids.

its going ok i'm gonna upload a firewall and a anti spyware from a disc that i burnt. then run updates and get a few more antivirus's. i'll let you know if and when i get this sorted.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm
Advertisement
Register to Remove

Unread postby wng_z3r0 » November 7th, 2006, 6:01 pm

Unplug your hard drive that has the music.
Format and reinstall windows on the OTHER one.
Plug in the hard drive that has your music, **MAKE SURE TO LOAD THE CLEAN OS, and not from the infected drive.

Turn your computer on, and transfer your music to the clean hard drive. Then format the infected one.


Run the scans and post back to Susan. If you are still infected, your music will have to go.
wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby pokhim » November 8th, 2006, 10:31 am

Okay, I've re-installed windows 3 times now (with both quick and long formats)
Every time I connect to the internet and launch IE (to try and run windows update) I get the same dialogue box I had before;
It asks for a username and password for my router
This happens every time a part of a web page starts to load e.g. every picture, so for each web page I get upwards of 20 of these boxes.

The main point is that the last two refomats and installs I haven't reconnected my IDE drive.

I am guessing that the virus (if it is a virus) is staying on the disk somewhere, the only place I can think of would be in the MBR or the 8MB unpartitionable space that I can see in the windows installation wizard.

Also this is browser specific, firefox will work okay without any boxes.
All of the other computers on the network are fine and have no problems accessing the internet through IE. The router in question does not ask for a username and password from within my LAN (only in the case of a Telnet operation)
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » November 8th, 2006, 10:40 am

with regards to my post above,

I have now worked out how to stop the boxes appearing in IE

I can go to internet options then click on the connections tab
then click on the LAN settings button and uncheck the first box that says automatically detect settings

That will allow me to browse without the boxes.

Is this then a windows problem rather than a virus/malware?
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby wng_z3r0 » November 8th, 2006, 9:29 pm

Yeah it sounds like a windows problem.
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby pokhim » November 9th, 2006, 1:45 pm

well thanks i think i got my computer sorted and up and running again. i dont have any problems and i managed to format both hard drives while keeping my music and vids. i've run a few of the virus and malware checkers and they come up with nothing. thanks for all your help you are a god amongst mortals.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 9th, 2006, 10:26 pm

Hello pokhim,

I am glad you got everything running again. Let's run GMER again and make sure nothing is lurking.

STEP 1.
======
GMER
Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.
  • Download GMER and extract it to the C:\program files\GMER folder.
  • Run the Gmer.exe program by double-clicking the executable file (gmer.exe) in Windows Explorer.
    You may be prompted to scan immediately if GMER detects rootkit activity.
    • If you are prompted to scan your system click "yes" to begin the scan.
    • If you are not prompted, Click the "Rootkit" tab, then click "Scan".

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in a reply here.

Please also post (reply) with a hijackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 10th, 2006, 9:06 am

Logfile of HijackThis v1.99.1
Scan saved at 13:06:29, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\TARIQB~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » November 10th, 2006, 9:07 am

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-11-10 13:04:41
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\Tariq Benson\Desktop\utorrent.exe:SummaryInformation
ADS C:\Documents and Settings\Tariq Benson\Desktop\utorrent.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby wng_z3r0 » November 10th, 2006, 11:42 am

The gmer log is clean.


Lay off the torrents for now. It is an easy way to get infected.

I don't mean to condescend you, but if you are downloading pirated files, no amount of security precautions are going to keep your computer clean, and it is pointless to try to keep the machine clean. We would not be as forthcoming the second time your computer is infected.
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby Susan528 » November 10th, 2006, 12:32 pm

You are living dangerously without having an anti-virus and firewall. Also anyone who downloads pirated files is asking for trouble. It may contain malware that will disable or delete security software.

http://www.malwareremoval.com/forum/viewtop ... 6ea0b5e8ee
Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."


  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:
    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls

  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Nellie2 » December 23rd, 2006, 7:43 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware