Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I cannot get into my computer now. I really need any help...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I cannot get into my computer now. I really need any help...

Unread postby mellie2480 » December 9th, 2009, 8:22 pm

I dont know what to do.. Last night I had a couple of problems with my computer. When I logged on there was a pop up message that said that Worm.win32.netsky was detected on my pc. Then it loaded my desktop and for the wallpaper had another warning that said "your computer is infected". It wouldnt let me get to the system restoration or even open my media player. I ran my Norton antivirus and it came up with a tracking cookie. So I ran the HijackThis tool and these were my results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:49 AM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Documents and Settings\RAC\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 3244 bytes


And I came online to post it in here. When I logged out I ran my Norton once again the full system scan and came out with a downloader and 2 trojans and required a restart. So I restarted my computer and now cannot log in to my desktop. I tried restorin my computer to factory mode and nothing... It wont let me do anything. Please if you have any idea on what to do I'd really appreciate it! Thank you for your time.
mellie2480
Active Member
 
Posts: 7
Joined: December 9th, 2009, 2:59 am
Advertisement
Register to Remove

Re: I cannot get into my computer now. I really need any help...

Unread postby MWR 3 day Mod » December 13th, 2009, 2:35 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I cannot get into my computer now. I really need any help...

Unread postby Dakeyras » December 14th, 2009, 4:49 pm

Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I cannot get into my computer now. I really need any help...

Unread postby mellie2480 » December 14th, 2009, 5:50 pm

Yes I want to do whatever is necessary to get my computer working again. Therefore I need your help and thank you so much for the reply, even though its bad news... lol.
mellie2480
Active Member
 
Posts: 7
Joined: December 9th, 2009, 2:59 am

Re: I cannot get into my computer now. I really need any help...

Unread postby Dakeyras » December 14th, 2009, 6:34 pm

Hi. :)

Yes I want to do whatever is necessary to get my computer working again. Therefore I need your help and thank you so much for the reply, even though its bad news... lol.
You're welcome!

OK to be clear and so I understand correctly what decision you have made:-

1 - Are you going to carry out the recommended course of action as in a reformat and reinstallation of the Windows operating system and if so, would you like advice on what to install afterwards and some safety advice?

2 - For myself to actually attempt cleaning your machine but I can't guarantee that it will be at all secure afterwards?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I cannot get into my computer now. I really need any help...

Unread postby mellie2480 » December 14th, 2009, 9:15 pm

Dakeyras wrote:Hi. :)

Yes I want to do whatever is necessary to get my computer working again. Therefore I need your help and thank you so much for the reply, even though its bad news... lol.
You're welcome!

OK to be clear and so I understand correctly what decision you have made:-

1 - Are you going to carry out the recommended course of action as in a reformat and reinstallation of the Windows operating system and if so, would you like advice on what to install afterwards and some safety advice?

2 - For myself to actually attempt cleaning your machine but I can't guarantee that it will be at all secure afterwards?


1 - Yes I would like to carry out the recommended action and I would love any advice you have to give.

2 - That is ok if its not... Its worth a try and even if it aint its better than what it is now...lol
mellie2480
Active Member
 
Posts: 7
Joined: December 9th, 2009, 2:59 am

Re: I cannot get into my computer now. I really need any help...

Unread postby Dakeyras » December 15th, 2009, 5:09 am

Hi. :)

You have answered yes for both options:-
1 - Yes I would like to carry out the recommended action and I would love any advice you have to give.

2 - That is ok if its not... Its worth a try and even if it aint its better than what it is now...lol
Which actual step do you wish for myself too proceed with advising about?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I cannot get into my computer now. I really need any help...

Unread postby mellie2480 » December 15th, 2009, 6:25 pm

Dakeyras wrote:Hi. :)

You have answered yes for both options:-
1 - Yes I would like to carry out the recommended action and I would love any advice you have to give.

2 - That is ok if its not... Its worth a try and even if it aint its better than what it is now...lol
Which actual step do you wish for myself too proceed with advising about?


how to reformat it
mellie2480
Active Member
 
Posts: 7
Joined: December 9th, 2009, 2:59 am

Re: I cannot get into my computer now. I really need any help...

Unread postby Dakeyras » December 15th, 2009, 8:05 pm

Hi. :)

The below tutorial is a excellent guide:-

How to Reformat and Reinstall your Operating System

Below is some advice about what to install/safety advice after the format and the reinstallation of the Windows operating system.

Reformat and Reinstallation Advice:

This is a excellent resource I recommend reading:-

How to prevent Malware

  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    Here are some free Anti Virus programs which I recommend to use:
    • Antivir PersonalEditionClassic
      • Free anti-virus software for Windows.
      • Detects and removes more than 50,000 viruses. Free support.
    • avast! 4 Home Edition
        • Anti-virus program for Windows.
        • The home edition is freeware for noncommercial users.
    • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
      Here are some free Firewalls which I recommend to use:
      (Use only one, and disable your Windows Firewall)
    Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
  • Keep your system updated- Microsoft releases patches for Windows and other products regularly:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Malwarebytes' Anti-Malware - Download it from here
    The tutorial on how to use MBAM is located here
  • Install WinPatrol - Download it from here
    You can find information about how WinPatrol works here
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    Download it from here
    The tutorial on how to use Spyware Blaster is located here
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well after the format and the reinstallation of the Windows operating system.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Follow this list and your potential for your computer becoming infected again will reduce dramatically. Any questions feel free to ask OK!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I cannot get into my computer now. I really need any help...

Unread postby Dakeyras » December 17th, 2009, 6:15 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware