i saw a previous thread that was closed about some of my symtoms...
im getting antivirus2010 which i know is a virus.. and a constant ctv.exe with a random number, for example ctv2335.exe and iexplore.exe popups..
i also have something called spyware stormer, and spyware protect2009
Winzix and some other stuff.. my windows XP downgraded to windows 95,
thankfully ComboFix revived that but this is getting out of control, my system is rebooting itself every 5 minutes or so and random drivers are being messed with, im constantly getting windows file protection errors, though i dont have the cd to fix that, ive tried chkdsk/f/r and sfc/scannow
avast failed mbam failed spyware doctor failed spyhunter failed... what can i do now? also if theres anyone else out there having this problem, ive made a program in C# to fix the ctv.exe and iexplore.exe part of the virus
thats you, luckyguy457321
anyways help would be appreciated btw I'm only 13 yrs old so don't expect me to be some pro with this.
heres the file to block ctv#.exe and iexplore.exe. - you might not want to use this if you use internet explorer.. i use google chrome.
Link removed - Carolyn
edit - another thing is on my pc now called spyware police pro or something, i managed to get MBAM open for a minute and look at the results. *notice how it only ran for 1 minute, 11 seconds*
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
10/14/2009 2:38:59 PM
mbam-log-2009-10-14 (14-38-59).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 20411
Time elapsed: 1 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\system32\buhiwuna.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{933e0e36-9bc1-4e27-b951-3a3909123eba} (Trojan.Vundo.H) -> Delete on reboot.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vobajijam (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70134217 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\73573126 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84732933 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{933e0e36-9bc1-4e27-b951-3a3909123eba} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\safivapus (Trojan.Vundo.H) -> Delete on reboot.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\pump.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\70134217 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73573126 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\84732933 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\buhiwuna.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\70134217\70134217 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\70134217\70134217.bat (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\70134217\70134217.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73573126\73573126 .exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73573126\73573126.bat (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\73573126\73573126.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\84732933\84732933.bat (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\84732933\84732933.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.