HAVING COMPUTER ISSUES...VIRUSES,SPYWARE, ETC...INFO HERE

[siccness-user]

i think i have a virus

i downloaded what i tough was freeware

then after my computer scanned this file, and had no viruses..

i installed, it then self-extracted and shut my computer off

it restarted, with a bunch of windows popping up



tools i have

combofix
KillBox
Winrar
hijackthis
superantispyware
avast antivirus


i need help, i want to use my computer without this poppin up every 5 seconds

 

[Doberman]

i downloaded what i tough was freeware

then after my computer scanned this file, and had no viruses..

i installed, it then self-extracted and shut my computer off

it restarted, with a bunch of windows popping up



tools i have

combofix
KillBox
Winrar
hijackthis
superantispyware
avast antivirus


i need help, i want to use my computer without this poppin up every 5 seconds

try Adaware ,Spybot S&D
and Anti-Vir , as well as NOD32 if you can get ahold of it.
Good Luck!

 

[Doberman]

Looking at those messages a bit closer. Looks like it's email related. Coming from PS2000-.-com

 

[Milli_Mill]

is there a way to put an album on your ipod with clicking each individual song?

 

[martin_07n]

Man, my flash player ain't working. I upgraded and everything but it still not working. any help?

 

[Darkshowdown]

I have a rather new computer (about a year old). HP

About 2 weeks ago, it stopped reading any disc I pop in there. I can't play any disc nor burn anything. It doesn't read anything.

Any serious help / good recomendations will be appreciated.

MY brand new computer(had it for 3 weeks) is doing that also.

The DVDrw/CDRW drive stopped reading audio or Compact discs It only reads DVD movies. The other Drive is reading music though but that one isnt teh burner its only a CDROM drive

 

[siccness-user]

ive been trying to fix my virus, tried many things. but its still there

Logfile of HijackThis v1.99.1
Scan saved at 14:56, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\program files\active sync\wcescomm.exe
C:\PROGRA~1\ACTIVE~1\rapimgr.exe
D:\Program Files\GhostSurf Platinum\Proxy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Charlie\Desktop\Folders\Shortcuts\hijackthis\HijackThis.exe
D:\Program Files\GhostSurf Platinum\Privacy Auditor.exe
D:\Program Files\GhostSurf Platinum\Scheduler daemon.exe
D:\Program Files\GhostSurf Platinum\Protector.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=eng
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\GhostSurf Platinum\SCActiveBlock.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KEMailKb] D:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] D:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\active sync\wcescomm.exe"
O4 - HKCU\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: GhostSurf proxy.lnk = D:\Program Files\GhostSurf Platinum\Proxy.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Privacy Auditor.lnk = D:\Program Files\GhostSurf Platinum\Privacy Auditor.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\GhostSurf Platinum\Scheduler daemon.exe
O4 - Startup: SpyCatcher Protector.lnk = D:\Program Files\GhostSurf Platinum\Protector.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\ACTIVE~1\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - D:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: BlogJet This! - {9996ABBC-82C5-4A75-8702-582462325D6D} - D:\Documents and Settings\Charlie\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {9996ABBC-82C5-4A75-8702-582462325D6D} - D:\Documents and Settings\Charlie\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

 

[KALYN]

I've tried everything to rid myself of the virus on my PC as well.. but even my NOD only gives me the option to 'leave' the file or 'stop scanning' and close NOD completely (no option to delete) so I copy to quarantine and leave it... so yeah.. I dunno..

 

[TONY206]

i downloaded what i tough was freeware

then after my computer scanned this file, and had no viruses..

i installed, it then self-extracted and shut my computer off

it restarted, with a bunch of windows popping up



tools i have

combofix
KillBox
Winrar
hijackthis
superantispyware
avast antivirus


i need help, i want to use my computer without this poppin up every 5 seconds

i downloaded what i tough was freeware

then after my computer scanned this file, and had no viruses..

i installed, it then self-extracted and shut my computer off

it restarted, with a bunch of windows popping up



tools i have

combofix
KillBox
Winrar
hijackthis
superantispyware
avast antivirus


i need help, i want to use my computer without this poppin up every 5 seconds

Looks sort of like messenger spam being sent to your ip. Do you have XP SP2? You can right click>properties My Computer to see if you're running service pack 1 or 2. If you're on SP1 you can try this:

Shoot The Messenger - Download - Home Page
Disables Windows Messaging service. This will prevent online spammers from abusing this and causing non browser related message Pop-ups during normal system operation. Installing SP2 will disable the messenger service for you.

I've tried everything to rid myself of the virus on my PC as well.. but even my NOD only gives me the option to 'leave' the file or 'stop scanning' and close NOD completely (no option to delete) so I copy to quarantine and leave it... so yeah.. I dunno..

You can go to the quarantine and right click>delete.

 

[KALYN]

^^

OMG-- is it seriously THAT simple..?? lol... ok--


Done-- now I'll run the in-depth again... see what happens..

 

[siccness-user]

well, its official,

my computer is fuckin dead

yup, it was mass mailing software

when i tried checking the registry, it locked me out,

then it shut down..

now it doesnt turn on

fuckin freeware,

aaaaaaaaaaaaaaahhhhhhhhhhhhh

.......ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

 

[martin_07n]

Man, my flash player ain't working. I upgraded and everything but it still not working. any help?

 

[KALYN]

^^

OMG-- is it seriously THAT simple..?? lol... ok--


Done-- now I'll run the in-depth again... see what happens..

Negative Tony... virus still comes up when I run the scan...

 

[TONY206]

Negative Tony... virus still comes up when I run the scan...

What is the virus?

 

[KALYN]

What is the virus?

S-1-5-21-1916240397-312812558-445633102-501 Dc9.exe (Dc8.exe & Dc7.exe)
Win32/TrojanDownloader.Zlob.BLD trojan

 

[TONY206]

S-1-5-21-1916240397-312812558-445633102-501 Dc9.exe (Dc8.exe & Dc7.exe)
Win32/TrojanDownloader.Zlob.BLD trojan

The second result of Googling dc9.exe says this...

dc##.(ext) so happens to be some sort of naming schema for the recycle bin located in C:\Recycler\account-sid(bunch of numbers). In that case just clear your recycle bin.

:ermm::ermm::ermm:

 

[KALYN]

The second result of Googling dc9.exe says this...
:ermm::ermm::ermm:

Theres nothing in my recycle bin Tony..

 

[siccness-user]

its over, i backep my files then erased everything, no more virus

 

[TONY206]

Theres nothing in my recycle bin Tony..

Add something and empty it, or go to control panel>folder options>view and select show hidden files and folders.

 

[MaddDogg]

Here's my computer issue:

I recently bought a new computer and was browsing the next. I clicked on an embedded Youtube link and it asked me to download a plugin. Since it was a new computer, I
thought I needed it. After I downloaded it I realized almost immediately it was a trojan virus. The virus is doing the following things to fuck my computer up:

1. popping up windows, mainly stuff saying "urgent you have virus" or sending me to a site that sells fake spyware remover like virus ranger.

2. trying to make me download an install.exe from various sites.

3. Recently it jumped from just my internet explorer to my Mozilla Firefox.

4. Displays an icon in the lower right hand corner box next to the time.

I've tried to fix this through the following programs and procedures:

1. AdAware.
2. Norton
3. House Call
4. Unhide program and windows files and folders and re-ran all 3 programs.

The virus no longer even shows up in the scans but clearly it is there.

Any ideas? I was thinking since it's brand new I could just reinstall windows and start over but I dont have a windows cd. Anyway to do it online?