Computer...****** completely

[adjones]

Straight off, sorry for being absolutely pathetic with computers but any help would be so appreciated!
Basically, my brother went on my laptop and somehow had somethign downloaded...i think it was sent and he accepted or something...
Initially it made everything  stop working couldnt use mouse or keyboard etc with no programmes loading. the best i coudl do was switch it off which took about 10 seconds holding the power button? then restarted in Safe Mode and now i havent got a clue what to do...tried to follow the initial steps set up on here but unfortunately i cant access the initernet to download any Super Spyware things?

Again, sorry for not knowing anythign about computers but any help would be so appreciated!! x

*language

[Carbon Dudeoxide]

What happens if you start the computer normally?

Any ideas what you downloaded?


Try turning on the computer, keep tapping F8, and choose Safe Mode With Networking.
Make sure you're plugged in via Ethernet Cable and try to follow steps 3, 4 and 6:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[adjones]

from what i know i think he was msn messenger and his mate sent him somethign as a joke? but it came and now i dunno what can be done.. starting it gets it to the desktop (slowly) then the mouse and keyboard don't work, but as Steam application normally automatically runs its there with the cursor flashing...but cant do anythign so ive been switching it off. Tried this earlier, but held it down for over 30 seconds and nothign happened. Had to take the battery out to switch it off.. Just dont know what else can be done as i cant do anythign when its on..

but thanks for the reply, any help literally and youre my hero! x

[CBMatt]

Try turning on the computer, keep tapping F8, and choose Safe Mode With Networking.
Make sure you're plugged in via Ethernet Cable and try to follow steps 3, 4 and 6:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Did you try this?

[adjones]

sorry for the unbelievably long time getting back, sent computer to some shop and they couldnt do anything without sending it off to some other place which would cost far too much!

Ive got through the steps said and have the following logs. I dont know if I should paste them in or attach them, so Ive attached them. Sorry if its not preferred!

Any help please! x

[attachment deleted by admin]

[CBMatt]

No worries about the wait.  It gives us more time to do other things.  Heh.  And attached logs are preferred, so you're good there.

Go ahead and download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[adjones]

Ive got ComboFix installed and ready to go, but as Im working in Safe Mode, because my mouse and keyboard dont respond in the usual mode, it wont allow me to reach the usual AVG 8.0 interface? Ive tried to completely uninstall it and that comes up with an error.

Shall I try to use ComboFix nonetheless? Or has AVG got to be off?

sorry for being a pain

[adjones]

I continued with the ComboFix after it said it had been temporarily disabled, or something similar.

Ive got the following ComboFix log, and the resulting HijackThis log.

Bloody appreciate this lads! Fantastic effort! x

[attachment deleted by admin]

[CBMatt]

Many programs don't run normally in Safe Mode, which may be why AVG wasn't acting as it should.  You also can't install most programs in Safe Mode.  You will want to reinstall AVG in Normal Mode.  Also, please use Normal Mode for scanning with ComboFix and HijackThis.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
c:\windows\system32\drivers\beqqkhrl.sys
c:\windows\system32\643vHDUR.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not click ComboFix's window while it is running. That may cause your system to freeze

[adjones]

i tried to get back into Normal mode but again, nothing will work on it; it seems to be constantly frozen.
I opened ComboFix and dragged the Notepad text into it, and the resulting logs loaded up whilst in Normal mode. As it still wouldn't respond, I went back into Safe Mode and was able to find two additonal logs to what were there. 'ComboFix2.txt' seems to be what the log was, yet a new log that i didnt see before has also appeared as 'Combofix-quarantined-files'. Ive posted both just incase the other is useful?

Again, thanks for the quick reply.

[attachment deleted by admin]

[CBMatt]

So, even after following the steps, Normal Mode still doesn't work?  See if you can try this out...

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
  
• An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
• Copy and paste that log in the next reply

[adjones]

Done it...took a *censored* of a long time and computer overheated once, so sorry about the delay. But I dont think its done what it should? I went File > Save Report List but when ive loaded it up through Notepad all i got was the following...

[attachment deleted by admin]

[CBMatt]

DrWeb logs are sometimes very short if you don't have many infections.  You have one of three things going on with your computer...  1. Either you are still infected and the infection is hiding itself very well.  2. Or your infection is gone, but it damaged enough files to still be causing you problems.  3. Or your problems are actually being caused by something other than a virus.

It's obvious that you were infected, but I'm not aware of these particular infections ever causing such bad problems.  I hate to say it, but this may be one case where a format is the best option.

Of course, don't think that I am giving up on you.  If you still want to keep trying, I'm willing to stick to it with you.  If you would like to continue, I have another scan for you to try.  But be warned: it may take awhile for this scan to complete.  The log will be huge, so you'll need to upload it to a filehost.  Just follow the instructions and the process will be explained...

Download to your desktop ISeeYouXP.exe by ShadowPuterDude
Next double-click on ISeeYouXP.exe on your Desktop.
 
ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.

Once complete a log will be saved to the Desktop named ISeeYouXP.txt.
           
Post the following logs in your next reply:
ISeeYouXP.txt

If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.

Upload the file to Savefile.com
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.

[adjones]

Quality. Ill get right on it, but if its getting tricky it doesnt matter at all. Try this 'ISeeYou' one and if nothing obvious comes up then ill try and just send the computer off. But, I spoke to my brother and its come out that his mate (or some little.....had sent something to him?). And hes almost certain it was something that was sent over MSN Messenger? Dont know if that can help in any way at all but Ill try and get this log posted ASAP. Thanks again for the huge effort, really appreciate it. x

[adjones]

Done. Worked within...3 minutes!? So don't know if that means anything. But heres the log:

http://www.savefile.com/files/1958597

Cheers.