Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: chrislg on July 21, 2010, 05:59:49 AM

Title: Need help have some kind of rogue virus
Post by: chrislg on July 21, 2010, 05:59:49 AM

I have some virus that is blocking me from opening any kind of file, it gives me this message:
"Application cannot be executed. The file **** is infected......."
When i restart my computer the virus takes like acouple of seconds to start working so i can open quikly open one thing.
I tried to do a system restore and back track my computer to the start of this month and it seemed to have worked but now the virus is back and giving me the same message "Application cannot be executed. The file **** is infected......."
I seem to have a similar case to this person http://www.computerhope.com/forum/index.php?topic=95177.0

I downloaded the Rkill.com thing and ran it and it gave me this log in a notepad:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Chris on 21/07/2010 at 21:48:38.

Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ndvrrecik\emavcqitssd.exe
C:\Documents and Settings\Chris\My Documents\Downloads\rkill.com

Rkill completed on 21/07/2010 at 21:48:41.

i have no idea what this means.
Im using windows xp and ive tried to run in safe mode but it didnt work and i use avg antivirus
I really appreciate anyone that is willing to help me thanks

Title: Re: Need help have some kind of rogue virus
Post by: Dr Jay on July 21, 2010, 01:10:34 PM

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not attach logs or post them in Quote/Code boxes unless requested.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Title: Re: Need help have some kind of rogue virus
Post by: chrislg on July 22, 2010, 01:06:14 AM

Ok, i used mbam and seemed to removed the virus i think i have all the logs if you want me to post them but ever since i removed the virus whenver i open inter explorer or mozilla firefox it wont load any websites at all and mozilla firefox is giving me this message:

The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

* Check the proxy settings to make sure that they are correct.

* Contact your network administrator to make sure the proxy server is
working.

can someone please help if you need me to post hijack or mbam log i can
thanks

Title: Re: Need help have some kind of rogue virus
Post by: Dr Jay on July 22, 2010, 01:22:26 AM

Check for proxy server

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

Now click on the Connections tab and then the Lan Settings button
Under the Proxy Server section, please make sure the checkbox labeled Use a proxy server for your LAN is unchecked. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen.

Then, try ComboFix again.

Title: Re: Need help have some kind of rogue virus
Post by: chrislg on July 22, 2010, 01:33:08 AM

DragoMaster Jay thanks heaps i think the problem is fixed after combofix ran and restarted trhe computer and wrote the log my inter explorer and firefox started working/ Should i have you check my computer though because i kinda didnt follow anyones proffesional opinion i just downloaded mbam,super antispyware free edition and avg and just ran them to delete the virus i had. but if you think all is ok i thank you very much <3

Title: Re: Need help have some kind of rogue virus
Post by: Dr Jay on July 22, 2010, 01:40:24 PM

Most of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus scanners may not show a sign of the malware still being there, which could be a sign of a rootkit.

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

So, the idea is, is when you post to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean. However, it is up to you to continue or not.

===========

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.