Computer Hope
Software => Computer viruses and spyware => Topic started by: xxXenonxx on July 15, 2007, 09:33:11 PM
-
Alright my computer was working perfectly no problems at all then today I installed an online game called Rakion then when I was playing it my keyboard stopped working. I tried removing the plug and putting it back in, but it didn't work. Then a few minutes later the whole computer froze. Then I restarted it and ran a virus scan I found two trojan horses in the files where you install the game. I found another two which I don't remeber the names but were something like ....8750 and ....8751. AVG couldn't heal them so it put them in Virus Vault that's when I noticed my keyboard shut off so I shut down my computer. What is the problem here?
I use Windows Xp Home Edition
-
Update your AVG and scan in Safe Mode (http://www.computerhope.com/issues/chsafe.htm). Let it remove whatever it wants.
If you're still having problems, scan with HijackThis (http://merijn.org/files/HijackThis.exe) and post a log.
-
Update your AVG and scan in Safe Mode (http://www.computerhope.com/issues/chsafe.htm). Let it remove whatever it wants.
If you're still having problems, scan with HijackThis (http://merijn.org/files/HijackThis.exe) and post a log.
I'll start it up right now and if it puts it in the virus vault does it mean its deleted?
-
When an infection is placed in the virus vault, it is quarantined, not deleted. The file still exists on your computer, but it is no longer a threat. Although it's not necessary, I personally prefer to delete all files placed into the vault. Be sure to let us know how the Safe Mode scan goes.
-
Well when I turned on my computer at the compaq screen I got a "304-Keyboard or system error" in small white letters above the compaq logo. I restarted it and I still got the error but managed to get into the f8 menu. Then when you use the arrow keys to highlight your choice the keyboard was off. And in 30 seconds it normally started and I ran a scan with that. This time I didn't get those files in the Rakion folder but I got the other ones but this time called A000009817 and 18.
-
sorry for all the double posts but I checked the Virus vault and the files in there are "npgmup.des.new" <<That is the one in the Rakion folder. And the others are " A0008751.new","A0008750.des","A0009718.des" and "A0009719.new" I'm going to try to restart and go in safe mode if that doesnt work ill put in a new keyboard.
-
Now my keyboar doesn't work at all. Does anyone know what this darned virus is?
-
Results of HiJackThis in safe mode
Logfile of HijackThis v1.99.1
Scan saved at 2:51:39 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Ravi\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
-
Congratulations on the shortest HJT log this Month ! !
-
Please go HERE (http://www.howtotell.com) using Internet Explorer (not Firefox or any other browser as they won't work).
- Click on Windows Validation Assistant.
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue
- When it says "Validation Complete" please click Continue to return to your previous activity.
- Copy what it says and paste it here.
-
Results of HiJackThis in safe mode
You should always run your HJT scan in 'normal' mode, because in safe mode not as many things are running (ie virus/spyware) and therefore they are not recorded in your log.
-
Please go HERE (http://www.howtotell.com) using Internet Explorer (not Firefox or any other browser as they won't work).
- Click on Windows Validation Assistant.
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue
- When it says "Validation Complete" please click Continue to return to your previous activity.
- Copy what it says and paste it here.
I know it's not validated but I haev another problem with that. Does it have to be validated or something?
-
Well it certainly helps in most cases...
-
Well we sent our computer into this guy who put windows xp home edition on it and i had to reinstall xp on it and i dont have the serial for that so i'm looking for one
-
If you don't have a valid copy of Windows, then it may very well be the cause of many of your problems.
If this is a legal copy, then you'll need to provide proof because our policy is to not help out with illegal versions of Windows.
-
I know but the guy did kind of sneaky stuff so i'll try to get it from him or whatever you guys don't have to help with that but yea. Did you find anything else in the log?
-
Honestly, no, I don't see anything else in your log. But I've read that AntiWPA contains adware. However, I can't verify this. Some sites say it's clean, while others say it isn't.
It doesn't show up in the log, but I suspect you may have Vundo, so you might want to give VundoFix (http://www.atribune.org/ccount/click.php?id=4) a try.
-
OK! I'll try that out.
-
Honestly, no, I don't see anything else in your log. But I've read that AntiWPA contains adware. However, I can't verify this. Some sites say it's clean, while others say it isn't.
It doesn't show up in the log, but I suspect you may have Vundo, so you might want to give VundoFix (http://www.atribune.org/ccount/click.php?id=4) a try.
No Vundo :(
-
Although I suspect either your Windows or AntiWPA to be the culprit here, go ahead and post a fresh HijackThis log. But this time, do as DeltaSlaya suggests and scan in Normal Mode.
-
Borrow a known working PS2 keyboard and try it.
-
Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.
If you are not the original poster and you require help, please start a New Topic (http://www.computerhope.com/forum/index.php?action=post;board=7.0) with information about your computer and your problem.