Author Topic: windows xp virus (Read 13536 times)

7up · « **on:** December 05, 2008, 07:04:42 AM »

can anyone help me the BV virus, or at least that is what its says when I scan my computer with avast. It seems to have destroyed my system restore function, and if I do an internet search, click a link, it takes me to where ever it wants to.
I really need to know specifics on killing this virus

Carbon Dudeoxide · « **Reply #1 on:** December 05, 2008, 07:09:58 AM »

Welcome to ComputerHope.

Please follow this:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Also, I'm moving this to the Computer Virus and Spyware Section.

7up · « **Reply #2 on:** December 05, 2008, 01:18:12 PM »

I made it to step 3, but my browser wont let me connect to superantivirus site. Any suggestions?

7up · « **Reply #3 on:** December 05, 2008, 01:20:45 PM »

i meant to say superantispyware site

Carbon Dudeoxide · « **Reply #4 on:** December 05, 2008, 08:07:27 PM »

Try here:
http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

bobgar34 · « **Reply #5 on:** December 06, 2008, 12:33:55 AM »

after you get your system clean this will restore your system restore calender. unzip it and double click.

[Saving space - attachment deleted by admin]

Carbon Dudeoxide · « **Reply #6 on:** December 05, 2008, 09:54:32 PM »

Quote from: bobgar34 on December 06, 2008, 12:33:55 AM

after you get your system clean this will restore your system restore calender. unzip it and double click.

Ignore this for now. Let's wait until our malware specialists have a look...

7up · « **Reply #7 on:** December 06, 2008, 08:31:19 AM »

that link does not open either, i get "page cannot be displayed".
could this be a dns error or something else? if so how do I fix it so I can proceed with my virus issue?

7up · « **Reply #8 on:** December 06, 2008, 08:52:16 AM »

as I was reading post by other people, it seems that "poorstudent" and I are/were havinf the same problem. I was wondering if I could download the needed software to a flash drive, rename name it and load it on my infectec computer. If so, can anyone give me the steps and procedure to do this? Also HP is sending me a disc of XP, should I just wait on this and reimage my computer?

Carbon Dudeoxide · « **Reply #9 on:** December 06, 2008, 08:55:57 AM »

I don't see how an XP CD will do anything besides formatting the Hard Drive (erasing everything) or....well that's it unless you want to risk keeping the virus.

Anyways, yes. Download the three programs to a flash drive on another computer, rename them, and then transfer them over.

7up · « **Reply #10 on:** December 07, 2008, 09:59:06 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2008 at 11:46 AM

Application Version : 4.22.1014

Core Rules Database Version : 3640
Trace Rules Database Version: 1623

Scan type : Complete Scan
Total Scan Time : 00:17:20

Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 6816
Registry threats detected : 5
File items scanned : 28461
File threats detected : 3

Unclassified.Unknown Origin
   HKU\S-1-5-21-2962165191-2854740113-1532012136-1008\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
   HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Trojan.DNS-Changer (Hi-Jacked DNS)
   HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{71AC8796-5FBA-4AC0-B71A-D9C2D7075553}#NAMESERVER
   HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{71AC8796-5FBA-4AC0-B71A-D9C2D7075553}#NAMESERVER

Trojan.Unclassified/K-Series
   HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SYSTEM

Adware.Tracking Cookie
   C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt

this is what i found on my first superantispyware scan

7up · « **Reply #11 on:** December 07, 2008, 10:26:16 AM »

ok, know I cannot get MBAM to run, I loaded it to a flash drive, renamed it, and loaded it my infected computer, but it will not run, what now?

Carbon Dudeoxide · « **Reply #12 on:** December 07, 2008, 05:43:45 PM »

Can you get a HijackThis Log?

7up · « **Reply #13 on:** December 08, 2008, 06:11:55 AM »

no, it does the same, "page cannot be displayed", if I try to go to the website to download, and if I download to a flash drive, it will not install HJT on the computer.
Avast scan says that autorun is infected in all drives.
Does anyone have telnet capabilities where they can remotely look at my computer, don't know if that would help or work, but I am stumbling in the dark here.

Carbon Dudeoxide · « **Reply #14 on:** December 08, 2008, 06:18:23 AM »

Try this.

On the damaged computer, go to Notepad and, leaving it blank, go to File --> Save As --> autorun.inf (save it to the desktop).
Now copy it to the root of all the drives on the computer. If it says 'do you want to replace a file', replace it.
On the other computer, install HJT.
Once installed, travel to C:\Program Files\Trend Micro\HijackThis and copy hijackthis.exe to the flash drive and rename it to sniper.exe.
Now try to get the log.

(note: Not sure if that's the exact path for hijackthis)

Computer Hope Forum

News:

Author Topic: windows xp virus (Read 13536 times)

7up

windows xp virus

Carbon Dudeoxide

Re: windows xp virus

7up

Re: windows xp virus

7up

Re: windows xp virus

Carbon Dudeoxide

Re: windows xp virus

bobgar34

Re: windows xp virus

Carbon Dudeoxide

Re: windows xp virus

7up

Re: windows xp virus

7up

Re: windows xp virus

Carbon Dudeoxide

Re: windows xp virus

7up

Re: windows xp virus

7up

Re: windows xp virus

Carbon Dudeoxide

Re: windows xp virus

7up

Re: windows xp virus

Carbon Dudeoxide

Re: windows xp virus