Question:
I have a very bad virus, please help?
anonymous
2009-11-20 09:22:43 UTC
Hi,
I open an email on aol, started getting pop ups. scanned with malwarebytes and came up with this -
Malwarebytes' Anti-Malware 1.41
Database version: 2784
Windows 6.0.6001 Service Pack 1

19/11/2009 22:39:47
mbam-log-2009-11-19 (22-39-47).txt

Scan type: Quick Scan
Objects scanned: 107973
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\james\AppData\Local\Temp\C880.tmp (Trojan.Dropper) -> Delete on reboot.
C:\Windows\System32\dhcpcsvc32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0140ad0a-7fe9-4b62-b757-fe8251b10a52} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0140ad0a-7fe9-4b62-b757-fe8251b10a52} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0140ad0a-7fe9-4b62-b757-fe8251b10a52} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\dhcpcsvc32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Users\james\AppData\Local\Temp\C880.tmp (Trojan.Dropper) -> Delete on reboot.

I rebooted, now it has disabled AVG, and wont let me download anything.

Please Help
Thanks James
Seven answers:
Persia Best
2009-11-20 09:44:12 UTC
Well did you delete what malwarebytes found?

Re-Scan with malwarebytes and REMOVE WHAT IT FOUND.
anonymous
2009-11-20 17:42:14 UTC
You can run antivirus and antispyware programs, but the sad fact is if you have found one virus on your computer, you probably have several. Cleaning the computer now requires you to follow these steps, because modern viruses and spyware entrench themselves in files that your computer needs in order to run:



1. Virus-check your data files (not application files-- you have installer CDs for those).

2. Back up the data files, getting them off your hard drive.

3. Get your original operating system CDs that came with your computer.

4. Boot your computer from the operating system CD.

5. Select the option that erases your hard drive and then reinstall your system software.

6. Turn on your software firewall that came with your operating system.

7. Reconnect to the internet, and download *all* Windows updates, no matter how long it takes.

8. Reinstall your application software, and update the applications as much as you can.

9. Reinstall your data files.

10. Create a limited user account on your system that does *not* have administrator access, and web surf only from this account.



Yes, this is a pain in the butt. No, there is no other way. No, antivirus and antispyware programs cannot fix this problem on its own.



So, what do you do in the future?



1. Never click on links you find in an e-mail.

2. Never open an e-mail attachment, ever.

3. Only download files from a reputable website that you know is on the up-and-up.

4. Never use bit-torrent and other file-sharing programs.

5. Never use an unsolicited drive-checking site.

6. Turn off all java and java scripting by default, and only enable java and java scripting for sites that you know you can trust.

7. Never read an unsolicited e-mail, and delete spam immediately. It is possible to be hacked by reading an e-mail alone.



Please adhere to the 'dont's' I provided above, because you will have to repeat the cleaning steps that I listed first *every time you get infected.* Anti-spyware and anti-virus programs are good to have, but they are a second line of defense. The best way to protect your system is you, and changing your behavior.



Good luck!
CanadaRAM
2009-11-20 17:28:31 UTC
You often have to take a multi-pronged approach to eradicate all the malware. One product usually doesn't do it alone.



First download the following (if the virus is blocking your internet, you may have to download these on another machine and burn to CD or copy to a USB memory stick)



Malwarebytes: http://www.malwarebytes.org/mbam.php



Superantispyware: http://www.superantispyware.com/superantispywarefreevspro.html



CCleaner (cleans out caches) http://www.ccleaner.com



Avast! 4 Home: http://www.avast.com/eng/download-avast-home.html



Now, start the machine in Safe Mode (hit the F8 function key as the machine boots up, and choose Safe mode)



Turn off System Restore on your machine, but only until you get this fixed - many of these trojans get copied into the System Restore files, which anti-virus programs aren't allowed to touch and the viruses could reinstall themselves from there. My Computer > Properties > System Restore.



Then run CCleaner (it'll make scanning faster because it will delete a bunch of temp files and save you from having to scan those.)



Then run Malwarebytes, and clean everything it says.



Then install and run Avast - tell Avast to do a boot-scan - click on "schedule boot-scan" - and restart the computer



Let it start and do the Avast boot scan



Then install and run Superantispyware



Then turn System Restore back on.



Now install the antivirus program and antispyware program of your choice to do continuous scanning, and make sure you keep it up to date.



Always keep your Windows, web browser and Java software up to date - frequent patches are released to plug security holes.

http://www.pcworld.com/article/149298/10_quick_fixes_for_the_worst_security_nightmares.html
bobzero
2009-11-20 17:32:05 UTC
Hit Start

Control Panel

System and Maintenance

Backup and Restore Center

Then click the bottom choice Use system restore to fix problems and undo changes to fix problems, then choose a different restore point when it asks and choose one of the system checkpoints that was before you had problems, then click restore and it should work, if not you can do system recovery boot....Good Luck.
Sly_Old_Mole
2009-11-20 18:04:02 UTC
AVG ? what a joke, did it do its job ? NO, now you know why we don't use free AVG.



Try the following:



1. re boot into safe mode with networking

2. run malwarebytes again.

3. delete AVG

4. download free Avast & do a boot scan.
Jesse
2009-11-20 18:23:59 UTC
*EDIT* YOU MIGHT want to run the computer in safemode.



To do this turn off your comp and then turn it on and repeatedly click f8 till a little screen pops up that says "Safe mode"

"Safe mode with networking" and stuff



Click safemode (I don't think you need networking)*EDIT*





Get a program called "ComboFix" threw a flash drive, Run it, Keep the log in a file incase it doesn't work, and if it doesn't work email me



you can get a working combofix here



http://download.bleepingcomputer.com/sUBs/ComboFix.exe



jesse2krullis@yahoo.com



Emails will be almost instant because I have a blackberry storm so I can answer my emails quickly.
anonymous
2009-11-20 17:53:52 UTC
why are you using malware bytes to remove virus? that is not an antivirus. use antivirus. you say you have AVG. Update AVG and scan your whole computer in slow mode with it


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...