Virus help....

[packerfan 10+ year member]

Ive got some crazy virus that wont let me open anything, it installed something on the desk top and wont let me change it. It says " Warning! Your in danger. All you do with computer is stored forever in your hard disk. When you visit sites, send emails...all your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics. And in some cases for your boss, your friends, your wife, your childern. SECURE YOURSELF RIGHT NOW, REMOVE ALL SPYWARE FROM YOUR PC"

But it wont let me open up adaware or spybot. Anybody know wth is goin on?

Thanks-Justin

Click to read more...

 

[icydude 10+ year member]

ctr.alt del and get rid of anything running you dont need then try running the programs.

otherwise i dunno

 

[orphe 10+ year member]

ctr.alt del and get rid of anything running you dont need then try running the programs.
otherwise i dunno

I use to have that .. $#!t is very annoying spyware!!!!!

use adaware to help get rid of it or just do a system restore

 

[LightningStryk7 10+ year member]

Its probably imbedded in your registry so that when you start up a certain program after u close the thing or delete it, it will reload the spyware and the fun beigns again. I had some spyware sh*t on my old computer that never ever disapeared and it turned my homepages to some other site and stupid stuff. But its probably in your registry so you need to know waht to remove from taht. Very complicated. I never got my old computer clean of it.

*edit* yeah System restore would pwn it but you lose everything so back up some of your needed files if u can. (my old computer didnth ave system restore //content.invisioncic.com/y282845/emoticons/crap.gif.7f4dd41e3e9b23fbd170a1ee6f65cecc.gif

 

[Chevillac 5,000+ posts]

alt ctrl del anything not needed as someone else said. then get hijack this and adaware SE. I usually run hijack this get rid of stuff run it again to make sure nothing started itself, then do a full system scan will adaware SE.

 

[LightningStryk7 10+ year member]

Only problem with Hijack this is you need to know WHAT registry things to delete or you can mess up ur computer. (I think) You can save a log of what Hi jack this shows and post it at some site that knows how to do this stuff (there is one I forget the url tho). But they can look at it and tell you waht to delete.

 

[Chevillac 5,000+ posts]

adaware and spybot should take care of your registry.

 

[packerfan 10+ year member]

But it wont let me open up adaware or spybot. Anybody know wth is goin on?

Thanks-Justin

.....//content.invisioncic.com/y282845/emoticons/frown.gif.a3531fa0534503350665a1e957861287.gif.......

 

[orphe 10+ year member]

do you have yahoo messenger? my screen name is rorphe or email me @ rorphe@yahoo.com

maybe I can help

I had that spyware before its a ***** to get rid of

 

[packerfan 10+ year member]

I have AOL-Berettasql

 

[Chevillac 5,000+ posts]

did you get that fixed? sorry i had to go eat breakfast

 

[DBfan187 5,000+ posts]

http://www.microsoft.com/athome/security/spyware/software/default.mspx

 

[packerfan 10+ year member]

Logfile of HijackThis v1.99.1

Scan saved at 10:24:12 PM, on 4/29/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cmdtel.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\ahtun.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\windows\system32\taskmg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\windows\bdocsay.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Justin\Start Menu\Programs\Startup\winupdate16323874[1].exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\WinMX\WinMX.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Justin\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [tcrauvl] c:\windows\bdocsay.exe

O4 - HKCU\..\Run: [vpcmvss] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [ihschxf] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [tqocsva] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [kcmncgu] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [xristvr] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [pllklit] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [riclmfp] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [dfmefko] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [ugbmxdp] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [grsuyur] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [chlewem] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [ivtcebd] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [urdgowe] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [eaiqbpb] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [cdpdltq] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [ntfooyu] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [tchkkru] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [ejjkvtl] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [jehxlbp] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [floctxi] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [rlfnfpy] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [njhucte] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [lylmokl] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [unqfqjj] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [lfscpwm] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [rldnavo] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [tsegsxc] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [fiipirp] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [prflqdm] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [xjvjtkw] c:\windows\qumdsra.exe

O4 - HKCU\..\Run: [pktaqfm] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [rtdrxrd] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [agemyrc] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [qwbjmhj] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [dpcjvgm] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [mdrexrf] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [agwrxhm] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [bvkpfkr] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [hcgmger] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [txinlvt] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [pndsnwm] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [hkknnkh] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [mrhcwcs] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [nvjhupl] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [ltqwwqh] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [ufmdlcl] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [ijkywuj] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [lcjeuwn] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [fahxobq] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [tadkjsf] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [hmxwdem] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [hrswrhd] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [jsdahih] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [aiyqbps] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [lfpldkm] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [qdmfupq] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [ssusqau] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [lscvymh] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [bdqdjuk] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [vqswdjp] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [hepyqdc] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [aeeciym] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [mmeelya] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [gsrkbec] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [uipuqwk] c:\windows\xsxsfee.exe

O4 - HKCU\..\Run: [ctognxr] c:\windows\xsxsfee.exe

O4 - HKCU\..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - Startup: winupdate16323874[1].exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Microsoft AntiSpyware helper - {4DB2EBAE-F08D-4B31-B9B6-AC507DB3D65F} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DB2EBAE-F08D-4B31-B9B6-AC507DB3D65F} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

 

[DBfan187 5,000+ posts]

C:\WINDOWS\System32\cmdtel.exe

C:\WINDOWS\System32\ahtun.exe

are spyware

 

[Chevillac 5,000+ posts]

hey db, he got rid of a lot of that stuff, but for some reason still cant get adaware or spybot to open. he said other things are starting to open now. we are in AIM