I think I need a technicion to sort my problems

[Circlip]

I doubt this will even get to the forums      :'(
 
I tried to send something similar last night saying that bobo1 is quite correct that i`ve got virtumonde files. Fact is i`ve done a scan and out of 807780 files. From 130--- to 136--- files i`ve got virtumonde generic, then virtumonde dll from 150--- to about 200---.
In-between those Zlobdownloader has 146---149---. Then virtumonde sci. returns at 200--- to 470--- then changes to sdn 470--- to 790---

Scan shows i`ve had Virtumonde.prx and deleted that i hope.

Also to get on the internet is near impossible. Press Start window appears and it`s not Internet Explorer just Internet. Internet Explorer icon has gone from desktop page too. I am without sound even checked all conections to speakers.

I AM TOTALLY P***S*D OFF WITH ALL THIS.

[Circlip]

Oh well it seems to have worked. 

To add to my quiery, I have done both Spy-bot and SUPER Spyware scans and Spy-bot came up with Virtumonde.prx first, so deleted that. But i`ve done a SUPER Spyware scan and it came up again. This was without going or getting onto the internet last night.

I could go into this further. When I switch on my PC and everything seems good. I take the cursor to anything and it`s changes to the hour-glass. This is for half an hour so i`ve right-clicked and got some old copies of photos up from my desktop. I though well they don`t need to be there and tried to delete them. Recycled bin right-click to open only. Tried to delete and it just freezes up with a cascade of pages. If I try to minimized it and it disappears.

When I ask avast! to do a scan I get my desktop page to go tripple size and all discoloured. I cannot scroll or go to Start to change anything. So I have to switch it all off at the electic wall socket. Then i`m back to waiting to use the cursor for half an hour.

Last night I desparatly put all my photos on to a External Hard Drive. I will do all my music later since now i`m able to do those simple tasks.

If i`ve made any mistakes, sorry but I dare not to minimize any of this or Preview it.

ttfn Circlip 

[bobo1]

Yes i remember your previous posting. Virtromonde is very bad infection destroys several system files. Can you get hold of a Windows xp cd rom?. I think you will need to DEL the hard drive partition & recreate partition & format the computer via XP CD Rom disk & re install windows. I had the blaster worm few years ago and reformatted. Save off all your photos & other inportant stuff on to external hard drive BUT Make sure that you scan the external hard drive on a known good computer with full working antvirus. Otherwise Vitromonde virus will spread! from one drive to another!

[Pondus]

Vundo

quote:
Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook

http://en.wikipedia.org/wiki/Vundo


How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
http://www.bleepingcomputer.com/virus-removal/remove-vundo-virtumonde

[Circlip]

You would not believe the what I have just done ....
I wrote out the whole of what i`ve tried to do over the last two and a half hours as per what bobo1 suggested. Almost to the point of doing my own spell check and though I cannot SWEAR on this forum ... I put down my mug of tea and PRESS ... Esc  £*^&ing %$£"*ing TW@ !!!

So I will write all I can remember out again

I did a avast! scan last night even though everything is 3 times the size it should be and everything looks like it`s been smugged. Result of scan is 61 files cannot be scanned

These include C:\Documents ans Settings\All Users\...\sb Recovery ini ...
others end in reg or BACKUP.db
C;|{241A3008-88D8-4670-8CA6-7C9CBC6}
C;\System Volume Information\...\SpyData scp.
 
How come it comes up with no files infected is beyond me.

Number of scanned Files/Folders 506208/7417 54.5 GB  in 2.22:24 hours

bobo1 suggested I install Windows XP of which I do have the original CD when I bought my PC in May 2006
After all the prompts I do I get this:- Windows Setup
Setup cannot continue because the version of windows on your computer is newer thatn the version on the CD.
AND a Warning saying if I continue I will loose lots of files already on here Blah Blah.
So I have three options a) Continue but I cannot click on it. b) Cancel. c) Details.
Ok so I thing what the hell, i`ll try going to My Computer and find the disc player and I got this CD spinning really fast but what do i know if it`s done any good. Probably not!!!

SO !!! As i`m doing all this this morning my PC decides to switch it`s self on and i`m able to get on the internet ... 1 and a hours after I switch it on. A BEEP tells me this as this is what happens when all the things i`ve clicked on suddenly pops up.
I press Start and then Internet but not Internet Explorer as it`s still not there and i`m writting this lot to anyone who laughing there socks off to my totally no understanding of what i`m doing.

Pondus ... I had a look on to (yet another very helpfull website) the blue writting that I thought I might be able to click on does not want to be clicked on ... I`ve logged on and still no joy.

My thoughts are to put my computer in the nearest SKIP and i`ll go and buy another !!!

ttfn Circlip
 
 

[bobo1]

Hi,
Can't understand why you cannot boot off your orginal XP cd rom! You will need this placed in your cd rom first and then turn on your computer. You should get in the top left hand corner of your screen BOOT FROM CD ROM. Press Enter and you should be able to run setup. It will warn that there is an xp install on your hard drive. You should be able to re install and remove old xp and re format. If this does not work then BIOS Start sequence is wrong. Will be BOOTING FROM C:\ Drive first and cd rom after. To access the BIOS normally on some machines is DEL or F1 or other keys set? You really need to check this. Normally a computer repairer will format your machine £15- 30 upwards is the computer worth it?

[essexboy]

Why not go for a clean instead of reformat ? Spybot and SAS are just not strong enough to kill this

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS  to your Desktop

• Close ALL OTHER PROGRAMS.
  
• Double-click on OTS.exe to start the program.
  
• Check the box that says Scan All Users
  
• Under Additional Scans check the following:
• Reg - Shell Spawning
• File - Lop Check
• File - Purity Scan
• Evnt - EvtViewer (last 10)

• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
  
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
  
• Once it has uploaded, click the Manage Current Attachments drop down box
  
• Click on to insert the attachment into your post

[bobo1]

Yep Malware bytes is good Don't know if circlip has run this in the past and got anywere with this. Thats if his internet is working or the viruses are stopping him downloading malwarebytes mbam program?

[Circlip]

Hello to all that have answered my post.

bobo1, I did get a little confused earlier (2009) with what to download and in the end I downloaded Spy-bot and SUPER Anti-spyware. I had a look at Malwarebytes but just could not figure how to download it. So now I have and from 4.30 ish this afternoon i`ve been doing a the two scans suggested by ...

essexboy, I have done what you have suggested. The first came up with quite a lot of problems and have deleted them. If a log has been saved then i`ll try and put them up on here ... have opened something that says mbam-log-2010-01-17 (21-02-16) in Additional Options.
The second scan came up with this Trojan Hiloti and because I don`t trust my PC skills I wrote it down.
Trojan Hiloti  File C:\ SystemVolumeInformation\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1004\A014659.dll
Will the other log appear below
I have got to "please do so immediately" then i`ll have to get a mate to show me how to do the next step 

The thing is i`m still waiting for lots of things to happen when ask as told to re-start my PC. It takes for ever to be able to just click on Start. I got bored and clicked Google Earth and that got everything going again, 48 windows of My Computer page pops up wahay ... I still have no sound through the speakers ... I can`t use re-cycled bin as it just freezes up everything again.

Still, i`m totally out of my depth as to whats going on. Lets see if this log results come up ...

[Circlip]

Wow it`s worked ... as attachment is at the bottom and so to the other that I could not find earlier.

Don`t know you can make of all those numbers ... 

[essexboy]

The final detection was in system restore - so all we need to do is reset the restore points.  What problems are you experiencing now ?

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE
  

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

[Circlip]

Afternoon all,

Not been online for a couple of days, work conferance. 

The problems that still exsist is that i`ve got no sound through the speakers. A couple of annoying things that happen, it`s like when i`m scrolling up and down to look at what essexboy and others have added. I get ruler lines through-out the text, they disappear when the cursor "|" is over them but remain in this >>>>>>>>>>>>>>> hmmm difficult to explain, the other side of the scroll bar. Say about a 3rd of what i`m writting in. Also the cursor floats about quite a lot when scrolling up or down. Not sure if that is a known problem or not. And when waiting for a page to load I get about:blank window before the "done" comes into view bottom left.
And to be honset i`ve left my PC on for the last 36 hours or more `cos I wasn`t sure if I could get back on the internet ... probably not a good idea but apart from no sound, I am able to login to read emails and other websites I look at every day.

Thanks for the the full discription of how to see if my problems are sorted essexboy. Do I need to or try to go download "OTS" as that will take me for ages to write all those dll`s sys`s thingys. I`ll wait for an answer till I have to go out later ... in about 2 hours

Cheers Circlip

[essexboy]

Aye download OTS and then copy and paste the data that is bolded into the Custom Scan box then run the scan

[Circlip]

Morning all,

An update as to what i`ve been trying to do for a couple of days.

I have tried to re-boot from my original Operating System Reinstallation CD bobo1, I don`t get BOOT FROM CD ROM in the lefthand corner. I had lost the IE e from the taskbar, but now i`ve managed to put that back somehow just playing, not sure how I did that. And also put an IE e in shortcut to the desktop. If thats what it`s called.
The annoying thing is my PC takes an hour to be able to just fire up to go on to the internet. The hourglass is there instead of the cursor in the taskbar, though I can use Google Earth and do a scan with SUPER Anti Spyware which does not find any files infected.

Now, I have downloaded OTS.exe and have done what essexboy has suggested. It was late one night/early morning when I finely wrote in all the list of things but after about 20mins it seamed to grind to a halt. C Manual File Scan - Looking in folder :\... in taskbar so I left it to run all night till 8am when I came back to my PC. On the top it says OTS by Oldtimer-Version 3.1.19.1 (Not Responding) and within the ots window I have an hourglass which of course I cannot click on anything. I can minimize it or click on the red X to delete. If I minimize it, it does not go into the taskbar just shrinks down to a blue bar with the dash in a box and the red X in a box.
Another thing that i`ve not been able to do is download for a month or more when asked from Windows are these

Windows Automatic Updates.
The following updates could not be installed.
Microsoft .NET Framework1.1 Service Pack 1 Security Update for Windows 2000, WindowsXP, Windows Vista, Windows Service 2008 Windows 7, and windows Server 2000 R2 (KB953297)

I`ve asked a mate to come and help but he says he had a similar problem but lost all his photos. He says, Just take your PC to a shop in town and he will fix all your problems for £40.
I`m going round in circles with what folk want me to do but I hav`nt a clue what i`m doing.
I will probably buy a security package instead of all the free ones available, makes sense really.
 
And so to my last quiery which Security Package would you buy for £40.00 ... as a guide.

Cheers Circlip
     

[bobo1]

Hi.
I am certain your bios start up sequence is wrong on your computer. Most computers it is either F1  F12 or DEL KEY OR IT CAN BE ANY OTHER. YOU NEED TO PRESS AND HOLD THIS DOWN IMMEDIATLY AFTER PRESSING START OR POWER ON BUTTON. If you still cannot access the motherboard bios setup utillity. Then i can only suggest that you take your computer to a Tech. What make is your computer so that i can GOOGLE some info about it to give you more help to try and get your computer to boot off the XP CD ROM!?