AfterDawn Forums

Virus problem - please help !

This discussion thread has 83 messages.

#1
I have a relatively new virus called strong vult online backup on my pc and no anti- virus can detect this because I don't believe it's in any data base yet . I must have got this from installing multiple DVD burners from download.com and any suggestions on removal ? I know part of the removal is in going into task manager and how do I know what to delete that's part of the virus .

Your mind will quit before your body does .
▼▼ This topic has 82 answers - they are below this advertisement ▼▼
AfterDawn Advertisement
#2
Originally posted by dweb175:
I have a relatively new virus called strong vult online backup on my pc and no anti- virus can detect this because I don't believe it's in any data base yet . I must have got this from installing multiple DVD burners from download.com and any suggestions on removal ? I know part of the removal is in going into task manager and how do I know what to delete that's part of the virus .
check out this link.
http://answers.microsoft.com/en-us/wind...a4-470c8d36f8fc
#3
Thanks for the reply , only this didn't work and I may need to either bring it to a shop or do a complete reinstall because this is not detected by anything . Unfortunately computer shop owners won't divulge any secrets on what they use or there would be no business for them .

Your mind will quit before your body does .
#4
have you tried system restore even in safemode\administrator?
#5
^^^ No , I don't know if system restore can remove a virus . I may give this a try . Doing a complete reinstall is such a pain , although I could use the hard drive space .

Your mind will quit before your body does .
#6
Try this it's good:

Download & SAVE to your Desktop RogueKiller from -> here
o Quit all programs that you may have started.
o Please disconnect any USB or external drives from the computer before you run this scan!
o For Vista or Windows 7, right-click and select "Run as Administrator to start"
o For Windows XP, double-click to start.
o Wait until Prescan has finished ...
o Then Click on "Scan" button
o Wait until the Status box shows "Scan Finished"
o click on "delete"
o Wait until the Status box shows "Deleting Finished"
o Click on "Report" and copy/paste the content of the Notepad into your next reply.
o The log should be found in RKreport[1].txt on your Desktop
o Exit/Close RogueKiller+



2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#7
Thanks again guys , but nothing has worked and it looks like I have 2 options . I can either have a shop fix it or flush out everything and start over . I searched high and low on the web and unlikely any anti- virus will detect this .

Your mind will quit before your body does .
#8
what about the log 2og asked for.if i was you i would listen to what he has to say.or you can just pee on the electric fence and learn that way.
#9
Originally posted by aldan:
what about the log 2og asked for.if i was you i would listen to what he has to say.or you can just pee on the electric fence and learn that way.
Originally posted by aldan:
what about the log 2og asked for.if i was you i would listen to what he has to say.or you can just pee on the electric fence and learn that way.
I'll try to run this again tomorrow and post a log , although it detected no traces of this virus I have and it's still in my PC ...

Your mind will quit before your body does .
#10
you say nothing can find a trace of this virus? what are your symptoms ie abnormal behaviour? if there is anything there at all, the venerable gentleman who wants your hjt log can find it.on this site he is the virus guru.
#11
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Andy [Admin rights]
Mode : Scan -- Date : 02/27/2013 22:25:08
| ARK || FAK || MBR |

Bad processes : 2
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup\CtxMenu.dll [x] -> UNLOADED
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup\ClientApi.dll [x] -> UNLOADED

Registry Entries : 0

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: SAMSUNG HD080HJ/P +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02272013_02d2225.txt >>
RKreport[1]_S_02272013_02d2225.txt Here is the log . It looks like it did detect this but not remove it .

Your mind will quit before your body does .
#12
C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup


That is what I was looking for....

now go to the Folder in RED and delete it...
Use Windows Explorer to find it.

Then come back and we can clear the leftovers and check for other infections...

2oG

p.s. don't pee on the electric fence. LOL
This message has been edited since its posting. Latest edit was made on 28 Feb 2013 @ 15:40



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#13
@ddp
I've lost my Preview button again. is it you or me?

Addendum: Never mind I found it.. I've got the bug and hope I can find it so I can stop loosing my buttons.. lol I'll get it!
This message has been edited since its posting. Latest edit was made on 28 Feb 2013 @ 16:35



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#14
that is your bug not my bug so i don't want your bug.
#15
Originally posted by ddp:
that is your bug not my bug so i don't want your bug.
Got you covered.... lol


This message has been edited since its posting. Latest edit was made on 28 Feb 2013 @ 19:27



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#16
BUG ALERT!!!BUG ALERT!!!
#17
Originally posted by 2oldGeek:
C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup


That is what I was looking for....

now go to the Folder in RED and delete it...
Use Windows Explorer to find it.

Then come back and we can clear the leftovers and check for other infections...

2oG

p.s. don't pee on the electric fence. LOL
Are you talking about the yellow folder that says windows that's located in my local disc when I click on " start , my computer , my local disc ? I don't see a red folder located in that specific folder or in documents and settings where I just looked ... I'm sure it's somewhere .
This message has been edited since its posting. Latest edit was made on 28 Feb 2013 @ 23:51

Your mind will quit before your body does .
#18
Well, I see you are a real novice..
No, I just highlighted the folder red in the path that you must follow to find it using windows explorer.

Just what is your skill level? Tell me how much you know about a computer so I won't go over your head...
Do you know how to use windows explorer? Right click on the Start in the bottom left corner and click on Open windows explorer. Then let me know if you can follow this path:
C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup
to this folder -> Strongvault Online Backup and then Delete it..
Can you Highlight, Copy, Cut, Paste and Delete?
Please let me know what your skill level is so I can try not to confuse you.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#19
Originally posted by 2oldGeek:
Well, I see you are a real novice..
No, I just highlighted the folder red in the path that you must follow to find it using windows explorer.

Just what is your skill level? Tell me how much you know about a computer so I won't go over your head...
Do you know how to use windows explorer? Right click on the Start in the bottom left corner and click on Open windows explorer. Then let me know if you can follow this path:
C:\Documents and Settings\Andy\Local Settings\Application Data\Strongvault Online Backup
to this folder -> Strongvault Online Backup and then Delete it..
Can you Highlight, Copy, Cut, Paste and Delete?
Please let me know what your skill level is so I can try not to confuse you.

2oG

I have to get back with you tomorrow because I can't find what your asking me to look for and it's very frustrating . I'm not a computer novice , but not very good at trouble shooting virus related issues other then running a spyware program like Malwarebytes to find and get rid of it . I think it's obvious I can copy , paste and delete because I did this , but I have to find what your asking for to do this . I appreciate you sticking with me and hope to find a solution .
This message has been edited since its posting. Latest edit was made on 01 Mar 2013 @ 1:44

Your mind will quit before your body does .
#20
dweb175,
Forget about trying to use explorer right now
If running programs is ok for you then we can go that route and Ill try not to throw you a curve ball.. If you dont understand something STOP and ASK.

The following programs should clean your computer thoroughly and after I look at the logs Ill give you some tips on how to keep it clean and keep from getting viruses, adware, spyware, Trojans and etc.

-Security Check-
Please download -> Security Check by screen317 and save it to your desktop.

1. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
2. A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Junkware Removal-
Please download ->jrt.exe ... and save it to your desktop.

1. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
2. If running Vista or Win7... right-click jrt.exe and select "Run as Administrator",
otherwise just double click it.
The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
On completion, a log file JRT.txt is saved to your desktop and will automatically open.
3. Please copy and paste the contents of JRT.txt and post in your next reply.


-AdwCleaner-
Please download ->AdwCleaner by Xplode onto your desktop.


1. Close all open programs and internet browsers.
2. Double click on AdwCleaner.exe to run the tool.
3. Click on Delete.
4. Confirm each time with Ok.
5. Your computer will be rebooted automatically. A text file will open after the restart.
6. Please post the content of that logfile with your next answer.
7. You can find the logfile at C:\AdwCleaner[S1].txt as well.



-HijackThis-
Please download ->TrendMicro HijackThis.exe and save it to your desktop

1. Double-click on HJTInstall.exe
2. Click on the Install button.
3. It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
4. Upon install, HijackThis should open for you.
5. Click on the Main Menu button
6. Click on the Do a system scan and save a log file button
7. Hijackthis will scan and then a log will open in notepad.
8. Copy and then paste the entire contents of the log in your next post.
9. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Please post the Security Check, Junkware Removal, AdwCleaner and HijackThis logs in your next reply.

Thats 4 Logs I need so that I can find any problems.
Please let me know how your computer is acting.

Just remember, I am not clairvoyant or telepathic and have no crystal ball, therefore, you must provide the Logs I request and tell me whats happening on your end, so I am able to help you.


2oG
Thats the number 2 and NOT Too , old with a small o and Geek with a Capital G
This message has been edited since its posting. Latest edit was made on 01 Mar 2013 @ 6:46



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#21
Thanks for posting all these programs and I'LL try to run them tonight after I come home from work because I don't have time now . I'll continue to try to look for that red folder as well .

Your mind will quit before your body does .
#22
LMAO! It's NOT RED! it looks just like any other folders....

These programs will take some time to run but, when finished you will be on the way to an exceptionally clean computer and you may learn enough that you can start your journey to approaching the rank of "Geek", a noble position LOL.

Let me know when you finish and please post the Logs....

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#23
he is a novice.
#24
aaaah, who let that cat out of the bag?
#25
you did with the red highlites, you naughty boy!!!!
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.

If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.