1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

computer infected(not this 1 )

Discussion in 'Windows - Virus and spyware problems' started by john1690, Dec 2, 2005.

  1. john1690

    john1690 Regular member

    Joined:
    Nov 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    hi i was on my own pc last night and i went to dload from the site astalvista.box , after a second my search and destroy programm came up with the message computer infected or sumething like that .in a box it says reboot so i did ,the comp rebooted ta as far as windows is starting up ,and didnt go any further,plz help
     
  2. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
  3. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    try running your anti-virus program in safe mode
     
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Yep, you can first try to scan with your av in safe mode as ddp said, but please post HjT-log after that.
     
  5. john1690

    john1690 Regular member

    Joined:
    Nov 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    i cant even start on safe mode as wen im booting up it gets to as far as windows is starting up ,but it just stays there doing nothing ,yet i can move my mouse about . ive tried all modes on startup,any ideas guys, and tnx for the replys
     
  6. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    what windows are you using & what format is the hd in as in ntfs or fat32??
     
  7. john1690

    john1690 Regular member

    Joined:
    Nov 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    i am using windows xp pro and my hd is running on fat 32.

     
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    do you have a win98 boot disk or can get a copy of it?
     
  9. john1690

    john1690 Regular member

    Joined:
    Nov 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    thank u for ure help i got back on it eventualy started in safe mode ,it was an infection in java vm,although i still cant get rid id of the infections as i dont have java in control panel,to delete the cache, igot this infection name and repair ere
     
  10. john1690

    john1690 Regular member

    Joined:
    Nov 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 20:47:50, on 04/12/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://radio-slut.org/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133725941102
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    hope this is correct


     
  11. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    should be more to that log
     
  12. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
  13. lturchin

    lturchin Member

    Joined:
    Dec 16, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Not sure if anyone is seeing this thread but axell's advice saved me a bunch. I bought some new RAM and after installing it (coincidental), I could not get to login screen in xp pro SP2. I am a field engineer in IT and pride myself (does it go before fall?) on troubleshooting ability: I changed the power supply because I read that it's deterioration can slow things down; I blamed my new SATA drive (no viable reason) and because my Norton Antivirus Corp edition is always on, I did not in the least, suspect any viruses. In my favor, I have a copy of power quest desktop which can restore a drive to any state metal to metal and when I needed to reboot my PC, I had to use a 30 day old copy of my hard drive image. Long story short: I found this thread using google and downloaded the ewido prog and it found some ibm virus name that was f***g up my system.

    thanks dude, is the least I can say
     
  14. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome & glad to hear you're story :)
     

Share This Page