i got a virus please help

Discussion in 'Computer Software and Operating Systems' started by Blfdgfdghd, Nov 5, 2008.

  1. Blfdgfdghd
    OP

    Blfdgfdghd Banned

    Banned
    337
    0
    Aug 22, 2008
    Canada
    Hey guy i got a virus it messing up my computer and MSN! The Problem with MSN it send link to everybody once they go on it they got a virus TO please help. MY AntiVirus is Avg Free i scann my pc like alot i thought the virus was gone but i still have it PLEASE HELP and it gave playallday one and he thinks it me so please help!
     
  2. ENDscape

    ENDscape REBORN! I will post with my Dying Will!!!

    Member
    1,488
    1
    Dec 14, 2007
    ``orz
    Just format your harddrive if Avg is failing to remove it. Better than spreading it to everyone.
     
  3. playallday

    playallday Group: GBAtemp Ghost

    Member
    3,773
    9
    May 23, 2008
    Canada
    [@N@[)@
    It sure was you. The fact you didn't know how to use the computer is your fault.

    Anyways try Spybot or Avast.
     
  4. da_head

    da_head A dying dream..

    Member
    2,953
    2
    Apr 7, 2008
    Canada
    Toronto, Canader!
  5. Lee79

    Lee79 Hyper...Active...Team Fortress 2 Addict

    Member
    920
    0
    Jul 29, 2007
    ctf_2fort
  6. da_head

    da_head A dying dream..

    Member
    2,953
    2
    Apr 7, 2008
    Canada
    Toronto, Canader!
    yo lee. i've always wondered how to read hijack files. any tips or tutorial?
     
  7. UltraMagnus

    UltraMagnus hic sunt dracones

    Member
    1,967
    0
    Aug 2, 2007
    Portsmouth
    install avast....

    either that or format your hard drive and install ubuntu, it is pretty much idiot proof and virus proof
     
  8. Lee79

    Lee79 Hyper...Active...Team Fortress 2 Addict

    Member
    920
    0
    Jul 29, 2007
    ctf_2fort
    Yeah Check your running processes everyday (ctrl+alt+del for XP/VISTA) and if anything changes or you do not know what it is running stop it.
     
  9. Blfdgfdghd
    OP

    Blfdgfdghd Banned

    Banned
    337
    0
    Aug 22, 2008
    Canada
    how do i format it
     
  10. playallday

    playallday Group: GBAtemp Ghost

    Member
    3,773
    9
    May 23, 2008
    Canada
    [@N@[)@
    You'll lose everything. Look here.
     
  11. Lee79

    Lee79 Hyper...Active...Team Fortress 2 Addict

    Member
    920
    0
    Jul 29, 2007
    ctf_2fort
    You do not have to format just run HijackThis 2.02 and copy the text file in your next post if you want help?
     
  12. Blfdgfdghd
    OP

    Blfdgfdghd Banned

    Banned
    337
    0
    Aug 22, 2008
    Canada
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:46:37 PM, on 11/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\service.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customi...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Windows Service] service.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgg.exe] C:\WINDOWS\system32\kdlgg.exe
    O4 - HKLM\..\Run: [5486a7c2] rundll32.exe "C:\WINDOWS\system32\mlunmffd.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Gizmo5] "C:\Program Files\Gizmo5\Gizmo5.exe"
    O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
    O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217452199875
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88F932D9-4976-45D9-80DF-E763CC9A8BA1}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll vdijen.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

    --
    End of file - 7977 bytes
     
  13. Lee79

    Lee79 Hyper...Active...Team Fortress 2 Addict

    Member
    920
    0
    Jul 29, 2007
    ctf_2fort
    Well that looks OK to me but someone might disagree but I think if you do not have a virus it must be a hardware problem.
     
  14. Law

    Law rip ninjacat that zarcon made me

    Member
    4,132
    217
    Aug 14, 2007
    ‭jerkland
    Tried changing your MSN password? Could even be a bot of some sort that got your password.
     
  15. da_head

    da_head A dying dream..

    Member
    2,953
    2
    Apr 7, 2008
    Canada
    Toronto, Canader!
    @op: did u try my suggestion?
     
  16. playallday

    playallday Group: GBAtemp Ghost

    Member
    3,773
    9
    May 23, 2008
    Canada
    [@N@[)@
    I don't think so. I got the virus off him too. Its real. Lucky for me Norton removed it [​IMG] .
     
  17. junk_man32

    junk_man32 Banned

    Banned
    176
    0
    Jun 20, 2008
    United States
    first of all u dont have a virus, 2nd of all, its a virus bot spreading around msn messenger, its not your fault, but if ur stupid enough to accept files that are pictures that say something like "Hey, do u like my facebook picture" from your friend, ur screwed cuz its not them sending it, its the virus bot. and u will also notice it wont be the same font when sent, just dont accept that kind of shit, youll get screwed over with viruses that close down your computer
     
  18. Blfdgfdghd
    OP

    Blfdgfdghd Banned

    Banned
    337
    0
    Aug 22, 2008
    Canada
    haha idiot.. it not that kind of a virus it something esle where it sends a link and BAM your pc screw not a freaking winrar file
     
  19. Law

    Law rip ninjacat that zarcon made me

    Member
    4,132
    217
    Aug 14, 2007
    ‭jerkland
    It would be the fault of the people clicking the link. A link on it's own would do nothing. It's just text.


    Have you even tried changing your password? Seriously, just try it.
     
  20. Blfdgfdghd
    OP

    Blfdgfdghd Banned

    Banned
    337
    0
    Aug 22, 2008
    Canada
    k ill try that but things are poping up and i didnt click that link like playallday. New Things something call Sexvid is poping up and im geting gay things like is your dick Big on advertisements like youtube or gbatemp