i got a virus please help

Discussion in 'Computer Software and Operating Systems' started by Blfdgfdghd, Nov 5, 2008.

Nov 5, 2008

i got a virus please help by Blfdgfdghd at 8:49 PM (1,921 Views / 0 Likes) 19 replies

  1. Blfdgfdghd
    OP

    Banned Blfdgfdghd Banned

    Joined:
    Aug 22, 2008
    Messages:
    337
    Country:
    Canada
    Hey guy i got a virus it messing up my computer and MSN! The Problem with MSN it send link to everybody once they go on it they got a virus TO please help. MY AntiVirus is Avg Free i scann my pc like alot i thought the virus was gone but i still have it PLEASE HELP and it gave playallday one and he thinks it me so please help!
     
  2. ENDscape

    Member ENDscape REBORN! I will post with my Dying Will!!!

    Joined:
    Dec 14, 2007
    Messages:
    1,488
    Location:
    ``orz
    Country:
    Philippines
    Just format your harddrive if Avg is failing to remove it. Better than spreading it to everyone.
     
  3. playallday

    Member playallday Group: GBAtemp Ghost

    Joined:
    May 23, 2008
    Messages:
    3,773
    Location:
    [@N@[)@
    Country:
    Canada
    It sure was you. The fact you didn't know how to use the computer is your fault.

    Anyways try Spybot or Avast.
     
  4. da_head

    Member da_head A dying dream..

    Joined:
    Apr 7, 2008
    Messages:
    2,953
    Location:
    Toronto, Canader!
    Country:
    Canada
  5. Lee79

    Member Lee79 Hyper...Active...Team Fortress 2 Addict

    Joined:
    Jul 29, 2007
    Messages:
    920
    Location:
    ctf_2fort
    Country:
    United Kingdom
  6. da_head

    Member da_head A dying dream..

    Joined:
    Apr 7, 2008
    Messages:
    2,953
    Location:
    Toronto, Canader!
    Country:
    Canada
    yo lee. i've always wondered how to read hijack files. any tips or tutorial?
     
  7. UltraMagnus

    Member UltraMagnus hic sunt dracones

    Joined:
    Aug 2, 2007
    Messages:
    1,967
    Location:
    Portsmouth
    Country:
    United Kingdom
    install avast....

    either that or format your hard drive and install ubuntu, it is pretty much idiot proof and virus proof
     
  8. Lee79

    Member Lee79 Hyper...Active...Team Fortress 2 Addict

    Joined:
    Jul 29, 2007
    Messages:
    920
    Location:
    ctf_2fort
    Country:
    United Kingdom
    Yeah Check your running processes everyday (ctrl+alt+del for XP/VISTA) and if anything changes or you do not know what it is running stop it.
     
  9. Blfdgfdghd
    OP

    Banned Blfdgfdghd Banned

    Joined:
    Aug 22, 2008
    Messages:
    337
    Country:
    Canada
    how do i format it
     
  10. playallday

    Member playallday Group: GBAtemp Ghost

    Joined:
    May 23, 2008
    Messages:
    3,773
    Location:
    [@N@[)@
    Country:
    Canada
    You'll lose everything. Look here.
     
  11. Lee79

    Member Lee79 Hyper...Active...Team Fortress 2 Addict

    Joined:
    Jul 29, 2007
    Messages:
    920
    Location:
    ctf_2fort
    Country:
    United Kingdom
    You do not have to format just run HijackThis 2.02 and copy the text file in your next post if you want help?
     
  12. Blfdgfdghd
    OP

    Banned Blfdgfdghd Banned

    Joined:
    Aug 22, 2008
    Messages:
    337
    Country:
    Canada
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:46:37 PM, on 11/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\service.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customi...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Windows Service] service.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgg.exe] C:\WINDOWS\system32\kdlgg.exe
    O4 - HKLM\..\Run: [5486a7c2] rundll32.exe "C:\WINDOWS\system32\mlunmffd.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Gizmo5] "C:\Program Files\Gizmo5\Gizmo5.exe"
    O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
    O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217452199875
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88F932D9-4976-45D9-80DF-E763CC9A8BA1}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2FA05AEB-1645-4EF5-A8D8-E0A35A25382B}: NameServer = 85.255.112.233;85.255.112.151
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll vdijen.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

    --
    End of file - 7977 bytes
     
  13. Lee79

    Member Lee79 Hyper...Active...Team Fortress 2 Addict

    Joined:
    Jul 29, 2007
    Messages:
    920
    Location:
    ctf_2fort
    Country:
    United Kingdom
    Well that looks OK to me but someone might disagree but I think if you do not have a virus it must be a hardware problem.
     
  14. Law

    Member Law rip ninjacat that zarcon made me

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Location:
    ‭jerkland
    Country:
    United Kingdom
    Tried changing your MSN password? Could even be a bot of some sort that got your password.
     
  15. da_head

    Member da_head A dying dream..

    Joined:
    Apr 7, 2008
    Messages:
    2,953
    Location:
    Toronto, Canader!
    Country:
    Canada
    @op: did u try my suggestion?
     
  16. playallday

    Member playallday Group: GBAtemp Ghost

    Joined:
    May 23, 2008
    Messages:
    3,773
    Location:
    [@N@[)@
    Country:
    Canada
    I don't think so. I got the virus off him too. Its real. Lucky for me Norton removed it [​IMG] .
     
  17. junk_man32

    Banned junk_man32 Banned

    Joined:
    Jun 20, 2008
    Messages:
    176
    Country:
    United States
    first of all u dont have a virus, 2nd of all, its a virus bot spreading around msn messenger, its not your fault, but if ur stupid enough to accept files that are pictures that say something like "Hey, do u like my facebook picture" from your friend, ur screwed cuz its not them sending it, its the virus bot. and u will also notice it wont be the same font when sent, just dont accept that kind of shit, youll get screwed over with viruses that close down your computer
     
  18. Blfdgfdghd
    OP

    Banned Blfdgfdghd Banned

    Joined:
    Aug 22, 2008
    Messages:
    337
    Country:
    Canada
    haha idiot.. it not that kind of a virus it something esle where it sends a link and BAM your pc screw not a freaking winrar file
     
  19. Law

    Member Law rip ninjacat that zarcon made me

    Joined:
    Aug 14, 2007
    Messages:
    4,132
    Location:
    ‭jerkland
    Country:
    United Kingdom
    It would be the fault of the people clicking the link. A link on it's own would do nothing. It's just text.


    Have you even tried changing your password? Seriously, just try it.
     
  20. Blfdgfdghd
    OP

    Banned Blfdgfdghd Banned

    Joined:
    Aug 22, 2008
    Messages:
    337
    Country:
    Canada
    k ill try that but things are poping up and i didnt click that link like playallday. New Things something call Sexvid is poping up and im geting gay things like is your dick Big on advertisements like youtube or gbatemp
     

Share This Page