Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help to "system check" virus


  • Please log in to reply

#1
brandenqi

brandenqi

    Member

  • Member
  • PipPip
  • 23 posts
My laptop infected this nasty virus on December 18 or 19? 2011 when I downloaded a file. I forced the computer to shut down and retored to a previous backup in safe mold. It seems ok when i restarted except all files became hidden. it doesn't bother me to much beside it becomes slower.It gets worse on December 30, when i accidently unplug the power cord. When i restarted the computer, this virus goes wild. System restore funcion doesn't work anymore.I have to get in safety model. I did some delet according to online reference of manual removal. however, when i tried to start computer with normal, this nasty virus comes back agian. my computer can only run in safety mode now. I have limited access to internet too.
Can someone please help me?

Thanks a lot

Wish everyone a happy new year.

bo
  • 0

Advertisements


#2
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Update on my laptop:
I can log on computer with normal model, however, I lost cotrol on every application,I cann't even open this log file with notebook.

Edited by brandenqi, 02 January 2012 - 11:10 AM.

  • 0

#3
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, brandenqi! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)



Could you do the following scans for me please, then get back to me with the relevant logs...


1)
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Once this has been done, run RogueKiller again and do the following...
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt file(s) in your next Reply.


If you cannot do the above due to the malware interfering, try following the instructions as above again, but this time with your computer booted into Safe Mode with Networking

To get into Safe Mode with Networking:
  • Switch on your PC and immediately start tapping the F8 key on the keyboard
  • Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
  • Make sure Safe Mode with Networking is highlighted and then press Enter
  • Your PC will now boot into Safe Mode.





2)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [avPYOWQgOag.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\avPYOWQgOag.exe File not found
    O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\bobo\Application Data\dplaysvr.exe ()
    O4 - HKLM..\Run: [gfhYdHclcK.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\gfhYdHclcK.exe File not found
    [2011/12/31 18:54:18 | 000,016,418 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\458v73p75ekmqk3f8msv2l
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.



In your next reply
Please post the contents of...
RogueKiller log files
OTL log

  • 0

#4
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Blackoxide,

Thank you so much for your help. I got new problem with my computer. it won't start now. error notice is <window root>\system32\hal.dll is missing, please reinstall the file.

I have no idea how to install this file

Regards,

Bo
  • 0

#5
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Can you tell me, did this happen after running either RogueKiller or OTL, or did it just seem to happen on it's own?


See if you can boot the PC using Last Known Good Configuration:

  • Switch your PC on, then immediately start tapping the F8 key
  • Keep pressing it until you are shown a list of options which include Safe Mode, Safe Mode with Networking etc...
  • Use the arrow keys on the keyboard and highlight Last Known Good Configuration
  • Now press Enter
  • Let me know whether the PC now boots normally


If the above didn't work, could you answer the following questions for me please...

  • What is the make and model of the PC? E.g Dell Dimension 5150
  • What version of Windows are you running? E.g Windows XP, Windows Vista etc?
  • Do you have a Windows Installation CD?
  • Do you have access to another PC or Laptop?

  • 0

#6
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hey,

Can you tell me, did this happen after running either RogueKiller or OTL, or did it just seem to happen on it's own?
I did run OTL yesterday, but I am not sure it is because of this or on its own. This computer seems have multiple virus.



See if you can boot the PC using Last Known Good Configuration:

  • Switch your PC on, then immediately start tapping the F8 key
  • Keep pressing it until you are shown a list of options which include Safe Mode, Safe Mode with Networking etc...
  • Use the arrow keys on the keyboard and highlight Last Known Good Configuration
  • Now press Enter
  • Let me know whether the PC now boots normally

This doesn't work.

If the above didn't work, could you answer the following questions for me please...

  • What is the make and model of the PC? E.g Dell Dimension 5150
    compaq presario F500,
  • What version of Windows are you running? E.g Windows XP, Windows Vista etc?
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600)
  • Do you have a Windows Installation CD?
    no
  • Do you have access to another PC or Laptop?
    I have another laptop running with xp


Edited by brandenqi, 02 January 2012 - 03:40 PM.

  • 0

#7
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
To fix this issue we will need to boot from either a Windows Installation disc or a Recovery Console Disc. As you don't currently have a Windows disc we'll go ahead and create a CD containing the Recovery Console. You will need to do this on your Laptop and it will require a blank CD.

To create the Recovery Console disc, just follow the steps below...


Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.
  • 0

#8
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey,
I burn a Recovery Concole disc and ready to go, please let me know next move.

Thanks

bo

Edited by brandenqi, 02 January 2012 - 07:06 PM.

  • 0

#9
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey,
Things get more complex with my laptop. I made the recovery console disk and use it to copy hal.dll file to my computer. it goes well.however, when I start it, a new error messange says "load needed dlls file to kernel".

Then I did a really stupid thing, I followed a online reference to solve dlls problems.The result is a new error comming up :"NTLDR is missing".

Now I know the right way to do is exactly waiting for your advice on next move. I am really sorry for my stupid doing and looking forward for your help.

what I did is I run this two actions under recovery mold.
FIXBOOT
FIXMBR

Edited by brandenqi, 02 January 2012 - 10:15 PM.

  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Yep if you can always try and wait for the instructions as it can often mean one step forward and two steps back ;)

There will sometimes be delays between our posts due to the time differences, but we'll get it sorted I'm sure.


Back onto the problem in hand. We will try Fix NTLDR to see if this resolves the problem. This is another CD you will need to burn. Just follow the instructions here on burning the CD and using the bootable CD. Basically you will need to try all of the options to see if any get the PC booting again. Note down which number gets the PC booting (if at all).

Let me know if you have any problems.
  • 0

Advertisements


#11
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I will keep your advice in mind :thumbsup:

I tyied the new NTLDR disc, only the 1ST option sent me to "windows could not start because of an error in the software. please report this problem as:load needed dlls for kernel", which appeared after I copied hal.dll file with fist burned Disk.
all the other options give me error message mention by the web site.

I also tried to go to safe mode,the screen shows:
multi(0)disk(0)rdisk(0)partition(1)\windows\system32\ntkrnlpa.exe
multi(0)disk(0)rdisk(0)partition(1)\windows\system32\hal.dll
multi(0)disk(0)rdisk(0)partition(1)\windows\system32\kdcom.dll
windows could not start because of an error in the software. please report this problem as:load needed dlls for kernel


bo
  • 0

#12
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the info. Could be a tricky one to get round without the use of a Windows CD or Recovery Disc by the looks of it. Do you know anybody that has got an official Windows CD you could borrow by any chance?

What we'll do first though is test the Hard Drive, as in your OTL log there were reports of Bad Blocks in the Event logs, which could indicate that part of the problem here is the Hard Drive. To see what state it is in we'll run a test on it. It just means using another blank CD, so I hope I haven't gone through them all yet ;)


Hard Drive Test
We will use SeaTools to test your Hard Drive. You will need a blank CD for this process.

Click here to download the SeaTools disc image

Burning the ISO image to CD
  • Click here to download ImgBurn, a program which we will use to burn the .iso file onto a Blank CD
  • Once downloaded, double click the ImgBurn installation file and follow the prompts to install it
  • Open ImgBurn and click Write image file to disc
  • Insert a blank CD into your drive
  • Now click Browse for a file
Posted Image

  • Navigate to the SeaTools ISO file that you downloaded, select it, then click Open
  • Now click on the following button to start burning the image to disc

    Posted Image
  • Once the CD has been burnt, insert it back into the CD drive and shutdown your PC
  • Restart the PC and SeaTools should load up
  • If it doesn't automatically load, you will need to change the Boot Order in your BIOS, so that the PC looks at the CD Drive before booting into Windows. If you are unsure of how to do this, just let me know your Make and Model of PC/Laptop
  • When SeaTools has loaded, click I Agree on the License Agreement
  • Click Basic Tests at the top, then click on Long Test
  • It will then perform a full test on your Hard Drive
  • If no errors were found, at the end of the test it will display PASSED in the Test Results column
  • If a problem was detected on the Hard Drive it will alert you to it and you should see the number of errors detected in the Test Progress column. If there are any errors, please note down how many errors it found.
  • Once the scan has finished, just click Exit at the top and boot back into Windows
  • Report back on whether the drive passed or if any errors were detected (and how many)

  • 0

#13
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey,

I burn the SeaTools disc, and boot my computer from the disc, however, i can't move my mouse to do anything even click on i accept.
  • 0

#14
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ahh I have known this before on some USB Mice. You will just need to use the keyboard to start the scan. When you see the License Agreement at the start, press Enter on the keyboard. Then give it around 10-20 seconds to detect your Hard Drive. Then press the Down arrow key on your keyboard twice. Long Test should now be highlighted. Just press Enter and it will begin the Test :)
  • 0

#15
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I run the test and it said long test passed
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP