[greyknight17]

That's not good. It's most likely a virus/trojan posing as McAfee.

Run an online virus scan using Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.

[Advertisements]

k here's the pandasoftware scan log

Incident Status Location

Virus:W32/Gaobot.HPE.worm Disinfected Operating system
Adware:Adware/SaveNow No disinfected Windows Registry
Virus:W32/Gaobot.HPE.worm Disinfected C:\WINDOWS\system32\mss.exe
Virus:W32/Sdbot.DYD.worm Disinfected C:\WINDOWS\system32\mssce.exe
Virus:W32/Sdbot.DYK.worm Disinfected C:\WINDOWS\system32\svcsenes32a.exe
Virus:W32/Gaobot.GIR.worm Disinfected C:\WINDOWS\system32\Systemtrayxx.exe
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2528
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2904
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2992

[Aaron89]

k here's the pandasoftware scan log

Incident Status Location

Virus:W32/Gaobot.HPE.worm Disinfected Operating system
Adware:Adware/SaveNow No disinfected Windows Registry
Virus:W32/Gaobot.HPE.worm Disinfected C:\WINDOWS\system32\mss.exe
Virus:W32/Sdbot.DYD.worm Disinfected C:\WINDOWS\system32\mssce.exe
Virus:W32/Sdbot.DYK.worm Disinfected C:\WINDOWS\system32\svcsenes32a.exe
Virus:W32/Gaobot.GIR.worm Disinfected C:\WINDOWS\system32\Systemtrayxx.exe
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2528
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2904
Virus:W32/Sdbot.DOF.worm Disinfected C:\WINDOWS\system32\TFTP2992

[greyknight17]

Delete these files:

C:\WINDOWS\system32\mss.exe
C:\WINDOWS\system32\mssce.exe
C:\WINDOWS\system32\svcsenes32a.exe
C:\WINDOWS\system32\Systemtrayxx.exe
C:\WINDOWS\system32\TFTP2528
C:\WINDOWS\system32\TFTP2904
C:\WINDOWS\system32\TFTP2992

Let's use this also:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here.

Anything still trying to access the internet now?

[Aaron89]

k a virus/trojan survived pandasoftware's scan I believe the file is directx.sys or something similar to that and winsys.exe, I did a scan with AVG and it detected a virus then shortly after that my firewall asked permission to run winsys.exe and I said no then my computer went haywire, after I rebooted firewall gave me the message again and I clicked yes and so far it's running, so any help getting rid of these peks would be nice. Thanks again for all the help.

[greyknight17]

Did you run the TrendMicro scan yet? It didn't pick up anything either? If you ran it and nothing came up, use this:

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.greyknigh...om/spy/mwav.exe

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything. (ignore the outdated message if it comes up)
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.

[Aaron89]

that program won't let me scan

[greyknight17]

Which one? You mean mwav? How about the TrendMicro online scan?

[Aaron89]

I can't get trendmicro to work

[greyknight17]

Update AVG and run a full scan again. Remove (Heal or delete) whatever is found. If some are in the restore points, disable system restore and then enable it back again.

If the firewall asks if you want to allow those bad programs online, say no.

It may take a little longer for me to reply back. I will be taking a vacation starting tomorrow. I have asked the other staff/experts here to take over my topics just in case I can't get back to them earlier. So if anything, wait for another expert to help you or until I can get back online (at the hotel).

[Aaron89]

here's an update on my situation...

everyone so often my browser stops working and says website unavailable at the top and on the bottom it says DNS error. I run a program called WinSockfix and it fixes it for a short time, I think the DNS problem might be related to a trojan I can't seem to get rid of.

[Aaron89]

just found out I have a trojan on my pc, sms.exe or Win32.Worm.Vesser.A I really need some help removing it. I think it might be causing my errors.

[greyknight17]

Sorry for the delay in replying. I was out and there supposedly were others who looked after my posts while I was gone.

Is the problem still there now? No antivirus programs work at all?

[Aaron89]

it's pretty much all fixed now, went ahead and formatted lost alot of stuff but it does work better, although now I'm having another issue. I'm having a graphics card driver issue, I've updated 3 times and none have worked I don't know what to do.

-Problem- My computer will reboot itself while running a program that needs alot of memory, good example is a game. Getting alot of error messages as well and windows media player won't let me rip cd's onto my pc.

Specs- Nvidia GeForce FX 5500 256MB


think you can help me out again please?

[greyknight17]

I'll try.

Let's see if it's a memory/ram problem first:

Download the Windows Memory Diagnostic Tool and install it on a blank floppy disk. Restart your computer and insert the floppy. If necessary, change your bios to boot from the floppy drive first. Let it load from the floppy and run the memory test for about 15 minutes. If no errors show up, you may exit the program and take out the floppy.

If that's not it, try moving the ram sticks around. If there's an empty slot available, move one of the ram sticks down/up to that free one. Sometimes this makes a difference.

If those won't do it, ask this in the appropriate category since this is mainly for HijackThis logs. Either way, post back so I know how everything went. I will close this topic once you reply back.

[Aaron89]

It doesn't seem to be a memory issue or bad ram stick, I called the company I bought my computer from and they're going to work on it sometime this week. I want to thank you for all the help you've given over the past 2 months, thank you and take care.