Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

After reformat computer gets virus from pen drive

Started by lostris , Jan 21 2009 07:39 AM

  • This topic is locked This topic is locked

#1
lostris
Posted 21 January 2009 - 07:39 AM

lostris

    Member

  • Member
  • PipPip
  • 42 posts
After I reformatted my pc i got virus's from some where, probably my pen drive, though maybe internet. If i reformat my pen drive on my laptop, then put it into the pc, then take it out and put it back into my fully protected laptop then AVG finds two virus's on it.

Here is the HijackThis software result:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:21, on 21/01/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
O4 - HKCU\..\Run: [13CFG914-K641-26SF-N33P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse66.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1232362213143
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

--
End of file - 2608 bytes


HijackThis also gives me a message about going to www.restorefix.com.

The pc also won't install any windows updates.

Help much appreciated.

Edited by lostris, 21 January 2009 - 07:40 AM.

  • 0

Advertisements

#2
lostris
Posted 21 January 2009 - 11:48 AM

lostris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Can anyone help?

I reformatted my computer.
Installed the drivers using a pen drive and internet.

Then when i run a virus check i have virus's. These continually come back.

My other computer which is fully protected detects two virus's on my pen drive each time i put it into the computer.
I then reformat my pen drive, if i then put it back into computer and then back into the fully protected computer it again detects the virus's.

How do i get rid of them?

Please help

Edited by lostris, 21 January 2009 - 11:51 AM.

  • 0

#3
handhfan
Posted 29 January 2009 - 04:46 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, lostris, and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#4
lostris
Posted 03 February 2009 - 04:51 AM

lostris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hello handhfan, thanks for reply.

The problem has evolved slightly.

I reformatted my computer again. I had the drivers and security software on a new CDR.

I installed the drivers and then the security software. Then i installed the internet. Then I updated the security software. I then installed my two remaning uninstalled drivers. Immediately after that AntiVir found two virus's, they were:

c:\windows\system32\axxh.exe
c:\windows\system32\isass.exe

Then i restared. Ran AntiVir and found no virus's. Then after it was finished some time it found:

c:\windows\system32\jybxy.exe
c:\windows\system32\iexplore.exe

I restarted my computer and got a message there was a problem with iexplorer. Then AntiVir found:

c:\windows\system32\iexplore.exe
c:\windows\system32\bxuop.exe - which appeared three times in a row

Not long later it found:

c:\windows\system32\lldyvfwf.exe
c:\windows\system32\ncsphmu.exe

I also got a message form Messenger Service saying telling me the operating system registry may have errors and to go to www.restorefix.com. Then AntiVir got:

c:\windows\system32\TFTP3432

How and where am i getting these virus's from?

Ive also posted this in http://www.geekstogo...70#entry1448870 where ive been getting help.

Edited by lostris, 03 February 2009 - 04:57 AM.

  • 0

#5
handhfan
Posted 03 February 2009 - 11:18 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since you are getting help in another topic. This will be closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP