Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

netbook infected with antivirus plus and your pc protector

Started by imatrublue , Feb 11 2010 01:23 AM

  • Please log in to reply

#1
imatrublue
Posted 11 February 2010 - 01:23 AM

imatrublue

    Member

  • Member
  • PipPip
  • 22 posts
hi!

first things first.. this is NOT my puter... MY puter is infection free thanks to you guys!! I've bragged about yall to everyone that will listen and this is my thanks.... Ya'll have had a "lurker" about that read about what he needed to do and said lurker promptly dropped this "toy" off and begged me to go to the geek people and fix it.

I say TOY cause thats what it looks like... he says its a NETBOOK but to me it looks like an overgrown phone! This things has net access and a couple of usb ports and thats it! no cd/dvd rom drive, no card reader etc which is one of the reason he brought it to me since i have external cd/dvd burner and an assortment of card readers with cards!

this is what is on the machine!

Eee PC1000hd
windows xp

HE DOESNT HAVE A RESTORATION DISK - when i asked about it i just got a blank look.

i called the company and found out that this machine doesnt have a "copy" on the hard drive. its seems to have 2 paritions... a C: 60 gigs with 7 gigs in use and a d: 50 gig with 87.4 mb used. i can order a "restoration" disk if it comes to that.

here is what its doing.

I have a message that says YOUR SYSTEM IS INFECTED! right smack in the middle of the desktop. The icons come up but i cant get into much of anything. cant get into the control panel at all.

I've saved, install and ran the TFC and ERUNT programs but after downloading Malwarebytes and installing it... when i try to run it NOTHING happens. I tried changing the name of the program as suggested and still NOTHING. i installed it on a sd card thinking maybe i could "sneak" it in.. but alas nothing happened as before BUT the puter had no problem installing "new hardware"!!

SOooo here I am waving the white flag... as stated on my topic line... i cant access the task manager and even though i can get to the safemode window - no matter what option i take the puter always comes up in "regular" xp mode!

its constantly trying to get out on to the net but i wont let it so it gives me these little pleading popup windows telling me how SCREWED i am because im sooo infected with viruses and spyware! i can get out to the net but it takes forever and its constantly bringing up the antivirus pro "scanner" and if i didnt know any better would scare the living bejedusus out of me (if this were my puter)!

so i wait with my hat in hand for a geek guru to help "us"!

thanks - blue
  • 0

Advertisements

#2
RKinner
Posted 11 February 2010 - 06:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Burn a bootable cd of the kaspersky rescue disk:

http://www.askvg.com...ure-and-others/

It's an iso file so you need to Save it to your PC then do a disk copy (from image) to get it to work then boot off it (You may have to go into the BIOS Setup to change the boot order). It will scan your PC and fix a lot of things plus allows you to move files around.


The BitDefender one might also do you some good.

Another good bootable CD to have is

PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/

The page explains how to use it to fix a no logon condition. In your case netsky (which is the "in" virus these days and sounds like what you might have) usually messes with winlogon too but if userinit looks normal then check the value of shell which should be explorer.exe.

From a recent post we can see these Netsky infection points in an OTL log:

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)

O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)

(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )

O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)

(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon)

O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )

O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)

O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]

(possible infected file on USB drive or external drive)


NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()

These last two will mess up your internet. See:

http://www.threatexp...74451a9e6c0b5ef

http://www.quickheal....Agent2.kuz.asp

If in doubt compare to a working system.

Ron
  • 0

#3
imatrublue
Posted 12 February 2010 - 01:44 AM

imatrublue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
hi ron!

thanks for taking up the gauntlet!

i download and copied the kaspersky rescue disk and burned using imgburn (one of the iso burning programs yall recommend) and then took it over to the netbook and using an external cd/dvd drive "ran" it.

it wanted to update but i went ahead and did a run instead. it found some problems BUT i cant "fix" it because it wants to update first. its "old" and needs to update kaspersky and when i click on the update it doesnt seem to be able to go out on the internet. i used the wireless and the ethernet connection but get the same results... "update source cannot be found" and it looks like its going to http://dnl-08.geo.kasperskycom:80/

did i perhaps get the program from the wrong source?? the download came from "index of /devbuilds/rescuedisk/" is there away to "update it" using this computer and then burn the "updated" version to a cd???

as a side note... the little netbook was happy as a clam for little while when i was testing to make sure i was getting out on the net ok... but i must say that kaspersky is VERY unhappy.. i left it alone and its tried to "find" the update like 300+ times. lolol

i did notice something when i ran the scan... on the D: drive there is stuff there.. and im thinking its the recovery software.. so im not really sure that the "asus" tech had that part right..

ok.. i await your commands.
  • 0

#4
RKinner
Posted 12 February 2010 - 02:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Haven't used it in a while so guess it's not going to help tho you can use it to manually fix things if you write down what files it find that it doesn't like. If you right click on the K in the bottom left there is a option for a file manager which lets you look at and delete files.

There are some downloads available via google for kaspersky rescue disk 2010 but I can't say if they are good or not.

You might try one of the others on that same link.

Or get the PC Regedit program and work your way through the registry.

Got to go to bed now and won't be on line tomorrow until late as we are going off island (taking the ferry to the mainland).

Ron
  • 0

#5
imatrublue
Posted 25 February 2010 - 05:09 PM

imatrublue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Sorry for the delay.. I've been waiting on the recover disk to get here from asus.

It's here now and I'm ready to "recover" BUT before I do, I want to be really sure that I have all the drivers for the little netbook. I was told one "part number" for the recover disk which I ordered BUT when it got here someone had crossed out that number and put in another. SInce the whole purpose of this thing is to go out wireless to the net and do all that multi-media net stuff I want to really make sure that I have the correct drivers to made that process run efficiently.

Is there a folder or something somewhere that i can copy that has all the drivers in it??? I have access to hard drive and can copy or change anything... I just can't do anything in safe-mode.


Ok... I await your response!

Thanks - Blue
  • 0

#6
RKinner
Posted 25 February 2010 - 08:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I suppose the \windows\system32\drivers folder would be good to have. Also \windows\inf might be useful.

One thing to remember when doing a restore to factory specs is that the factory load is old and there are no doubt many MS updates required. Make sure the firewall is working before you connect to the internet and don't go anywhere except to http://windowsupdate.microsoft.com until you are up to date.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP