Hi I am not very good with viruses. But It seems I have contracred a nasty one. I got it form a friend on msn messenger. It was some wierd name and when i clicked on it it started sending itself to other people. It seems to have turned off my system restore and norton and ad-aware can't get rid of it. when i log onto my computer a windos secruity message appears asking me if i want to run a program form an unknow publisher in my C:/windows/system 32 the file is called matsys exe i think. Could anyone help me or give some advice on this.
Put HJT in a permanent folder. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" .Put your HijackThis.exe there, and double click to run it.
Push - Do a systemscan and save a logfile - button
and Highlight the Entire Log by pressing Ctrl+A and Copy it. Post log here
Hi, I've contracted the virus through msn as well. I was wondering if you could help me as well please? I've followed your advise above and this is what came back:
Logfile of HijackThis v1.99.1 Scan saved at 08:32:48, on 19/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Please, please help. when i've used bullguard it hasn't managed to find it, also when i've tried to use a search engine to ask for virus advice it sometimes just closes that window to prevent me from searching! please please help, i don't know what to do!
Remove MyWay-P2P Networking-Altnet from add/remove programs in control panel
Please go offline
Run FixSflog exe
And Trend Damage Cleanup
Scan with HijackThis , close all other windows and browsers, and place a checkmark next to these items, and fix: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mcsv.com O1 - Hosts: <<<ALL O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s O4 - HKLM\..\Run: [SDAv] C:\WINDOWS\svhost.exe O4 - HKLM\..\Run: [NDAv] C:\WINDOWS\svhost.exe O4 - HKCU\..\Run: [SDAv] C:\WINDOWS\svhost.exe O4 - HKCU\..\Run: [NDAv] C:\WINDOWS\svhost.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) –
Press the "Fix checked" button. Then close HijackThis.
Reboot into Safe Mode -Hit F8 key untill menu shows up
Delete the following files or folders (delete item in bold). Please do not be concerned if any of the items are not found as they may have been automatically removed by actions I had you take earlier in the cleaning process.
Run the mwav scanner: Put a checkmark in: Memory, Startup folders, drive, Registry, System folders og Services. And: All local drives og Scan all files Push:Scan Button The scan can take a couple of hours
Spybot, click on the Immunize button. Then "Scan System" button. Next, close all Internet Explorer windows, and click - Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
Adware Click Start and on the next screen choose: Use Perform full Systemscan options Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
Save the log file when it asks and then click Finish. When finished, mark everything for removal and get rid of it. (Right-click on any of the entries and choose Select All from the drop down menu and click Next).
Reboot
Go to Start | Run and type: cleanmgr.exe and hit enter. When prompted what drive to clean select your hard drive c: If asked what folders to clean in a list, tick them all to clean all temp folders, downloaded program folders, temporary internet files, etc., and the recycle/trash bin.
Post fresh hijackthislog, and tell how things are running
I could not access the websites to download FixSflog or Trend damage cleanup, so i tried to do everything else. I tried to configure my pc to show all files and folders, and disable system restore as per instructions but I couldn't. when i clicked on 'tools' there was no 'folder options' tab. I managed to get into computer properties but it was not there. Sorry I'm not very good with computers!
I did everything that you told me to do that i could - msn now works but now svhost.exe window pops up when i start the pc asking me if i want to run it? I cancel it everytime-it was one of the programs you asked me to delete but i could not find it. Also I cannot access emails anymore when i go to the website (yahoo and hotmail) it tells me that i need to upgrade Internet explorer to version 4.0 or higher - but I have version 6.0? Also, everytime I start the pc, bullguard now warns me that someone is scanning my ports, even before internet is connected. Bullguard bans them for a certain time, so i've gone into settings on bullguard to delete them manually which is ok - until i restart the pc and it happens again.
Here is my hijackthis log file now - please please please help?
Logfile of HijackThis v1.99.1 Scan saved at 18:09:24, on 20/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Currently it is Friday, October 10, 2008 11:54 PM (GMT +2) There are a total of 62.714 posts in 15.645 threads. In the last 3 days there were 40 new threads and 107 reply posts. View Active Threads
Who's Online
This forum has 26696 registered members. Please welcome our newest member, sreenath22. 41 Guest(s), 1 Registered Member(s) are currently online. Details sher87
but now svhost.exe window pops up when i start the pc asking me if i want to run it? I cancel it everytime-it was one of the programs you asked me to delete but i could not find it. Also I cannot access emails anymore 
when i go to the website (yahoo and hotmail) it tells me that i need to upgrade Internet explorer to version 4.0 or higher - but I have version 6.0? Also, everytime I start the pc, bullguard now warns me that someone is scanning my ports, even before internet is connected. Bullguard bans them for a certain time, so i've gone into settings on bullguard to delete them manually which is ok - until i restart the pc and it happens again.
|