I have the video.exe virus on my new computer, which is blocking Internet access. I am using a dial-up line on my old computer, and it is v-e-r-y slow. Too slow for even this forum! Can anyone advise me of what I can do to get rid of the virus? You'll have to take me step by step as I know nothing about viruses, after being in IT for 45 years!
1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe 2Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT
3 Run hijackthis.(alternativ exe).
Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy. From within the browser window and with the message body text box selected, click Edit -> Paste.
After copying the HijacKThis program onto a CD, I ran Hijack This on the new computer and got the message in the header "HijackThis - v1.99.1 (Not Responding)". It performed satisfactorily and produced a list which I could not access. I ran it again with the same result. And again.
The message is the same, but there is another in the gray line - "023 - NT Services" in red. I don't know if this will help.
My computer is misbehaving: Ctrl-Alt-Del does not work, I can't fire-up Paint Shop Pro or I could have sent you a screen print, and it doesn't terminate normally when I hit the STOP button - I have to physically switch off.
By the way, I'm in Goa, India. The locals have a solution - wipe the disk of everything, & re-install XP. Problem is, I have about 300 apps for my website building business. I can always use PC mover to restore them, but it takes 12 hours or so, and there are frequent power cuts. This is the monsoon. Even my UPS only gives me 2 hours.
I ran mbam-setup on the new computer. The boxes were already ticked (update and launch). The update failed because I do not have access to the Internet. The program switched automatically to scanning mode. I selected Perform Full Scan, then clicked scan. The scan did not complete: it is now hanging on the scan screen with "Objects scanned:0 Objects infected:0 Time elapsed: 1 second(s). Currently scanning: Preparing for the scan". I am about to abort the scan.
Touch, I have just had a message from David Crone, but every time I try to reply I get a postmaster message saying the message has failed. The message reads :
"Hello rjmsmith, You are receiving this e-mail since you subscribed to the thread titled "I have the video.exe virus - help" on the BullGuard Antivirus Forum forum and Touch just posted a new reply.
You will not receive another message regarding additional posts on this thread until you view this thread again. "
My reply:
"Hi David,
I've been checking the thread three time a day! I've seen Touch's 2nd reply to my post. I have seen three icons on the heading, have tried all of them, and don't see any others. How do I mark the items as read?
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{3c0c31a2-70a2-11d1-b69e-444553540000} (Spyware.Comet.Cursor) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Comet (Spyware.Comet.Cursor) -> No action taken.
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected: (No malicious items detected)
Files Infected: C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken. C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> No action taken. C:\System Volume Information\_restore{FCE6E9DA-16AE-4CD2-A8D9-8F4A5F18AA8D}\RP182\A0023333.dll (Adware.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{FCE6E9DA-16AE-4CD2-A8D9-8F4A5F18AA8D}\RP186\A0061824.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{FCE6E9DA-16AE-4CD2-A8D9-8F4A5F18AA8D}\RP187\A0065197.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\lphcvl1j0e53g.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\NET.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\blphcvl1j0e53g.scr (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\phcvl1j0e53g.bmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\TASKMON.EXE (Proxy.Agent) -> No action taken. C:\WINDOWS\SERVICES.TXT (Heuristics.Reserved.Word.Exploit) -> No action taken.
HijackThis Log Logfile of HijackThis v1.99.1 Scan saved at 09:50:24, on 22/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Run Malwarebytes' Anti-Malware again, and make sure to remove selected as desbribed here ->
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I ran Malware again, in Safe Mode, quite successfully. But, there were 14 infections the first time, and only 4 the next. I switched to normal Mode and my connection was there. I have accessed the Internet.
Thanks a million for your help, I really appreciate it. I couldn't have done it without you.
Currently it is Saturday, November 22, 2008 2:57 PM (GMT +1) There are a total of 64.053 posts in 15.836 threads. In the last 3 days there were 26 new threads and 156 reply posts. View Active Threads
Who's Online
This forum has 27198 registered members. Please welcome our newest member, shahed. 49 Guest(s), 2 Registered Member(s) are currently online. Details r1ch1e, traceyd31
|