Crimsonite
Baseband Member
- Messages
- 31
Can you tell me what Processes are actively showing under msconfig?
Very weird virus
- Thread starter 4uvak
- Start date
- Status
right now i am doing online virus scan but here it is
http://i20.photobucket.com/albums/b213/dmsee/untitled.jpg
http://i20.photobucket.com/albums/b213/dmsee/untitled.jpg
Crimsonite
Baseband Member
- Messages
- 31
Notice there are 7 processes of "msiexec.exe running? That's the Windows Installer which is often exploited by malware coders and then used to install more malwares on to your system. If you can, right mouse-click each one and choose "End Process Tree" rather than the normal "End Task" button. When you're done with that, look for "Scheduler Daemon.exe" and perform the samething. Then go to Run and type in "services" without the quotes, will bring up Windows Services Manager box. Scroll down to "Indexing Service", "IPSEC Service", "Messenger" and "Netmeeting", stop service and disable under General tab, and then click on the Logon tab, click on "Profile 1" then click on the "Disable" button to the bottom right corner, when done scroll down further. Look for "Remote Access Connection Manager" & "Remote Desktop Help Session Manager" and do the same. These two allow a remote computer to logon to your system without you knowing it. After that is "Remote Registry" & "Routing and Remote Access", again, the same task to be done. Further down, find "System Restore Service", "Task Scheduler", "TCP/IP NetBIOS Helper", "Telnet". Perform the same procedures to disable them all.
Reboot back into Safe Mode w/o networking and run HiJackThis. If you're quick enough, tick and delete these entries that are visible in the JPG file you provided:
_______________________________________________
R0 - HKCU\Software\MicroSoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: AutoTBar.exe
_______________________________________________
Please note that "ntos.exe" is a Trojan/Backdoor viiral-ware's main process file. The name of this viiralware is [Trojan.Downloader-NTOS/WSNPOEM.Process]. If I recall correctly, its threat level is relatively high. This thing opens up several backdoors on your system to allow the attacker(s) to implement more malwares and take control of it. DELETE THIS ONE NO MATTER WHAT!!!
Also, search for this file "ntos.exe" and delete it!
Reboot back into Safe Mode w/o networking and run HiJackThis. If you're quick enough, tick and delete these entries that are visible in the JPG file you provided:
_______________________________________________
R0 - HKCU\Software\MicroSoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: AutoTBar.exe
_______________________________________________
Please note that "ntos.exe" is a Trojan/Backdoor viiral-ware's main process file. The name of this viiralware is [Trojan.Downloader-NTOS/WSNPOEM.Process]. If I recall correctly, its threat level is relatively high. This thing opens up several backdoors on your system to allow the attacker(s) to implement more malwares and take control of it. DELETE THIS ONE NO MATTER WHAT!!!
Also, search for this file "ntos.exe" and delete it!
First of all thanks for helping me out
Well I tried to put services in RUN but nothing came on 2 of my computers.
msiexec.exe havent seen it afterthat
Tried to look ntos.exe but it wasnt there either.
And I couldnt delete the entries in HJ because it just shuts off in front of my face
Well I tried to put services in RUN but nothing came on 2 of my computers.
msiexec.exe havent seen it afterthat
Tried to look ntos.exe but it wasnt there either.
And I couldnt delete the entries in HJ because it just shuts off in front of my face
viper880
Baseband Member
- Messages
- 94
- Location
- Australia ,Nsw
Download noadware 5.0 Adware, Spyware, Popups - They invade your privacy and harm your PC. Protect Yourself with NoAdware!
Run update & go into the menu & change it from quick scan to full system scan .. & register the program with this serial & name to unlock it to full version then run a scan.. If you are infected noadware will find it ,its saved my *** plenty of times
NAME : Jada^AoC
SERIAL: RGKZB-H7VXT-EWV06
Registration code to make it full version ^^
Run update & go into the menu & change it from quick scan to full system scan .. & register the program with this serial & name to unlock it to full version then run a scan.. If you are infected noadware will find it ,its saved my *** plenty of times
NAME : Jada^AoC
SERIAL: RGKZB-H7VXT-EWV06
Registration code to make it full version ^^
Crimsonite
Baseband Member
- Messages
- 31
Ok...are you still able to access your Control Panel? If so, go there, doubleclick Administrative Tools, doubleclick Services and do it from there.
Did you end those Processes that I mentioned to you first, under Safe Mode, before running HJT?
- Status
