Please help. He has an emachine with XP home. My brother inlaw must have been doing some heavy surfing. Then after he got the virus it told him to dl some software to fix it. He doesn't know enough about comps not to make this mistake and it hammered the computer. I'm trying to fix it but it's real slow and it disabled just about every tool that could help me fix it.
I tried Combofix on it but it didn't work. It gave an error Detected rootkit must reboot. Rebooted and still didn't work same error in SfM or regular. Used Malware and it detected 30 infects which I Qrnted but it still doesn't work. Also tried Smitfraud still working on that but have log for that HJ, MalW and CF. This **** thing even disabled the CD drive. I can't get to it. It says Data on this is the main computer S: which is really D: WTF? The desk top is a link if I click on it FFox comes up. Desktop Screen in Red says Your Privacy Is In Danger! DL Priv Prot Sware Now. Also can't get to Dev mangr. I'm using a file splitter and floppy to load these fix softwares. This Blows.
I'm not able to get updates won't connect.. The culprits are named Error cleaner, Spyw and MalW protect, and some guard. Yea my A**
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52: VIRUS ALERT!, on 9/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Comcast.net Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {1EC53354-188E-45C8-8796-34E0DDA44A64} - C:\WINDOWS\System32\credu.dll (file missing)
O2 - BHO: (no name) - {D69E4E92-1D8E-4649-B927-4A56AF723CB1} - C:\WINDOWS\System32\avica.dll
O2 - BHO: QXK Olive - {F85920DB-0233-4BFA-8780-6E9F2E19E93A} - C:\WINDOWS\rodqgpvldlr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {04439F44-3704-418B-B2EC-EF3A945BD6E9} - Comcast Help & Support (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {71CFA76A-D67F-4739-B67A-1ECD1C64F731} - Comcast.net Home (file missing) (HKCU)
O9 - Extra button: Help - {9D9479C8-1C97-4CE3-A4E6-9586E8E9AB16} - Comcast.net Security (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O21 - SSODL: rqbmvpso - {998201D6-C3E3-4D5A-B48F-82BD3D7F916B} - C:\WINDOWS\rqbmvpso.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 3066 bytes
I tried Combofix on it but it didn't work. It gave an error Detected rootkit must reboot. Rebooted and still didn't work same error in SfM or regular. Used Malware and it detected 30 infects which I Qrnted but it still doesn't work. Also tried Smitfraud still working on that but have log for that HJ, MalW and CF. This **** thing even disabled the CD drive. I can't get to it. It says Data on this is the main computer S: which is really D: WTF? The desk top is a link if I click on it FFox comes up. Desktop Screen in Red says Your Privacy Is In Danger! DL Priv Prot Sware Now. Also can't get to Dev mangr. I'm using a file splitter and floppy to load these fix softwares. This Blows.
I'm not able to get updates won't connect.. The culprits are named Error cleaner, Spyw and MalW protect, and some guard. Yea my A**
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52: VIRUS ALERT!, on 9/23/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Comcast.net Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {1EC53354-188E-45C8-8796-34E0DDA44A64} - C:\WINDOWS\System32\credu.dll (file missing)
O2 - BHO: (no name) - {D69E4E92-1D8E-4649-B927-4A56AF723CB1} - C:\WINDOWS\System32\avica.dll
O2 - BHO: QXK Olive - {F85920DB-0233-4BFA-8780-6E9F2E19E93A} - C:\WINDOWS\rodqgpvldlr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {04439F44-3704-418B-B2EC-EF3A945BD6E9} - Comcast Help & Support (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {71CFA76A-D67F-4739-B67A-1ECD1C64F731} - Comcast.net Home (file missing) (HKCU)
O9 - Extra button: Help - {9D9479C8-1C97-4CE3-A4E6-9586E8E9AB16} - Comcast.net Security (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O21 - SSODL: rqbmvpso - {998201D6-C3E3-4D5A-B48F-82BD3D7F916B} - C:\WINDOWS\rqbmvpso.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 3066 bytes