can't system restore

mykul

Baseband Member
Messages
79
WHY!? god damn just formatted, and same virus has come back, but now only WORSE

every 5 secs, it reactivates or something

it disables my task manager and regedit, i enable em, 5 secs later it disables both again...

nothing came up with hijack, use counterspy, found some shit, del'd it, and yeah, can't install avast antiv virus, cause its not seeming to complete, everytime i press next, dialog disappears, think cause of the virus. will try AVG next though

anyone know what sgoing on, everytime i system restore, it fixed the virus, and i found that it was coming from my ipod. i cleared it. and its back, and system restore isn't working. its says, it failed to restore. i tried restoring and undoing my previous restore. no luck with both..
 

allendale2008

Daemon Poster
Messages
781
what? "disables task manager and regedit"

^ who cares? Why would you need task manager and regedit to get rid of a virus?

And even the best antivirus cannot detect everything.

And the last paragraph just confuzzles me.

Why don't you format your ipod and do a system repair.

edit: oh ok. You might have deleted your system restore point. I can't really think of anything else. The only way to go from here is to get something to destroy it, or IMHO just simply repair/reinstall windows.
 

mykul

Baseband Member
Messages
79
sigh, i dont know the pass word when i go to repair..

and i just reformmated 1 week ago

i picked up like heaps of viruses on the last scan, but its not getting rid of em.. zzz

last paragraph: I had the problem where i couldn't view, things like.

"Folder Options" "Run" "Regedit" "Task Manager" and so on..

so i system restored it to a few days ago, and it would be fine.

now when i system restore, it doesn't restore, it says it didn't work, same as undoing the restore.
 

Celegorm

Site Team
Staff member
Messages
11,741
Location
USA
If the system restore point was infected (which is pretty common), that'd be why it got worse and why it failed.

Have you tried running the scans in safe mode?
 

mykul

Baseband Member
Messages
79
Nah not yet. I'll try that after. Anyways, this is the result from AV Scan. ONE WEEK from formatting, and this..


"C:\DOCUME~1\vince\LOCALS~1\Temp\bjpyxp.exe";"Trojan horse SpamTool.CDK";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\bjpyxp.exe (3660)";"Trojan horse SpamTool.CDK";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\yqsqgs.exe";"Trojan horse Agent.AWPR";"Reboot is required to finish the action"
"C:\DOCUME~1\vince\LOCALS~1\Temp\yqsqgs.exe (3580)";"Trojan horse Agent.AWPR";"Reboot is required to finish the action"
"C:\Documents and Settings\vince\Desktop\aswclnr.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A4BFC_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A4FE4_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A48A1_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000A5459_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AACE9_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\vlc-0.9.8a-win32.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\WinXP_2K(77.72)\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\NVIDIA\Win2KXP\93.71\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\AVG\AVG8\avgfrw.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AAFE6_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AB380_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AB758_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AE86B_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AEB97_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AEF02_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000AF358_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1382_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1883_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B1BCF_Rar\setupeng(1).exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B819E_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B8528_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B88D1_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\000B8D08_Rar\setupengpro.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\bjpyxp.exe";"Trojan horse SpamTool.CDK";"Moved to Virus Vault"
"C:\Documents and Settings\vince\Local Settings\Temp\yqsqgs.exe";"Trojan horse Agent.AWPR";"Moved to Virus Vault"
"C:\Documents and Settings\vince\My Documents\Downloads\install_flash_player.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (1372)";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\livecall.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iedw.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\uninstall\helper.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\msnmsgr.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\MsnMsgr.Exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN Messenger\msnmsgr.exe (1808)";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN\MSNIA\msniasvc.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\MSN Messenger\msnmsgr.exe";"Virus identified Win32/Tanatos.M";"Reboot is required to finish the action"
"C:\Program Files\MSN Messenger\msvs.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k_xp\us\kb835221.exe";"Virus found Win32/Parite";"Healed"
"C:\Program Files\SigmaTel\C-Major Audio\HDAQFE\win2k3\us\kb901105.exe";"Virus found Win32/Parite";"Healed"
"C:\Program Files\SigmaTel\C-Major Audio\setup.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\SonicFocus\iasetup.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\SigmaTel\C-Major Audio\WDM\suhlp.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvcControl.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBShredder.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Sunbelt Software\CounterSpy\SBWSC.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
 

mykul

Baseband Member
Messages
79
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\VideoLAN\VLC\uninstall.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\BNUpdate.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\Frozen Throne.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\war3.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\Warcraft III.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\World Editor.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\Warcraft III\worldedit.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\WinPcap\daemon_mgm.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\WinPcap\npf_mgm.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\Program Files\WinPcap\rpcapd.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\WinPcap\Uninstall.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\RECYCLER\S-1-5-21-1715567821-412668190-682003330-1003\De4.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"
"C:\WINDOWS\system32\nwiz.exe";"Virus identified Win32/Tanatos.M";"Moved to Virus Vault"

That was last night, now i rebooted, and now fricking AVG pops up every 5mins saying one of my exe is infected with the tanatos virus, and it can't be healed/fixed!! FAR, and i still have the task manager problem, i go via GPEdit.msc to fix it, 5 seconds later, its disabled again. ZZZ
 

Celegorm

Site Team
Staff member
Messages
11,741
Location
USA
Ok, two things you can try. First one is malwarebytes. It can remove so much it's not even funny.

Then I'd either do eset's online scanner, or get a 30-trial of their NOD32 anti-virus and run it.
 

mykul

Baseband Member
Messages
79
Um problem. I cant run in safe mode

everytime i do, it gets up the that line, mup.** or whatever, and comp restarts, and it goes, windows was unable to **..... and then, i can pick to boot in safe, so i do, again, it restarts, whats wrong?
 
Top