Virus ------ed Up My Pc Really Bad...

Discussion in 'Gaming' started by xX ParaDox, Jul 20, 2008.

  1. xX ParaDox

    xX ParaDox Well-Known Member

    Posts:
    212
    Likes Received:
    0
    Joined:
    Aug 13, 2005
    Location:
    Rochester, Minnesota
    Yesterday I downloaded a torrent and it had a ------ing virus in it. The .exe it had changed my wallpaper to a thing that said YOU HAVE A VIRUS, GET A ANTIVIRUS AS SOON AS POSSIBLE. Also it changed my screensaver to pictures of BSODs like BOGUS_DRIVER or MEMORY_MANGEMENT. Plus a lot of stuff started popping up, and I changed my startup from msconfig to stop it, and I'm doing a anti virus scan atm.

    But the thing is, I can't get into my display settings at all, and I'm the only administrator on this pc. It says "Your system adminsitrator has disabled launching of the Display Setting Control Panel". Is there a way to fix it at all? On XP when I went into safe mode, I could at least get into an account called Administrator and I could change things if I had to. But on Vista it only has my account to choose from and is there something similar to that?
     
  2. steez

    steez Banned from GR

    Age:
    31
    Posts:
    2,044
    Likes Received:
    0
    Joined:
    Dec 21, 2007
    Location:
    palm beach, florida
    reformat.
    that is all.
     
  3. BetaMerc

    BetaMerc Well-Known Member

    Age:
    33
    Posts:
    1,044
    Likes Received:
    0
    Joined:
    Mar 6, 2006
    Location:
    Walk in the Street, go to the sewer, go down, to t
     
  4. Neuron

    Neuron Senior Member

    Age:
    32
    Posts:
    2,505
    Likes Received:
    0
    Joined:
    Dec 22, 2007
    Location:
    US
    Post a Hijack this log.

    Don't reformat if you don't want to lose data.
     
  5. xX ParaDox

    xX ParaDox Well-Known Member

    Posts:
    212
    Likes Received:
    0
    Joined:
    Aug 13, 2005
    Location:
    Rochester, Minnesota
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:56:13 PM, on 7/20/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Razer\Lachesis\razerhid.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Razer\Lachesis\OSD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Razer\Lycosa\razerhid.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Steam\Steam.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Razer\Lycosa\razertra.exe
    C:\Program Files\Razer\Lachesis\razerofa.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\Opera\opera.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 8393 bytes
     
  6. MindlessV

    MindlessV Well-Known Member

    Age:
    32
    Posts:
    228
    Likes Received:
    0
    Joined:
    Jul 15, 2008
    Location:
    My Computer Screen
    To change the wallpaper, just go into FireFox, find a new wallpaper, right click, and set as wallpaper.

    Im not too sure about the screen saver - try getting into the display panel via the control panel. (START -> SETTINGS - CONTROL PANEL)

    Or, see if you can make a new user, make it an admin, then copy the files over :)
     
  7. xX ParaDox

    xX ParaDox Well-Known Member

    Posts:
    212
    Likes Received:
    0
    Joined:
    Aug 13, 2005
    Location:
    Rochester, Minnesota
    I already changed my wallpaper, I really don't like having BSOD's plus windows failing as a screensaver.
     
  8. steez

    steez Banned from GR

    Age:
    31
    Posts:
    2,044
    Likes Received:
    0
    Joined:
    Dec 21, 2007
    Location:
    palm beach, florida
    reformat.
    its ------ed.
     
  9. Ravr

    Ravr _______________

    Age:
    33
    Posts:
    3,670
    Likes Received:
    0
    Joined:
    Dec 26, 2005
    Location:
    The Netherlands
  10. .ZERO

    .ZERO Nigga wit a PSD

    Age:
    32
    Posts:
    2,220
    Likes Received:
    1
    Joined:
    May 28, 2006
    Location:
    #gamerenders
    its zlob that is a real bitch to get rid of I had it and resorted to a reformat.
     
  11. Red Alert

    Red Alert Senior Member

    Posts:
    5,790
    Likes Received:
    0
    Joined:
    Jan 6, 2005
    run ccleaner also
     
  12. xX ParaDox

    xX ParaDox Well-Known Member

    Posts:
    212
    Likes Received:
    0
    Joined:
    Aug 13, 2005
    Location:
    Rochester, Minnesota
    just tried ccleaner, still there lol.

    I read about that zlob, but its only for XP. the thing is it seems this virus is just for vista, because it shows screenshots of windows vista login screen failing for the screensaver.

    Update:

    Well I made a new account on my pc, but when I switched to it my screen went black and my mobo starting beeping lol. So far nothing is affected, and on my other admin account I could actually switch settings unlike this account.
     
  13. PhanE

    PhanE Well-Known Member

    Age:
    77
    Posts:
    2,580
    Likes Received:
    0
    Joined:
    Oct 16, 2006
    Location:
    HAVOCGFX
    Probably stating the obvious but beeping is bad.
     
  14. White B O I

    White B O I Well-Known Member

    Age:
    34
    Posts:
    813
    Likes Received:
    0
    Joined:
    Apr 11, 2006
    Location:
    Table Town, Arizona
    download avg
    free.grisoft.com
    install it and update it

    goto
    http://www.safer-networking.org/en/download/index.html
    and download Spybot Search and Destroy,
    along with the updates (recent ones are Here)
    install it and it wouldn't hurt to run the update to make sure everything is up to date,
    now restart your computer

    boot into safe mode (without networking) so the virus/spyware doesnot have access to the internet

    run a full computer scan with avg, spybot, and highjackthis

    it's unecessary to reformat the hdd,
    but if all else fails, and you give up,
    and don't need any info,
    format away

    also, here are a few links that i do not condom,
    if you are familiar with regedit try a these,
    if not do not use these!


    this is for advanced XP users, and if you do something wrong in the regedit, you have the capability of making xp not boot correctly,
    so proceed with caution and at your own risk,

    Enable/Disable System Properties Access from My Computer

    and here is how to use group policies to enable/disable access to desktop wallpaper and screensaver,
    again, use at your own risk

    1. Click start and click on run
    2. type in "gpedit.msc" without the ""
    3. Under "User Configuration" choose Administrative Templates
    4. Under the drop down choose Control panel
    5. Click "Display"

    After clicking display, you should notice a number of properties on the right side of the screen,

    goto the appropriate one with accordance to what you need to be changed,
    right click it and goto properties and change it


    but just because you can change your screen saver again does not mean the virus is gone,
    so i suggest doing what i said above first
     
  15. xX ParaDox

    xX ParaDox Well-Known Member

    Posts:
    212
    Likes Received:
    0
    Joined:
    Aug 13, 2005
    Location:
    Rochester, Minnesota
    Sorry, I have to reformat...


    Now I can't even uninstall anything, plus my other account I tried to make doesn''t even load up programs.
     

Share This Page