Got a virus and now pc doesn't work - can anyone help?

  1. 25-10-2007  #1
    jiminwatford
    jiminwatford is offline Elite Member

    Got a virus and now pc doesn't work - can anyone help?

    hi, last night my pc got a virus. my anti virus software detected it but couldn't stop it messing up my machine.




    the writing on the blue screen says 'autochk program not found - skipping autocheck'

    i would be really grateful if anyopne has give some help, or shed some light on what i might be able to do to recover the system or at least get to the data on the machine and save before possible format.

    thanks
    James
    Last edited by Neal; 26-10-2007 at 12:20 AM.
  2. 26-10-2007  #2
    Neal
    Neal is offline Dedicated Member
    In my signature is a link to hijackthis, click it, scroll down and find hijackthis, follow instructions for posting back here please. Copy/paste it.
  3. 26-10-2007  #3
    jiminwatford
    jiminwatford is offline Elite Member
    the pc will not start up. i cannot run a hijackthis check.
  4. 26-10-2007  #4
    Neal
    Neal is offline Dedicated Member
    Sounds like it is time for a reformat, if you can't start it.
  5. 26-10-2007  #5
    jiminwatford
    jiminwatford is offline Elite Member
    i'm reinstalling xp over the original to repair it. it was going well until it came up with this



    pressing 'ok' doesn't do anything.i haven't pressed cancel as i'm worried what might happen. it's been on this screen for a couple of hours and it doesn't look like it's going anywhere.
  6. 26-10-2007  #6
    Neal
    Neal is offline Dedicated Member
    For reinstalling/reformatting you should go over to the other side of this forum to the xphelp section or 2000 help section as we only deal with malware here. Good;luck.
  7. 26-10-2007  #7
    jiminwatford
    jiminwatford is offline Elite Member
    i have been able to do a hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:35:27, on 26/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/welcome
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: system.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)

    --
    End of file - 3721 bytes
  8. 26-10-2007  #8
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    You have a backdoor trojan and be advised if you have done any financial transactions such as credit cards, online banking etc., your personnel information could of been stolen. You should notify those companies immediately and have them keep an eye out for malicious activity. From a clean computer you should change your passwords also.

    Also we can clean most of this junk off be advised there is always a possibilty that some hidden components of the infection may compromise your computer unless a reformat is done.

    If you wish to continue, follow the instructions below:


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
    • Open the extracted folder and double click RunThis.bat to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
+ Reply to Thread
« 2 Problems, One with folders and files becoming read only... | Annoying Messages »