Virus Help

[Ekonk]

Yeah, sorry to be one of those whiny bitches who cry for help about a computer virus, but you're my only hope.

My computer seems to be infected with a particulary nasty strain of virus. It started as something called "Security Tool", which was obviously a virus and which I thought I deleted. Then this morning, when I tried to boot my computer, I got a blue screen. Not the one of Death, it was another one, and it was visible for only half a second or something. In safe mode it works, but it's slow as fuck and "Windows XP Defender" pops up every few seconds, but I don't trust it for shit. Practically nothing is working and freezes ever so often. In my "processes" log there are a few things that I've never seen before and that restart themselves every two seconds so I can't get rid of them. Sorry if the information is somewhat subjective, not exactly an expert on this kind of thing.

Help, my fellow escapists?

 

[Darktau]

Start> Run> Msconfig> Startup

Untick the one for the name of the virus.

EDIT:

 

[Omegatronacles]

What AV do you have?

Rather than just killing the process, try killing the process tree. If you're lucky it will stop random programs from restarting themselves.

Check your installed programs list. I know it sounds weird, bur I have had virus' before that show up in add/remove programs, and have been able to uninstall them from there.

Failing that, try to back up everything crucial, format the computer, re-install windows, and install a good AV program.

 

[cuddly_tomato]

You can obviously connect to the internet, so connect here...

http://www.malwarebytes.org/

...and download the free version of that program and install it.

Then run it, update it, then scan your system with it.

Also, what firewall are you using?

 

[Ekonk]

You can obviously connect to the internet, so connect here...

http://www.malwarebytes.org/

...and download the free version of that program and install it.

Then run it, update it, then scan your system with it.

Also, what firewall are you using?

Thanks for that, managed to get it working with lot of 'run's because windows explorer gets shut down every time.

I was using plain old windows firewall. Bad, I know it.

Dunno if this may help, but here are the processes I don't fully trust.

svchost - because there are about twenty of em in the list.
igqjj - because it refreshes itself every two seconds, and whenever I untick it in the "startups" menu, I find it to be ticked again later.
ihaupd32 - same as igqjj

 

[Babitz]

If you close down a particular svchost, it will end in your computer being restarted. Oh, the fun times experimenting with task manager.

Btw, try googling the processes you are not familiar with. Helps a lot.

 

[cuddly_tomato]

You can obviously connect to the internet, so connect here...

http://www.malwarebytes.org/

...and download the free version of that program and install it.

Then run it, update it, then scan your system with it.

Also, what firewall are you using?

Thanks for that, managed to get it working with lot of 'run's because windows explorer gets shut down every time.

I was using plain old windows firewall. Bad, I know it.

Dunno if this may help, but here are the processes I don't fully trust.

svchost - because there are about twenty of em in the list.
igqjj - because it refreshes itself every two seconds, and whenever I untick it in the "startups" menu, I find it to be ticked again later.
ihaupd32 - same as igqjj

More than one svchost is normal.

igqjj.exe - this is frequently a trojan. Run Malwarebytes ASAP.

ihaupd32 - this also causes problems on a frequent basis.

Have you run that virus scan yet?

 

[Ekonk]

You can obviously connect to the internet, so connect here...

http://www.malwarebytes.org/

...and download the free version of that program and install it.

Then run it, update it, then scan your system with it.

Also, what firewall are you using?

Thanks for that, managed to get it working with lot of 'run's because windows explorer gets shut down every time.

I was using plain old windows firewall. Bad, I know it.

Dunno if this may help, but here are the processes I don't fully trust.

svchost - because there are about twenty of em in the list.
igqjj - because it refreshes itself every two seconds, and whenever I untick it in the "startups" menu, I find it to be ticked again later.
ihaupd32 - same as igqjj

More than one svchost is normal.

igqjj.exe - this is frequently a trojan. Run Malwarebytes ASAP.

ihaupd32 - this also causes problems on a frequent basis.

Have you run that virus scan yet?

It's still busy as we speak, but it's almost done I believe. It says 70 infected objects have been found. I can't tell if that's a lot. It sounds like a lot.

 

[Ekonk]

schnipp

More than one svchost is normal.

igqjj.exe - this is frequently a trojan. Run Malwarebytes ASAP.

ihaupd32 - this also causes problems on a frequent basis.

Have you run that virus scan yet?

Goddammit. It's finished, it deleted a lot of things, but it said that some couldn't be deleted right now and would be deleted on the next start up. (Mind you, this was in safe mode) Windows restarts in normal mode, I get the blue screen of not-quite-death again. I try it again, it works, but then I get a popup concerning malwarebytes that says "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item". And it shows this with everything I try to do, and windows explorer still gets shut down. FFFFFFFFFFFFF

Next step, I'm gonna log in as administrator and see if I get the "appropriate permissions". Do you have any suggestions?

 

[cuddly_tomato]

schnipp

More than one svchost is normal.

igqjj.exe - this is frequently a trojan. Run Malwarebytes ASAP.

ihaupd32 - this also causes problems on a frequent basis.

Have you run that virus scan yet?

Goddammit. It's finished, it deleted a lot of things, but it said that some couldn't be deleted right now and would be deleted on the next start up. (Mind you, this was in safe mode) Windows restarts in normal mode, I get the blue screen of not-quite-death again. I try it again, it works, but then I get a popup concerning malwarebytes that says "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item". And it shows this with everything I try to do, and windows explorer still gets shut down. FFFFFFFFFFFFF

Next step, I'm gonna log in as administrator and see if I get the "appropriate permissions". Do you have any suggestions?

Well you should be already logged in as an administrator in order to be able to do this.

Log in as admin, install and run malwarebytes again, scan it and reboot if it tells you to.

Then, if you are still having probs, grab this...

http://images.malwareremoval.com/random/RSIT.exe

Download it to your desktop and run it. Click Continue at the disclaimer screen. When it finishes two logs should open, log.txt and info.txt. Copy and paste the contents here and we'll take a look.

Ohh and by the way, after you have sorted this out get a better firewall than Windows. Commodo or zonealarm should do the trick.

http://personalfirewall.comodo.com/

http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

 

[MurderousToaster]

Open command prompt.

Type in "Delete System32" and a winner is you.

Yeah, I think people have solved your problem with their antivirus downloads and whatnot.

 

[Ekonk]

schnipp

More than one svchost is normal.

igqjj.exe - this is frequently a trojan. Run Malwarebytes ASAP.

ihaupd32 - this also causes problems on a frequent basis.

Have you run that virus scan yet?

Goddammit. It's finished, it deleted a lot of things, but it said that some couldn't be deleted right now and would be deleted on the next start up. (Mind you, this was in safe mode) Windows restarts in normal mode, I get the blue screen of not-quite-death again. I try it again, it works, but then I get a popup concerning malwarebytes that says "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item". And it shows this with everything I try to do, and windows explorer still gets shut down. FFFFFFFFFFFFF

Next step, I'm gonna log in as administrator and see if I get the "appropriate permissions". Do you have any suggestions?

Well you should be already logged in as an administrator in order to be able to do this.

Log in as admin, install and run malwarebytes again, scan it and reboot if it tells you to.

Then, if you are still having probs, grab this...

http://images.malwareremoval.com/random/RSIT.exe

Download it to your desktop and run it. Click Continue at the disclaimer screen. When it finishes two logs should open, log.txt and info.txt. Copy and paste the contents here and we'll take a look.

Ohh and by the way, after you have sorted this out get a better firewall than Windows. Commodo or zonealarm should do the trick.

http://personalfirewall.comodo.com/

http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm

Scanned and tried to remove a couple of times now, still not working. Trying that thing you just send. I get an error saying "Autolt Error", which says "Line -1: Variable declared without being *something*"

Dear god, everything's falling apart.