Major Virus Problems
Solved/Closed
mihneabulu
-
Oct 17, 2011 at 03:13 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 23, 2011 at 10:24 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 23, 2011 at 10:24 AM
Related:
- Major Virus Problems
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can jpg have virus - Guide
- How to get rid of trojan virus โ - Viruses & Security Forum
- Attrib - r-h-s /s /d *.* virus - Viruses & Security Forum
33 responses
Thanks for all your help!!
I have Microsoft Security Essential, but I see that it is not the best. Which one do you recommend I use? I really don't know which one would do the job best.
Here is the new ZHP Diag document:
http://www.speedyshare.com/files/30832258/ZHPDiag.txt
Here is the ESET Log:
http://www.speedyshare.com/files/30832259/ESET_Log.txt
How should I delete azureus? Is there anymore useless junk I have on my computer that could "disappear."
And is it safe now to run my computer in normal mode, and how should I proceed in fixing things to normal?
I have Microsoft Security Essential, but I see that it is not the best. Which one do you recommend I use? I really don't know which one would do the job best.
Here is the new ZHP Diag document:
http://www.speedyshare.com/files/30832258/ZHPDiag.txt
Here is the ESET Log:
http://www.speedyshare.com/files/30832259/ESET_Log.txt
How should I delete azureus? Is there anymore useless junk I have on my computer that could "disappear."
And is it safe now to run my computer in normal mode, and how should I proceed in fixing things to normal?
Anonymous User
Oct 20, 2011 at 12:04 AM
Oct 20, 2011 at 12:04 AM
@mihneabulu
Let us finish the virus issue first.
There are still infections to clean.
Userinit infection is still persisting,you did not post the tdsskiller clean log.I want you to try rebooting once or twice and run tdsskiller.
DO NOT SKIP HIDDEN FILES(Tdsskiller may automatically skip hidden files) You need to manually click on delete option)
Post the clean log of tdsskiller
There will be traces of zero access rootkit which requires another troubleshooting.
Ambucias will help you soon
Let us finish the virus issue first.
There are still infections to clean.
Userinit infection is still persisting,you did not post the tdsskiller clean log.I want you to try rebooting once or twice and run tdsskiller.
DO NOT SKIP HIDDEN FILES(Tdsskiller may automatically skip hidden files) You need to manually click on delete option)
Post the clean log of tdsskiller
There will be traces of zero access rootkit which requires another troubleshooting.
Ambucias will help you soon
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 20, 2011 at 04:20 AM
Oct 20, 2011 at 04:20 AM
I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.
To keep your system safe, you must follow the instructions hereunder to the letter:
First step, boot your system in safe mode with networking
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, report to me on how your system is behaving.
Good luck
Ambucias
To keep your system safe, you must follow the instructions hereunder to the letter:
First step, boot your system in safe mode with networking
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, report to me on how your system is behaving.
Good luck
Ambucias
Hello,
I finished scanning and when it restarted I got the document. I closed it for a while and when I opened it up again, I got the error below. Then when I tried opening any other program I got the same message, and a message about deleting it because it was not found.
"The location of it"
Illegal operation attempted on a registry key that has been marked for deletion.
So, I cannot give you the log from combofix, but it did have like 6 or 7 viruses found. Whats next:)
I finished scanning and when it restarted I got the document. I closed it for a while and when I opened it up again, I got the error below. Then when I tried opening any other program I got the same message, and a message about deleting it because it was not found.
"The location of it"
Illegal operation attempted on a registry key that has been marked for deletion.
So, I cannot give you the log from combofix, but it did have like 6 or 7 viruses found. Whats next:)
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 20, 2011 at 03:54 PM
Oct 20, 2011 at 03:54 PM
I would like to know how your system is behaving and also another ZHP Diag log.
Anonymous User
Oct 21, 2011 at 12:00 AM
Oct 21, 2011 at 12:00 AM
@mihneabulu
Illegal operation attempted on a registry key that has been marked for deletion.
THis is common error which comes after running combofix.I would recommend you to boot twice or thrice to see the issue disappears.If the error remains try this
Boot into safemode
Go to run and type
sfc /scannow
Let the scan run and reboot into normal mode .If you face this problem while running the command,create a new account and run it
if that solves the problem
Please attach your mbam log and CF log in your next post
Illegal operation attempted on a registry key that has been marked for deletion.
THis is common error which comes after running combofix.I would recommend you to boot twice or thrice to see the issue disappears.If the error remains try this
Boot into safemode
Go to run and type
sfc /scannow
Let the scan run and reboot into normal mode .If you face this problem while running the command,create a new account and run it
if that solves the problem
Please attach your mbam log and CF log in your next post
I can feel I'm almost there.... But a couple of problems:
To sundar:
I did as you said and the error is gone. Still cant open windows defender because "This program is blocked by a group policy.
Here is the combofix log:
http://www.speedyshare.com/files/30858156/ComboFix.txt
Deleted mbam, so what log should upload?
To Ambucias:
I did the first part you told me with redgit and metastream, but only found one file and deleted it. Maybe I did something wrong? I also already deleted MSE as soon as my computer was running well enough, and all the other antivirus that I used, including clam. No I have no antivirus. Should I install avg? And is it for 64 bit because I have 32.
And to both of you, how should I delete those weird programs like Azureas and Surperantispyware and E- Set online scanner that you guys keep telling me about.
THANK YOU GUYS SOOO MUCH!!!
To sundar:
I did as you said and the error is gone. Still cant open windows defender because "This program is blocked by a group policy.
Here is the combofix log:
http://www.speedyshare.com/files/30858156/ComboFix.txt
Deleted mbam, so what log should upload?
To Ambucias:
I did the first part you told me with redgit and metastream, but only found one file and deleted it. Maybe I did something wrong? I also already deleted MSE as soon as my computer was running well enough, and all the other antivirus that I used, including clam. No I have no antivirus. Should I install avg? And is it for 64 bit because I have 32.
And to both of you, how should I delete those weird programs like Azureas and Surperantispyware and E- Set online scanner that you guys keep telling me about.
THANK YOU GUYS SOOO MUCH!!!
@Ambucias
I deleted MSE because you said it had a problem, I can reinstall it if it would help. Sorry;)
The AVG thingy would just open up a black window and close very quickly. Was that supposed to happen? Should I search it and download it from another site?
The ZHP Fix worked, I think. Here is the log:
Rapport de ZHPFix 1.12.3365 par Nicolas Coolman, Update du 18/10/2011
Fichier d'export Registre :
Run by MIHNEA at 10/21/2011 6:48:36 PM
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registry Data Items ==========
REPLACED Value AntiVirusOverride : Good (0) - Bad (1)
========== Other ==========
NOT SUPPORTED [HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
NOT SUPPORTED [HKLM] -- ViewpointMediaPlayer
NOT SUPPORTED [HKLM\Software\MetaStream
NOT SUPPORTED [HKLM\Software\Viewpoint
NOT SUPPORTED [HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl.1
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
NOT SUPPORTED [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlaye
========== Summary ==========
1 : Registry Data Items
10 : Other
End of clean in 00mn AMs
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/21/2011 5:47:19 PM [1328]
C:\ZHP\ZHPFix[R2].txt - 10/21/2011 6:48:36 PM [1328]
I deleted MSE because you said it had a problem, I can reinstall it if it would help. Sorry;)
The AVG thingy would just open up a black window and close very quickly. Was that supposed to happen? Should I search it and download it from another site?
The ZHP Fix worked, I think. Here is the log:
Rapport de ZHPFix 1.12.3365 par Nicolas Coolman, Update du 18/10/2011
Fichier d'export Registre :
Run by MIHNEA at 10/21/2011 6:48:36 PM
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Registry Data Items ==========
REPLACED Value AntiVirusOverride : Good (0) - Bad (1)
========== Other ==========
NOT SUPPORTED [HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
NOT SUPPORTED [HKLM] -- ViewpointMediaPlayer
NOT SUPPORTED [HKLM\Software\MetaStream
NOT SUPPORTED [HKLM\Software\Viewpoint
NOT SUPPORTED [HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl.1
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
NOT SUPPORTED [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlaye
========== Summary ==========
1 : Registry Data Items
10 : Other
End of clean in 00mn AMs
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/21/2011 5:47:19 PM [1328]
C:\ZHP\ZHPFix[R2].txt - 10/21/2011 6:48:36 PM [1328]
@Ambucias
Sorry for my initiative....really didn't mean to make a problem
I am already using CCleaner, so I didn't need to download it. On the uninstall list there was none of those programs, but on the applications tab of the cleaner window, an application called Vuze appeared, and I can swear I deleted it a long time ago, but it doesn't appear in my uninstall list. Also, another application, (game) called Civilization IV won't uninstall. I've had this problem for a while and searched it a while ago, but I gave up after at least 3 attempts failed to uninstall it. If you can help, here is what I get when I try to uninstall:
The first thing it tells me is that I should contact my vendor: firax games
Here is the link I get sent to but I have to do something for you to be able to see it, so I just copied it:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Here is the code on the error message:
Error Code: -5004 : 0x80041f42
Error Information:
*C:\Program Files\Common Files\InstallShield\Professional\RunTime\12\00\Intel32\iKernel.dll
>inc\CoCreate.cpp (44)
>SetupDLL\SetupDLL.cpp (1390)
PAPP:Sid Meier's Civilization 4
And while using Eusing free, I got 2000+ registry errors and repaired them, no problem.
Thanks :) :)
Sorry for my initiative....really didn't mean to make a problem
I am already using CCleaner, so I didn't need to download it. On the uninstall list there was none of those programs, but on the applications tab of the cleaner window, an application called Vuze appeared, and I can swear I deleted it a long time ago, but it doesn't appear in my uninstall list. Also, another application, (game) called Civilization IV won't uninstall. I've had this problem for a while and searched it a while ago, but I gave up after at least 3 attempts failed to uninstall it. If you can help, here is what I get when I try to uninstall:
The first thing it tells me is that I should contact my vendor: firax games
Here is the link I get sent to but I have to do something for you to be able to see it, so I just copied it:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Here is the code on the error message:
Error Code: -5004 : 0x80041f42
Error Information:
*C:\Program Files\Common Files\InstallShield\Professional\RunTime\12\00\Intel32\iKernel.dll
>inc\CoCreate.cpp (44)
>SetupDLL\SetupDLL.cpp (1390)
PAPP:Sid Meier's Civilization 4
And while using Eusing free, I got 2000+ registry errors and repaired them, no problem.
Thanks :) :)
@Ambucias
AVG 2012 is working great. Here is my ZHP Diag, sorry about that, don't know what happened:
http://www.speedyshare.com/files/30875122/ZHPDiag.txt
And still can't uninstall Civ IV, even with Revo same problem as before
Thanks
AVG 2012 is working great. Here is my ZHP Diag, sorry about that, don't know what happened:
http://www.speedyshare.com/files/30875122/ZHPDiag.txt
And still can't uninstall Civ IV, even with Revo same problem as before
Thanks
@Sundar
I tried the fix it tool both ways, but no improvement with both. Windows update still will not update. Any other suggestions?
@Ambucias
I used ZHP Fix and here is the ZHP Fix report:
http://www.speedyshare.com/files/30883524/ZHPFixReport.txt
For some reason, these applications do appear in Revo uninstaller or anywhere when I look on my computer.
I tried the fix it tool both ways, but no improvement with both. Windows update still will not update. Any other suggestions?
@Ambucias
I used ZHP Fix and here is the ZHP Fix report:
http://www.speedyshare.com/files/30883524/ZHPFixReport.txt
For some reason, these applications do appear in Revo uninstaller or anywhere when I look on my computer.
Thanks for all your help Ambucias and Sundar. I activated Windows Firewall and deleted the applications, but I don't know why you still see them. You guys made run better than before the actual virus, which I didn't think was possible. Thank you again so much.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 23, 2011 at 10:24 AM
Oct 23, 2011 at 10:24 AM
mihneabulu,
You are totally welcome.
If you look at your ZHP Diag log you will see the applications. Mind you, it took me between 30 to 45 minutes to examine and analyse each report you sent me.
Au revoir
You are totally welcome.
If you look at your ZHP Diag log you will see the applications. Mind you, it took me between 30 to 45 minutes to examine and analyse each report you sent me.
Au revoir
Oct 19, 2011 at 07:04 PM