Help, Very Bad Virus! Never Seen One Like It...

Joined
May 1, 2007
Messages
2
Reaction score
0
Two days ago, as I was surfing, several messages popped onto my screen that looked like Symantec messages all saying the same thing - something about not being able to send e-mail. But I wasn't emailing anyone at the time and the messages kept coming until they filled the screen. I knew my computer was under attack so I shut it off cold. When I turned it back on my Norton Antivirus somehow stayed in Refreshing mode (still is, and the *******s want $69 over the phone to attempt a fix). Not only that, everytime I do a search for ant-virus fixes, or anything with Norton or Symantec, I get redirected. It took me forever just to get here to this Forum. I had to make it look like I wasn't looking for a virus fix.
I've shut down and run NAV in safe mode, I've also downloaded and run Spybot Search and Destroy, niether have worked. Please help me!
P.S. I'm very noob, so please talk to me like I'm 10. Forget that - most 10 year-olds are pretty adept when it comes to computers. Talk to me like I'm 5. Thanks.
 
I'm not sure if i'm allowed to post this information, but in my experience I've been able to simply reset my computer to a prior date using the system restore feature built into many versions of windows these days. I'm not sure which version of windows you are running, but if it's windows xp you can click on start-->programs-->accessories-->system tools-->system restore, select a date prior to the crazy windows, and hope it resolves the issue.

Beyond that if you're getting a redirect, the website you're redirected to will normally offer a product or say something like "you have been infected with XXXXXX click here for help" or something in that regard. If it is, you can normally look up the XXXXXX via google and be brought to a forum such as this with instructions on manual removal of common spyware/virus software that forces those redirects.

Hope this helps... but for anyone else it may help if you post the version of windows/mac OS or other operating system you may be using. Also if you can post information off the redirect site like the XXXXXX i mentioned above... Beyond that see this post: https://www.pcreview.co.uk/forums/thread-2544261.php ... it gives information on how to download and us a program called hi-jack this that will help those trying to help you on this forum.
 
Last edited:
Welcome to the forums ... can I point you to this first ...


To help us help you, please make sure you provide the following information when asking a technical question about your PC:
  • Operating System: e.g. Windows XP or Windows Vista
  • Anti Virus Software : e.g. AVG Free, Norton
  • Anti Spyware Software : e.g. AdAware, Microsoft Defender
  • How do you connect to the net : e.g. ADSL (router?), 56k Modem
  • Your Computer Specifications - This is very important!!
If you are unsure of your system specifications you can download SIW here which is a free tool that can give you all of the information you need to know. If you aren't familiar with your system, things to mention from SIW are : Motherboard vendor and model (motherboard tab), physical memory (system info tab), CPU name (CPU info tab), Video Processor (video tab).

If you think you have a virus/spyware on your system that you can't remove using the normal tools then please be sure to attach a HJT log from here. This will help us diagnose applications that run at startup.
... please post as much info as you can AND post a HJT log and we'll take a look for you. :thumb:


:user:
 
her is my hjt

I use Windows XP, NAV (now uninstalled since useless), cable connection.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sdfjaaaa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Download Files2\HiJackThis_v2.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Image Helper - {ABD7C2DD-84DE-28FC-1E72-323394635866} - C:\WINDOWS\system\bqmtcs32.dll
O2 - BHO: (no name) - {BB47D24F-1BC6-447B-90EA-91E17137E733} - c:\windows\system32\ibbaibb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdfjaaaa] C:\WINDOWS\system32\sdfjaaaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [sdfjaaaa] C:\WINDOWS\system32\sdfjaaaa.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177973460411
O20 - Winlogon Notify: lnmyuthx - C:\WINDOWS\SYSTEM32\ibbaibb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5308 bytes

I appreciate any help.
 
Your XP is not up-to-date, I suggest you get the latest MS service pack.


I suggest you get HJT to Fix the following ...

C:\WINDOWS\system32\sdfjaaaa.exe
O2 - BHO: Image Helper - {ABD7C2DD-84DE-28FC-1E72-323394635866} - C:\WINDOWS\system\bqmtcs32.dll
O2 - BHO: (no name) - {BB47D24F-1BC6-447B-90EA-91E17137E733} - c:\windows\system32\ibbaibb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sdfjaaaa] C:\WINDOWS\system32\sdfjaaaa.exe
O4 - HKCU\..\Run: [sdfjaaaa] C:\WINDOWS\system32\sdfjaaaa.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O20 - Winlogon Notify: lnmyuthx - C:\WINDOWS\SYSTEM32\ibbaibb.dll

NAV has not been completely uninstalled, you may need their 'special' tool for that, get it from Norton's site.

I can highly recommend KAV, KIS or AntiVir as a better substitute to Norton ... Kaspersky Internet Security (KIS) is my AV-all-rounder of choice ... up to you.

Please, go to Windows Update Site and make sure you have all their critical updates ... even IE7 will help protect you from some nasties.


:user:
 
Back
Top