Jump to content
xisto Community
Sign in to follow this  
zach101

Spyware / Virus Removal Help Needed

Recommended Posts

Hey guys all of a sudden in the last two days my computer has just been attacked by all types of malicous software! and im not even kidding when almost instantly it went from running with out a hitch to so much slow down and so many pop ups i had to run avg. 648 virus and trojans! All deleted or moved to the vault, thought i was out of the woods than i ran adaware 202 Critical and malicous objects I deleted them then i ran adaware again got over a hundred bad things again after the restart and then ran adaware as well and after deleting over 1000 bad things I was still having problems. I then preceded to download S&D and that helped deleted quite a bit but after pop ups were still coming and i had over 68 processes still runing i noticed somthing interesting... I noticed i have some type of application runing by the name of "project1" I did a little research on the internet and found out its somthing very very bad but I cant seem to get rid of it with any of those three programs. ANy help would be awesome.
my current processes running:

svchost.execli.exe
btstackserver.exe
khalmnpr.exe
firefox.exe
setpoint.exe
bttray.exe
pslister.exe
steam.exe
taskmgr.exe
msnmsgr.exe
atirw.exe
atidtct.exe
lanchpd.exe
jusched.exe
win320880160745.exe
avgcc.exe
rundll32.exe
duce6.exe
ghynf.exe
cli.exe
tbmontegotray.exe
ipodservice.exe
kybrdff_11a.exe
logitecheasysync.exe
servicetub.exe
lbtwiz.exe
btwdins.exe
avgemc.exe
avgupsvc.exe
avgamsvr.exe
dfndrff_11a.exe
spoolsv.exe
logitecheasysync.exe
explorer.exe
cli.exe
svchost.exe
zqskw.exe
ati2evxx.exe
svchost.exe
wscntfy.exe
lbtserve.exe
svchost.exe
qttask.exe
svchost.exe
svchost.exe
ati2evxx.exe
cvn0.exe
issch.exe
nclrzvla.exe
lsass.ece
services.exe
viewmgr.exe
winlogon.exe
csrss.exe
smss.exe
alg.exe
mm_try.exe
mmtask.exe
ituneshelper.eexe
wfxqhv.exe
medialifeservice.exe
wdfmgr.exe
probe2.exe
aolsoftware.exe
system
system idle process


Guys please help thas 67 processes and if you actually care to look at the names you can tell so much of that stuff is bad but even when i keep trying to delete ghynf or w/e it is with avg and send it to the virus vault it keeps coming back! Any help would be appreicated.

Notice from BuffaloHELP:
Use QUOTE tags. Topic title is *VERY* important. See how it is modified.

Edited by BuffaloHELP (see edit history)

Share this post


Link to post
Share on other sites

right now i am using my grandma's laptop because i am at her house, and she had the same issues, what i did is i scaned with her Macafe, and then downloaded my AVG Free edition, and that cleaned most everything up but not all of it.

 

so, a suggestion to you is this:

 

Go to Start

right click on My Computer

go to properties

go to the System Restore Tab

toggle the box that says Turn Off System Restore

 

 

that solved most of the damage that project1 made for her laptop

 

second, if you are computer savy and know what you have on your computer and where the the files for the programs are, then follow this

 

Go to My Computer

Go to C:\ or whatever your local disk is called generally it is C:\

 

just to ease it a little right click anywhere and go to Show in Groups and make sure it is By Name

 

go to the P section, and delete Project1, which is where i found mine. and delete it

 

-------------------------------

 

[DO AT YOUR OWN RISK]

 

seeing as you probably have more virisus there look around just your C drive and check to make sure you dont have any files that yu dont normally see aroound there...

 

[i claim no responsability for any lost files that are un-retrievable because you deleted them, i said that if you dont know your programs and where they keep all their files, then dont do the extra step to get rid of virisus]

Share this post


Link to post
Share on other sites

Yeh a Hijack this log given to some pros that know it very well fixes things very "easily". You dont have to fully understand what needs to be removed, but those guys will tell you what needs removing, and how to remove it if its some spyware/virus thats annoying to remove (as in it keeps reviving itself from the dead).

Share this post


Link to post
Share on other sites

Right zach101 if you have any toolbars on your browsers remove them now as viruses and spywarecan bypass your firewall though them. second if you do not have a firewall buy a good one or find a free one. second for viruses you may want to consider getting a better one like ZoneAlarm or Norton or there is AVGFree wich in my experience is very good. next download SpyBot https://www.safer-networking.org/dl/

once you have done all that run a virus scan with an anti virus program, then run SpyBot Search and Destroy which should remove your spy2ware and adware.

But if i were you id consider re-formatting your hdd as the viruses may still leave traces even after you have canned and deleted them. Also once you have got any software that is better than your existing stuff pull out your modem and do not connect to the net untill you have deleted all the viruses and spyware or re-formated your hard disc as the viruses on there can tell other viruses to download as well.

so in the future make sure your well protected.

Share this post


Link to post
Share on other sites

svchost.exe - critical system process (must stay running for session of windows to stay working)cli.exe - dunno what it is but if you need it keep it orherwise terminate it
btstackserver.exe - Terminate process
khalmnpr.exe -Terminate process
firefox.exe - keep running
setpoint.exe -dunno what it is but if you need it keep it orherwise terminate it
bttray.exe - Terminate process
pslister.exe -Terminate process
steam.exe - Terminate process
taskmgr.exe - Keep running
msnmsgr.exe - msn messenger keep unning if you using it.
atirw.exe - Terminate process
atidtct.exe -Terminate process
lanchpd.exe -Terminate process
jusched.exe - Terminate process
win320880160745.exe - Terminate process
avgcc.exe - keep running
rundll32.exe - critical system process (must stay running for session of windows to stay working)
duce6.exe - Terminate process
ghynf.exe - -Terminate process
cli.exe -same as other cli.exe comment
tbmontegotray.exe - Terminate process
ipodservice.exe - keep runnign if you have your ipod plugged into you pc
kybrdff_11a.exe - Terminate process
logitecheasysync.exe - keep running
servicetub.exe - dunno what it is but if you need it keep it orherwise terminate it
lbtwiz.exe - Terminate process
btwdins.exe - Terminate process
avgemc.exe - keep running
avgupsvc.exe - keep running
avgamsvr.exe - keep running
dfndrff_11a.exe - Terminate process
spoolsv.exe - keep running
logitecheasysync.exe - keep running
explorer.exe - critical system process (must stay running for session of windows to stay working)
cli.exe - same as other cli.exe
svchost.exe - critical system process (must stay running for session of windows to stay working)
zqskw.exe - Terminate process
ati2evxx.exe - keep running if you have ATI software otherwise terminate it
svchost.exe - same as other svchost.exe
wscntfy.exe - Terminate process
lbtserve.exe - Terminate process
svchost.exe - same as other svchost.exe
qttask.exe - Terminate process
svchost.exe - same as other svchost.exe
svchost.exe - same as other svchost.exe
ati2evxx.exe - keep running if you have ATI software otherwise terminate it
cvn0.exe - Terminate process
issch.exe - Terminate process
nclrzvla.exe - Terminate process
lsass.ece - Terminate process
services.exe - critical system process (must stay running for session of windows to stay working)
viewmgr.exe -Keep Running
winlogon.exe -Keep Running
csrss.exe - Keep running is needed
smss.exe - Terminate process
alg.exe - Keep Running
mm_try.exe - Terminate process
mmtask.exe - Terminate process
ituneshelper.eexe - Keep running if ipod is plugged into pc
wfxqhv.exe - Terminate process
medialifeservice.exe - Terminate process
wdfmgr.exe - Terminate process
probe2.exe - Terminate process
aolsoftware.exe - Keep running if using AOL software on your pc otherwise terminate process
system - critical system process (must stay running for session of windows to stay working)
system idle process - critical system process (must stay running for session of windows to stay working)



I hope this helps but i cannot guarantee this will solve the problem as some of the services i do not know about may be software process from software you installed on your pc.

Notice from BuffaloHELP:
It would have been a nice post if you just used the QUOTE tag.

Share this post


Link to post
Share on other sites

From what you said it seems that the malware (virusses etc...) has done one, or both of, two things: Infected more than one location or infected programs that are hard to scan or impossible to remove.First thing i would do is to boot into safe mode. Safe mode is just a mode of windows where nothing except for essential proccesses are started, normally only ones like the ones pointed out by mxweb. Thats the plan anyway!To do this restart the computer. Just after the BIOS screen, which is the first screen youll see keep tapping the F8 key it might bleep at you but just carry on, its just because it thinks the key is stuck. This should give you a few options of startup modes, things like "start normally, start in safe mode...etc..." You want to start in "safe Mode". Then let it boot up as usual, the display willprobably look absolutely crazy and very big but thats normal, dont panic! Now becuase only essential proccesses should be started if the malware has infected applications like text editors etc...the malware should not have been started. So go to task manager and veiw the proccesses and take not of them all. Now compare that with previous list posted here and see what is not on the new list. With any luck the malware is one of them. You can post the new list here if you want and see what we can see. The idea is that once we know what the malware is called we can easily find it with a simple search. While in safe mode you might find it usefull to do a virus scan using all the software you have! ONly one at a time though. Hopefully they can find and catch the malware while it isnt runing and just destroy/quarantine it. And the virus hasnt got a chance to replicate itself because its not running. This should catch some more of the things you foubd earlier, chances are that because the malware was running the anti virus deleted it but the malware just made a copy of itself and moved! It probably wont get them all because some viruses might still start in safe mode. But it should help to delete a good few more.And definately submit a hijackthis log to the experts, that will really help a hell of alot! Their report will probably contain every peice of malware and where it is and how to get rid of it! BUt menawhile try all the things people have said here! Ive had this problem and i learnt one thing. If the antivirus warns that it is a vital system process do not delete it!!!!! lol i learnt the very hard way! Leave it be and sort that one out abit later!If you dont have it already get avast antivirus home edition (its a free download) and do an on boot scan. This boots windows into a special mode similar to safe mode but even less things are started and avast will scan the HDD before anything gets a chance to startup and copy itself! But please beware about deleting anything, its much safer to quarantine it. That way you can get it back if you need to!

Share this post


Link to post
Share on other sites

oh awast can ghet annoying but it is quite good as you will know when you get a virus as you will get a siren then a voice saying "Warning a virus has been detected" but it can slow up your system quite a bit but what i would still do with sp many viruses is back up all the stuff you need to a external hdd and wipe the pc cleen and reinstall xp or whatever opperating system you have install anti virus block everyting untill you have comoleted a scann on the external hdd to make sure no viruses were coppied and lay low on the net for a while.

Edited by mxweb (see edit history)

Share this post


Link to post
Share on other sites

I saw your long list and understand that you are in trouble.First try to make system backup so you can go two days before.If this not work. Format and setup windows again. May be there is another ways but I dont know any other.

Share this post


Link to post
Share on other sites

Install Kaspersky Antivirus 6.0 on you infected machine. Scan your important files and back it up.Reformat you PC and Install Kaspersky Antivirus 6.0 OR Kaspersky Internet Security 6.0Its Internet Security is very powerful it even blocks unkown intrusions while your PC is just on standby and connected to the internet. 100% blocks all spyware, adware and viruses. Much better than AVG Pro.It only consumes little of your CPU and Memory not like Norton or McAffee.Try it. I you like.Install Kaspersky Antivirus 6.0 on you infected machine. Scan your important files and back it up.Reformat you PC and Install Kaspersky Antivirus 6.0 OR Kaspersky Internet Security 6.0Its Internet Security is very powerful it even blocks unknown intrusions while your PC is just on standby and connected to the internet. 100% blocks all spyware, adware and viruses. Much better than AVG Pro.It only consumes little of your CPU and Memory not like Norton or McAffee.Try it. I you like.

Share this post


Link to post
Share on other sites
OpinionSpyware / Virus Removal Help Needed

Please check and remove any autoruns (*.Inf files) that are running on your computer.

Goto console. Start -> Run -> type cmd->click Ok. If cmd is not working because of viruses try command.Com (the windows native command shell)

starting from your  first hard disk letter to last one. Eg: C:/D:/E, do the following:

 type: c: and enter, type dir /ah, space coming after dir. Now check the list of files shown. If you found an autorun.Inf file, it may be the virus spreading file. Check all HDD Letters.

 Type: attrib -a -s -h and enter. It will remove hidden and read only attributes of the file.

now type del *.Inf and enter. This command will delete all files of autorun type. Do this for every drive.

 After that run full scan using updated virus guard.

 Regards

 kamarge

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.