Security Software Massive Emergency - Viruses reappear on bootup!!

S

starbearer

Disciple
I Get Viruses,The Same Ones Everytime My System Reboots.I Use AVG Antivirus,Ive Even Tried Deleting Those Fies,But They Still Show Up After Rebooting.
Worse,My Task Manager Has Been Disabled.Could Someone Please Tell Me How To Enable It Again??This Is An Urgent Request!!!
Thank You.
 
Whats the operating system you use.

Generally its spyware and adware that disable the task manager.

Shedding some light on the name of the virus/malware would help a lot:)

EDIT:
If you are comfortable with registry editing then do the following.
BUT,
Please note, that if you are uncomfortable with it, and you still try it, it will be your responsibility if something goes wrong.

Open Registry Editor (Regedit.exe) and navigate to:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Value: 1 (Previously)
Set it to 0 in order to get taskmanager working again.
Click to expand...
 
OS Is Windows XP Pro.

The Viruses Are dlh9jkdq1(Also 6 And 7 As Last Digit).exe,And A Peculiar Virus With .game Extension.

I Downloaded A Version Of IE 7 That Does Not Require Validation,Before Removing It.The Viruses Have Plagued Me Since Then.

Please Help!!

This Is A Real Emergency!!!!
 
A quick google search on the name you took for the virus reveals that its malware.

It leads to:
Alias: Trojan-Dropper.Win32.Small.wv, inf3ct3d

Threat type: Trojan -

Advice: Remove

Threat risk: Severe Risk
Severe risk threats are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such threats may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These threats severely compromise the system by lowering security settings, installing “backdoors,” infecting system files, or spreading to other networked machines.

Description: Vxgame is a trojan that silently downloads additional malware from the internet and alters the system's security settings by disabling the Windows firewall.

Vxgame is also said to have backdoor functionality and sometimes uses cloaking (rootkit) technology to hide its presence from the user. It can also download code from bn.inf3ct3d.info.
Click to expand...
Trojan.Vxgame
I also read this on another forum....
Try AVG Anti-Virus AVG Anti Virus: HOME to remove the virus.
Also run scans from Lavasoft Adaware SE Ad-Aware SE Personal - Software - Lavasoft

Read my above post to re-enable your task manager if you are comfortable editing your registry.

Also, install a firewall to block off and ward off all unwanted programs accessing the internet.
Windows firewall in this case would be disabled.
 
goto the website trendmicro.com. They have free online virus scan that scans for virus, spyware... that should solve ur problem...
 
Update:-I Got My Task Manager Back,For Which I'm Ever So Thankful.

But The Viruses Refuse To Go.I Went And Sought Help From AVG Home Site,But To No Avail.It Doesn't Delete,Nor Heal The Viruses,Just Informs Me Politely That I Have Them(Big Help).

I Used TrendMicro As Well,But Although It Detects The Problems,It Too,Gives Me A Failure Message,That The CleanUp Has Failed...

Now What???
 
Did you try removing it with Adaware SE?

Sometimes, certain files remain on your hdd and its important that you remove them either by an anti-virus software and at other times using anti-spyware/adware software.

Since the file you mentioned is listed not only as a trojan but also as malware, it is best you try to remove it using anti-spyware like Adaware SE or Spybot search and destroy.

Also, since it opens up your computer to potential attacks, installing a firewall like Sygate Personal Firewall (Free) is also recommended.

Please do clean up all your temporary internet files also.
 
Starbearer.............r u SURE that u got ur Virus/malware after installing IE7 that works w/o validation...............for me also installed the same IE7,though i dont use IE...........

...........but have checked & crosscheckdd with Mcafee(Latest) with latest updates,& also Ad-Aware SE ,Spyware Doctor(latest)............but i am yet 2 find any problem....

........now how do i SURELY confirm,whether i do have a similar infection or not?
 
Update:-Through Grace Of God,Some Of The Stuff Has Gone.

But These Still Persist Everytime I Reboot(No Software Is Removing It,Give Critical Errors),1.dlb,2.dlb And Maxdd.game.These Don't Go.My Computer's Going Horribly Bad!
 
I'll Do That.Thanks For The Tip.

Incidentally....I Don't Know Whether This Is Related..

But Since The Viruses,I Get A Voice On The Speakers Periodically,Saying..

"I'm Counting Down The Time Until I Can Be With You Again"In A Most Malicious Way..

What In Devil's Name Is Going On?
 
I hope u have done this also....
Also, install a firewall to block off and ward off all unwanted programs accessing the internet.
Windows firewall in this case would be disabled.
Click to expand...
This virus/malware you got opens your computer to attacks from all sorts of places and also opens a backdoor to your system making it a hub for all the possible malware by use of exploits.

Install a firewall like Sygate Personal Firewall or Zone Alarm Firewall.

Once you do that, you can permanently block all these above mentioned files from accessing the internet. This will atleast stop any important information from being transmitted from your computer.

Run a "complete system scan" in all partitions using adaware se and spybot search and destroy. Do the same with your anti virus software also.
 
you can do one thing

download the hijackthis program from merjin.org or download.com and post its log file here for assessment.
 
hi, i am having this exact same problem; hijackthis reports:

Logfile of HijackThis v1.99.1
Scan saved at 6:31:14 PM, on 1/17/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\Program Files (x86)\DHCP Turbo\dhcpt.exe
C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\DOCUME~1\ADMINI~2.000\LOCALS~1\Temp\333046.exe
C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Program Files (x86)\Common Files\AOL\1168556593\ee\AOLSoftware.exe
C:\WINDOWS\SysWow64\rundll32.exe
C:\WINDOWS\SysWow64\qwertybot.exe
C:\WINDOWS\SysWow64\adirss.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\WINDOWS\SysWow64\clcbt.exe
c:\windows\system32\upnp.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
C:\DOCUME~1\ADMINI~2.000\LOCALS~1\Temp\1.exe
C:\WINDOWS\svchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~2.000\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Windows Live
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = americaonline.aol.com:5190
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\SysWow64\imtqodk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1168556593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\SysWow64\spoolsvv.exe
O4 - HKLM\..\Run: [wdokbye.dll] C:\WINDOWS\SysWow64\rundll32.exe "C:\Documents and Settings\Administrator.WILL20.000\Local Settings\Application Data\wdokbye.dll",bpzgoi
O4 - HKLM\..\Run: [upp] c:\windows\SysWow64\upnp.exe
O4 - HKLM\..\Run: [Spyware Stormer] "C:\Program Files (x86)\Spyware Stormer\SpywareStormer.Exe"
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\SysWow64\qwertybot.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\SysWow64\adirss.exe
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\SysWow64\clcbt.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\SysWow64\autosys.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files (x86)\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\ADMINI~2.000\LOCALS~1\Temp\333046.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~2\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SysWow64\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3516A97D-4C01-46F8-8BA2-6B03B1BBC4F0}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: szr_dll - C:\WINDOWS\szr_dll.dll
O21 - SSODL: AAJwTppslilUYP - {FC82AA7B-5628-00D1-1F96-CEE6C7D7580F} - C:\WINDOWS\SysWow64\yeh.dll
O21 - SSODL: CDRecorder029 - {A3BC5E20-0235-1ABF-9CE1-00AA00512029} - C:\WINDOWS\SysWow64\skrj32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: DHCP Turbo - Weird Solutions, Inc. - C:\Program Files (x86)\DHCP Turbo\dhcpt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files (x86)\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files (x86)\ewido\security suite\ewidoguard.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IIS Admin Service (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Any help will be greatly apprechiated
 
@bubaloo : you got a nice collection there. Download nod32 and run. once most exe's are eliminated you can work on registry, coz as long as they run...no use removing from reg.
 
Back
Top