***NEED HELP PLEASE***

Discussion in 'Virus Information' started by =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=, Oct 7, 2006.

  1. I downloaded the free version of avg awhile ago and am looking to upgrade but
    i have a problem, while i was at work my son deleted avg completely and
    uninstalled it as well so he could download something on limewire. Whatever
    he downloaded had a virus in it and now i cant ctrl+alt+del and pull up my
    task manager (i use xp home w/ service pack 2) if i right click on the
    taskbar abd select taskmanager it never comes up, if i search for it it does
    not appear. if i go to grisoft.com , it pulls up the ie window for about 2
    seconds and closes itself. limewire also automatically restarted every single
    time i closed it so i have deleted it. i tried to go onto a virus forum from
    my computer and i have found that not only does grisoft get auto-closed but
    all virus support sites as well. I even went to a site that sells pepper
    spray and security supplies and the same results, but yahoo and myspace and
    the like work. I had my friend do a file transfer from her computer to mine
    on yahoo im for the installation program for avg and i can not open that
    either. also i am getting random popups in a forgien language. When i open
    "my computer" there are 2 html applications i do not recognize one called
    "estigma" and another called "onoes" (i think that is how the second one is
    spelled) i tried to format my hard drive but when i open cmd it says the
    following "c:\WINDOWS\system32\cmd.exe" (title bar) "Another program is
    currently using this file." (message field) even immediately after restarting
    my computer i ge this error message. I have tried to do a system restore and
    it says failed everytime i have tried. And now my firefox is not working like
    the task manager Please tell me my brand new (barely out of warranty)
    computer is not doomed.
     
    =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=, Oct 7, 2006
    #1
    1. Advertisements

  2. From: "kennewickrockerguy" <>

    | I downloaded the free version of avg awhile ago and am looking to upgrade but
    | i have a problem, while i was at work my son deleted avg completely and
    | uninstalled it as well so he could download something on limewire. Whatever
    | he downloaded had a virus in it and now i cant ctrl+alt+del and pull up my
    | task manager (i use xp home w/ service pack 2) if i right click on the
    | taskbar abd select taskmanager it never comes up, if i search for it it does
    | not appear. if i go to grisoft.com , it pulls up the ie window for about 2
    | seconds and closes itself. limewire also automatically restarted every single
    | time i closed it so i have deleted it. i tried to go onto a virus forum from
    | my computer and i have found that not only does grisoft get auto-closed but
    | all virus support sites as well. I even went to a site that sells pepper
    | spray and security supplies and the same results, but yahoo and myspace and
    | the like work. I had my friend do a file transfer from her computer to mine
    | on yahoo im for the installation program for avg and i can not open that
    | either. also i am getting random popups in a forgien language. When i open
    | "my computer" there are 2 html applications i do not recognize one called
    | "estigma" and another called "onoes" (i think that is how the second one is
    | spelled) i tried to format my hard drive but when i open cmd it says the
    | following "c:\WINDOWS\system32\cmd.exe" (title bar) "Another program is
    | currently using this file." (message field) even immediately after restarting
    | my computer i ge this error message. I have tried to do a system restore and
    | it says failed everytime i have tried. And now my firefox is not working like
    | the task manager Please tell me my brand new (barely out of warranty)
    | computer is not doomed.
    |


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor's web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file. http://www.ik-cs.com/multi-av.htm

    Additional Instructions:
    http://pcdid.com/Multi_AV.htm


    * * * Please report back your results * * *
     
    David H. Lipman, Oct 7, 2006
    #2
    1. Advertisements

  3. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Jim Macklin Guest

    And your son needs to be spanked. Limewire is a file
    sharing network which opens your computer up to the whole
    world, it is a pest at best and evil in that the users of
    Limewire can be charged criminally for file sharing
    copyrighted materials.
    One item from a Google search on LimeWire...
    eTrust Spyware Encyclopedia - Limewire Any peer-to-peer file
    swapping program, such as Audiogalaxy, Bearshare, Blubster,
    E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite,
    Limewire, Morpheus, ...
    www3.ca.com/securityadvisor/pest/Pest.aspx?id=453088059
    - 38k - Cached - Similar pages



    Computing.Net - Limewire virus? I'm not sure if this is a
    virus or not... Limewire is installed on this computer and
    while running a spyware scanner, I came across some
    pornography...
    www.computing.net/security/wwwboard/forum/16681.html -
    21k - Cached - Similar pages


    Since it is a n open peer to peer server, your
    computer can also be used to store and transmit porn,
    including illegal child porn.


    Computing.Net - Limewire? Virus Hi all, I've been
    strugglin with a virus that creates about 100 files, each
    with the file size of 728 KB. The files are each named
    differently and ...
    www.computing.net/security/wwwboard/forum/16047.html
    - 30k - Cached - Similar pages


    LimeWire: The Official Site for the Fastest File Sharing
    Program ... Please be very careful when downloading files
    with a .exe suffix, since these files can contain a virus or
    spyware. For security reasons, LimeWire will not ...
    www.limewire.com/english/content/ftc.shtml - 20k -
    Cached - Similar pages


    limewire.exe - limewire, tibick worm, Virus Notice!
    limewire.exe is considered to be a security risk, not only
    because antivirus programs flag tibick worm as a virus, but
    also because a number of users have ...
    www.auditmypc.com/process/limewire.asp - 33k -
    Cached - Similar pages




    message | From: "kennewickrockerguy"
    <>
    |
    || I downloaded the free version of avg awhile ago and am
    looking to upgrade but
    || i have a problem, while i was at work my son deleted avg
    completely and
    || uninstalled it as well so he could download something on
    limewire. Whatever
    || he downloaded had a virus in it and now i cant
    ctrl+alt+del and pull up my
    || task manager (i use xp home w/ service pack 2) if i right
    click on the
    || taskbar abd select taskmanager it never comes up, if i
    search for it it does
    || not appear. if i go to grisoft.com , it pulls up the ie
    window for about 2
    || seconds and closes itself. limewire also automatically
    restarted every single
    || time i closed it so i have deleted it. i tried to go onto
    a virus forum from
    || my computer and i have found that not only does grisoft
    get auto-closed but
    || all virus support sites as well. I even went to a site
    that sells pepper
    || spray and security supplies and the same results, but
    yahoo and myspace and
    || the like work. I had my friend do a file transfer from
    her computer to mine
    || on yahoo im for the installation program for avg and i
    can not open that
    || either. also i am getting random popups in a forgien
    language. When i open
    || "my computer" there are 2 html applications i do not
    recognize one called
    || "estigma" and another called "onoes" (i think that is how
    the second one is
    || spelled) i tried to format my hard drive but when i open
    cmd it says the
    || following "c:\WINDOWS\system32\cmd.exe" (title bar)
    "Another program is
    || currently using this file." (message field) even
    immediately after restarting
    || my computer i ge this error message. I have tried to do a
    system restore and
    || it says failed everytime i have tried. And now my firefox
    is not working like
    || the task manager Please tell me my brand new (barely out
    of warranty)
    || computer is not doomed.
    ||
    |
    |
    | Download MULTI_AV.EXE from the URL --
    | http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    |
    | To use this utility, perform the following...
    | Execute; Multi_AV.exe { Note: You must use the default
    folder C:\AV-CLS }
    | Choose; Unzip
    | Choose; Close
    |
    | Execute; C:\AV-CLS\StartMenu.BAT
    | { or Double-click on 'Start Menu' in C:\AV-CLS }
    |
    | NOTE: You may have to disable your software FireWall or
    allow WGET.EXE to go through your
    | FireWall to allow it to download the needed AV vendor
    related files.
    |
    | C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start
    Menu' in C:\AV-CLS}
    | This will bring up the initial menu of choices and should
    be executed in Normal Mode.
    | This way all the components can be downloaded from each AV
    vendor's web site.
    | The choices are; Sophos, Trend, McAfee, Kaspersky, Exit
    this menu and Reboot the PC.
    |
    | You can choose to go to each menu item and just download
    the needed files or you can
    | download the files and perform a scan in Normal Mode. Once
    you have downloaded the files
    | needed for each scanner you want to use, you should reboot
    the PC into Safe Mode [F8 key
    | during boot] and re-run the menu again and choose which
    scanner you want to run in Safe
    | Mode. It is suggested to run the scanners in both Safe
    Mode and Normal Mode.
    |
    | When the menu is displayed hitting 'H' or 'h' will bring
    up a more comprehensive PDF help
    | file. http://www.ik-cs.com/multi-av.htm
    |
    | Additional Instructions:
    | http://pcdid.com/Multi_AV.htm
    |
    |
    | * * * Please report back your results * * *
    |
    |
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |
    |
     
    Jim Macklin, Oct 8, 2006
    #3
  4. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Joec148 Guest

    I am not going to give you a lecture, but try to help. If you can on boot up
    tap the F8 key and load safe mode with networksupport. go to trendmicro.com
    and run housecall. Housecall is an on line scanner that will remove or at
    least deactivate the virus. if the virus will not let you run it and you
    know the name look up how to manual remove the virus on the same site. every
    virus can be deactivated if you know what to edit in the registry.
     
    Joec148, Oct 8, 2006
    #4
  5. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    TomC Guest

    I think you will find that the trojan removed AVG
    & it has control of the hosts file which prevents
    you from going to any anti-virus site. You must
    consider that you must have multiple infections,
    in either case formatting the hard drive & a clean
    install is the best solution.
    Set the bios... to boot from CD. Place your OS
    disk in the CD & go!
    Make sure the data you save is not carrying any
    infected files.
    Next time, if you must use a free AV, try AntiVir
    http://www.free-av.com/

    Cheers Tom
     
    TomC, Oct 9, 2006
    #5
  6. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    RJK Guest

    That would look funny, ....his son is 29 years old !!!!!

    ....just kidding :)

    regards, Richard
     
    RJK, Oct 10, 2006
    #6
  7. Hi,
    It sounds like the symptoms of Alcan/Alcra or P2PNetwork worm.
    The bad entries should show up in the hijackthis log.

    Post a hijackthis log for us to look at and we can then suggest the tool to
    fix it.
    Please download HijackThis 1.99.1
    http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
    Open Hijackthis, click "Do a system scan and save a logfile" don't fix
    anything yet. Just post or upload the entire logfile.
     
    =?Utf-8?B?RW1pbHk=?=, Oct 11, 2006
    #7
  8. From: "Emily" <>

    | Hi,
    | It sounds like the symptoms of Alcan/Alcra or P2PNetwork worm.
    | The bad entries should show up in the hijackthis log.
    |
    | Post a hijackthis log for us to look at and we can then suggest the tool to
    | fix it.
    | Please download HijackThis 1.99.1
    | http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
    | Open Hijackthis, click "Do a system scan and save a logfile" don't fix
    | anything yet. Just post or upload the entire logfile.
    |

    Do NOT suggest users post HiJack This logs in News Groups the following are the *ONLY*
    places to post HiJack This Logs...

    News Groups do not accept their postings. Please remember this.

    http://www.bleepingcomputer.com/forums/forum22.html
    http://www.dslreports.com/forum/security
    http://castlecops.com/forum67.html
    http://www.wilderssecurity.com/forumdisplay.php?f=24
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.iamnotageek.com/f-130.html
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://boards.cexx.org/viewforum.php?f=1
    http://www.malwarebytes.biz/forums/index.php?showforum=5
     
    David H. Lipman, Oct 11, 2006
    #8
  9. Hijackthis logs are NOT allowed to be posted in this forum? well I didn't know.
    How are you gonna fix a maware/virus infection without looking at their
    hijackthis logs? You can't do that through guesswork that would be dangerous
    you could make their pc unbootable, lol.
    The only way to fully diagnose malware infections is by analyzing a
    hijackthis log to see what infection is there and what's the right tool to
    use.
    I am a Helper in 4 of those forums you mentioned but I didn't suggest
    pointing to them because some sites have rules not to send their members to
    other sites.

    Oh, well, good luck with your problem kennewickrockerguy! Yes those forums
    will surely help you, you just have to wait at least 3 days unless a malware
    expert sees something special in your log like a new variant of something.
     
    =?Utf-8?B?RW1pbHk=?=, Oct 11, 2006
    #9
  10. From: "Emily" <>

    | Hijackthis logs are NOT allowed to be posted in this forum? well I didn't know.
    | How are you gonna fix a maware/virus infection without looking at their
    | hijackthis logs? You can't do that through guesswork that would be dangerous
    | you could make their pc unbootable, lol.
    | The only way to fully diagnose malware infections is by analyzing a
    | hijackthis log to see what infection is there and what's the right tool to
    | use.
    | I am a Helper in 4 of those forums you mentioned but I didn't suggest
    | pointing to them because some sites have rules not to send their members to
    | other sites.
    |
    | Oh, well, good luck with your problem kennewickrockerguy! Yes those forums
    | will surely help you, you just have to wait at least 3 days unless a malware
    | expert sees something special in your log like a new variant of something.
    |

    Now you know and thank you for understanding.
     
    David H. Lipman, Oct 11, 2006
    #10
  11. So that means this very newsgroup can NOT do much in helping people with
    their malware problems if all we could do is suggest scanners for them to
    use.
    Looking at a hijackthis log would give us all the details of the problem and
    we would know then the right tool to use instead of suggesting scanners that
    will not fix their problem.

    We might as well save them the time and trouble of installing unnecessary
    programs and just point them straight to those forums. Unless of course the
    problem is very obvious and we know the exact scanner that fixes the problem.
     
    =?Utf-8?B?RW1pbHk=?=, Oct 12, 2006
    #11
  12. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    RJK Guest

    .....fight ....fight !!!

    regards, Richard


     
    RJK, Oct 12, 2006
    #12
  13. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Leythos Guest

    You don't seem to understand that there are A LOT of ways to help and to
    remove malware, HJ is only one means. The forums provided for HJ Logs
    are much better places to post as Usenet has nothing setup to analyze
    the logs, where forums do, and members that are active in analyzing
    them.
    And posting a complete HJ log to Usenet screws with search engines,
    making searching for something in search engines useless for HJ log
    entries or even file names.....
     
    Leythos, Oct 12, 2006
    #13
  14. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    pcbutts1 Guest

    I agree with you 100%. They tried to get me banned for suggesting someone to
    post their logs here. In the process they disrupted this newsgroup. You
    should not trust David Lipman, he thinks he owns these groups and Leythos is
    just a troll. I had to change my posting name just so the group can run
    smoothly (they all think I was banned). Anyway HJT logs are acceptable here
    . Time to change names again.
     
    pcbutts1, Oct 12, 2006
    #14
  15. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Leythos Guest

    Your were banned for a time period because of YOUR actions and because
    of what the News Admin believed was a proven infraction of posting
    rules. Your morphing didn't hide you, and they would yank those posts
    also.

    You continually post/host file links/files that you don't have
    permission to host and you pilfer other vendors/authors code and change
    the names on it to make it appear as your own.

    MS was correct in banning you, and they were clear that you identity was
    banned, and if you start the same crap again, I'm sure they will ban you
    for X amount of months again.
     
    Leythos, Oct 12, 2006
    #15
  16. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    LS \(V\) Guest

    Hello;
    The sureest way to remave the problems you have is to do a reformat and a
    clean install of Windows XP.
    Some would dissagree, but it would save a lot of head ache and trouble in
    the long run!.
    Best Regards
    Lawrence
    Lawrence Systems Computer Services
     
    LS \(V\), Oct 12, 2006
    #16
  17. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Leythos Guest

    LOL - your post doesn't show up on the MS web server or their Usenet
    Servers. You're still banned by your pcbutts1 nickname :)
     
    Leythos, Oct 12, 2006
    #17
  18. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Joec148 Guest

    Anyone who tells you to reformat and start over is not a tech, you are
    asking for more trouble
     
    Joec148, Oct 12, 2006
    #18
  19. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Joec148 Guest

    If you can get to housecall or get the registry values to deactivate the
    virus you loose nothing. I see a lot of people trying to get you to destroy
    your data.
     
    Joec148, Oct 12, 2006
    #19
  20. =?Utf-8?B?a2VubmV3aWNrcm9ja2VyZ3V5?=

    Joec148 Guest

    Also I suggest you dump freeware and buy a good virus scanner. The one I use
    is from Trend Micro and has the best track record in finding a virus before
    it has gone wild.
     
    Joec148, Oct 12, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.