VIRUS ALERT. *** HEEELP !!!!!!! ***

Anyone out there please help!

Last night i have left my computer on only to find out today that things were not running as normal.

My computer at first did not acces the c: drive or any other hard disc drive.
However you could open to acces the contents of the discs by rightclick/explore.

At some point the system was seriously off balance until i decided to restart it...
(without having kept a back up-mind i also work proffessionally on the mashine...

After that the operating system hanged for good and could not make a complete boot.

At first safe mode or anything else did not work either.

So i grabbed the disc to get to the specialists to have it checked. Was it a disc integrity problem, operating system failure, or damaged hardware?

The service people said after a disc check that my disc was dying and that i would be very fortunate to manage to get a back up off it, if possible at all.
They also suggested not booting from my damaged drive again.

So i got my self a new one of same capacity and slightly better characteristics, headed back to my office, made a clean xp pro install on it, only to find that graphics were dodgy and that i had no network.
I started panicking....... smoked and all the rest getting misserable about my latest work that has not been backed up.....and that is a lot in 10 days.

Anyway i somehow managed to get my important files onto the new disc, on a newly set up copy of xp prof. that was not working...

Devices are not recognised etc etc
When i clicked on my hard disc or the ex-hard disc i had also connected on the motherboard i got:

Windows cannot find "RECYCLER\S-3-2-67-100........... ..................68-2053.com" Make sure you have typed the name correctly and try later. You can look for the file by clicking START and then SEARCH.

After having (WITH A LOT OF EFFORT AND STRESS) recovered my files (i hope i don t forget too many..) i decided to try and boot from my crashed disc.

When i try to enter the disc i get the same message as above.
So i concluded for sure that there is a serious VIRUS eating up my time and my mashine.
I am not sure that all my hardware is ok since we had a storm last night but i am definite about the virus.
You don t get a bloody .com error by windows. You just don t!

Please if you know of a solution to fix tell!!!

I really don t have the time setting up a mashine from scratch, and i certainly hope my hardware is ok. I believe it is since now i have network running since i managed booting from my old disc.

Please even if you don t know of a solution give it a look around. Many people could find the answer/fix that i cannpot by myself. I have tried and tried. And believe me, we better find the answer for the rest of you before you WILL need it...... to have it at hand, and get going when some may have my trouble.

Respect to all.
GeorgeTheGreek.

oh something i just remembered:

There are some files i cannot erase - they are under the genneral tittle
PC MIND TOOLS


DEsPER.......

I also cannot retrive my system to an earlier state........ no matter how far back.

It just won t respond......

on line virus checks don t start in mozilla....
explorer not responding at all......

That does not sound like a virus at all to me, it sounds like hardware. You mention there was a storm last night, you might have gotten an electrical serge. Something is failing, possibly multiple things, which could include your motherboard, hence the fact that PNP is not working right. Your .com error sounds like a missing file to me, and nothing more, not necessarily a virus. I had a hard drive go out on my laptop, and had pretty much the same kind of stuff happen, intermittent drive access, graphics problems, network problems, missing files, you name it.

Just my .02, as I have been out of the computer field for awhile now though. Good luck with getting it working again.

reply to post by defcon5


propably wont

reply to post by GEORGETHEGREEK


Eine Eliniko Computer?

nai file (Iraklio Kritis)
-
yes its a greek computer

reply to post by GEORGETHEGREEK


Kritiko computer, that explains everything.

Epexes me to visma?


*btw, I have no answers, just trying to cheer you up*

Have you installed windows on the new hard drive and tried booting with that one yet?
Do you have another similar machine that you can swap parts between?
Have you opened the box and looked to see if there is any obvious physical damage to the boards inside, like a burn mark?
Is it on a powerstrip with a surge protector?
If so was the circuit breaker popped?
How about the cable modem, is that working?

Ok,

Here are a few things:

Take the harddrive out of the computer and put it in another computer with full antivirus/firewall. (as a data drive)

Try cleaning it with:
Antivirus( a free 30 day demo of Kasperski Internet Security 2008 is very good)
Spybot search and distroy
Ad aware
Ccleaner
Glary's Utilities

and defrag it.

Now put it back in the orginal computer and see how it goes.

Originally posted by defcon5
Have you installed windows on the new hard drive and tried booting with that one yet?
Do you have another similar machine that you can swap parts between?
Have you opened the box and looked to see if there is any obvious physical damage to the boards inside, like a burn mark?
Is it on a powerstrip with a surge protector?
If so was the circuit breaker popped?
How about the cable modem, is that working?

Originally posted by mrmonsoon

Take the harddrive out of the computer and put it in another computer with full antivirus/firewall. (as a data drive)

Try cleaning it with:
Antivirus( a free 30 day demo of Kasperski Internet Security 2008 is very good)
Spybot search and distroy
Ad aware
Ccleaner
Glary's Utilities

and defrag it.

Now put it back in the orginal computer and see how it goes.

Or, or, you could just get a Mac.

Actually the whole thing seems pretty terminal.

reply to post by schrodingers dog

A Mac is just as susceptible to mechanical failures, and power surges.
One of the first machines I ever fixed that was hit by a power surge, was an Amega, which ran the same CPU as old Macs used to run.

Originally posted by defcon5
Have you installed windows on the new hard drive and tried booting with that one yet?
Do you have another similar machine that you can swap parts between?
Have you opened the box and looked to see if there is any obvious physical damage to the boards inside, like a burn mark?
Is it on a powerstrip with a surge protector?
If so was the circuit breaker popped?
How about the cable modem, is that working?

Originally posted by mrmonsoon
Ok,

Here are a few things:

Take the harddrive out of the computer and put it in another computer with full antivirus/firewall. (as a data drive)

Try cleaning it with:
Antivirus( a free 30 day demo of Kasperski Internet Security 2008 is very good)
Spybot search and distroy
Ad aware
Ccleaner
Glary's Utilities

and defrag it.

Now put it back in the orginal computer and see how it goes.

WELL I HAVE DONE MOST OF THAT IN ONE WAY OR ANOTHER....
oops sorry for the caps....

yes i have installed trhe new sata drive installed xp pro got it running (half- no network... and some devices)
I havent tried the old time modem but i am quite confiden t it will work.
I think its usseless though when compared to the amount of data i will have to recycle by the time i solve this....

All devices work now when booted from the old disc.
Yes i have both discs on the same machine and can boot but with different problems between discs old-new.

Eset nod-32 has never failed me but this time it hasn managed to complete a boot yet.
You just reminded me to scan again....
To the point it has reached it doesn t find a thing....(virus)

Yes the box is long oppened - i had to remove drive and install both back..
No there are no signs of physical damage burn or smell....

Its on a surge protector- unwiselly not to a ups though...
Circuit breaker hasn t popped.

reply to post by defcon5


By a staggering coinkidinkie, my name is Serge and I am quite powerful, yet my mac has always been well protected from me.

Originally posted by defcon5
reply to post by schrodingers dog

 

A Mac is just as susceptible to mechanical failures, and power surges.
One of the first machines I ever fixed that was hit by a power surge, was an Amega, which ran the same CPU as old Macs used to run.

its Amiga my friend - well the mistake is tolerable, its been a long time since!

Fine mashines!

Macs are not well supported in Greece, both in hardware and software.
Plus my industry standard is PC ibm compatible and all the rest. You see my field is engineering and i need to be flexible with partners...

Macs are fine mashines i have worked a lot on them in the past but are out of the question at present.

When my andivirus scan finishes i will run another instance after having boot from the new disc and installed Kaspersky...

However i agree the thing seems terminal.
At least i got the data...
I hope the hardware is ok and that i only have to get throu another format...

Okay my computer had a virus just like that. Messed up my HD pretty bad.

Avast
AVG
AdAware
Norton
SpyBot

DID NOT DETECT IT!

Use a program called HijackThis
from trend micro. Its 100% free.

It acts as the Ultimate Task Manager that tells you everything the computer is running directly and lets you repair or delete anything you see suspicious such as registry files with names like Win32.ToxIC/0910289.

Originally posted by n0b0DY
Okay my computer had a virus just like that. Messed up my HD pretty bad.

Avast
AVG
AdAware
Norton
SpyBot

DID NOT DETECT IT!

Use a program called HijackThis
from trend micro. Its 100% free.

It acts as the Ultimate Task Manager that tells you everything the computer is running directly and lets you repair or delete anything you see suspicious such as registry files with names like Win32.ToxIC/0910289.

Excelent post!!!

My scan is at 37% right now and i am pretty sure it will find nothing either.

I will go for your suggetsion straight away!!!!!
Thanks a grand!!!! I find this a very good idea!

here is what i got...
any help?
i don t see anything at first sight....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:38:55, on 31/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Belkin\All-in-One Print Server\ServoApp.exe
C:\Program Files\Belkin\All-in-One Print Server\MFPAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\GEORGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.gr...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Adobe PDF Reader Link Helper - [06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - [074C1DC5-9320-4A9A-947D-C042949C6216] - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - [18DF081C-E8AD-4283-A596-FA578C2EBDC3] - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - [201f27d4-3704-41d6-89c1-aa35e39143ed] - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - [22BF413B-C6D2-4d91-82A9-A0F997BA588C] - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - [3049C3E9-B461-4BC5-8870-4C09146192CA] - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - [AA58ED58-01DD-4d91-8333-CF10577473F7] - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - [AE7CD045-E861-484f-8273-0445EE161910] - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - [AF69DE43-7D58-4638-B6FA-CE66B5AD205D] - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - [C84D72FE-E17D-4195-BB24-76C02E2E7C4E] - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - [E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53] - C:\Program Files\Google\Google Gear

Your welcome!

Also I would suggest looking in your system32 folder for .dll files that seem odd.

I usually find ones that dont make any sense to actually be part of the virus.

Such as yyytttueueue.dll or xlreaper.dll.

Another way to check the .dll files is arrange them by date and find all the ones that were created on the date you got the virus and delete them.

If you cant delete them, i.e. the usual access denied box, use a program called Unlocker to unlock it from its operation and then useEraser to wipe it.

Works everytime!