2 replies to this topic

[MrCraig]

Hello. Firstly let me say that i am sorry to join the forum and immediatly be asking for help/ advice, but i really need to get this sorted. Last night i was on my computer and all of a sudden my I.E page crashed and my wallpaper changed to a blue background with a black rectangle placed in the middle of the screen. Inside the black rectangle there are the words 'Your system is infected!' in a bold capital red font, and then the words 'System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommeded to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed.' in a smaller non capital white font. And yes, 'Recommeded' is spelt like that on the desktop. When i switch my computer off, during the shutdown procedure my normal wallpaper flashes up for a minuite or two, however i cannot change it when i try (either through graphics properties, control panel or when i try to right click on a image and 'Set as Desktop background' i cannot click the button.) When i go into display on my Control Panel and click on the tab 'Desktop' it says that my current desktop background is a internet explorer file named: 'critical_warning'. And i cannot change it as it will not allow me to click on any of the other desktop backgrounds such as 'Windows XP'. Once i discovered this, i immediatly scanned my files and found a internet file called 'critical_warning' and deleted it instantly. The virus or whatever it is has also affected my computer in other ways, i will meantion them now. When i click Ctrl+Alt+Delete to bring up Windows Task Manager i recieve a phony looking message entitled 'WARNING' stating that: 'Application cannot be executed. The file is infected. Please activate your antivirus software.' - That message also appears to be layered across a more ligit looking message that dissapears after a second or so that states something like 'Windows Task Manager has been disabled by your administrator'. And just for the record, i am the computer admin and i have not done anything to the Windows Task Manager to cause this. I also sometimes get pop up's on my screen in the middle such as one that is entitled 'WARNING' and states: 'Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click OK to download official intrusion detection system (IDS software)' I also have a little circle with a white cross on my taskbar that every now and then pops up with a little gray warning information bubble warning me of the virus. I have also tried making another user account on my computer just to see if it is only on my account that it effects, but no, the same problems occurred when i started a new admin account on my computer. I also, which does not help, do not have any valid paid virus scanning software, i used to have McAfee Security Centre however i did not renew my contract. I have tried everything and am worried about my personal data etc. Is it safe to use the computer and the internet still? And ideally does anyone know how i can fix this problem? I know a little about computers, however am not the most knowledgable about programmes like 'HiJackThis' and when doing some research of my own on this same problem it all seems to complicated for me. I would GREATLY appreciate some help, as i am completely lost, and very worried. Thank you in advance.

[CatByte]

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[CatByte]

Due to inactivity this topic will be closed. If you need help please start a new thread.