Edited by TechChalleneged, 26 April 2008 - 11:25 AM.
I think my computer has a virus?
Started by
TechChalleneged
, Apr 25 2008 09:08 PM
1 reply to this topic
#1
Posted 25 April 2008 - 09:08 PM
Just call me TC ^^
Register to Remove
#2
Posted 27 April 2008 - 06:25 PM
hi TechChalleneged,
first we will use hjt, then boot directly into safe mode to delete some files:
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O4 - HKLM\..\Run: [MS Security Hotfix] spoolsrv32.exe
O4 - HKLM\..\Run: [qbcivyfnhth] C:\WINDOWS\system32\qbcivyfnhth.exe
O4 - HKLM\..\Run: [lmguv] C:\WINDOWS\system32\lmguv.exe
O4 - HKLM\..\RunServices: [MS Security Hotfix] spoolsrv32.exe
O4 - HKLM\..\RunServices: [qbcivyfnhth] C:\WINDOWS\system32\qbcivyfnhth.exe
O4 - HKLM\..\RunServices: [lmguv] C:\WINDOWS\system32\lmguv.exe
next do this:
copy (Ctrl C) and paste (Ctrl V) the text below to Notepad. Save it as "All Files" and name it fix.bat Please save it on your desktop.
Double click Fix.bat on your desktop. A window will open and close.
-------------------------------------------------------------
in order to help show all files/dir do this:
Windows 2000
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
time for safe mode. you might want to copy/paste this into notepad and save it so you can read it in safe mode:
navigate to the C:\WINDOWS\system32 dir and see if you can find and delete each of these:
qbcivyfnhth.exe
lmguv.exe
spoolsrv32.exe
ooqsk.exe
also in safe mode:
Click Start>Run then type %temp%
Hit OK. Delete all the files you can.
click Start>Run then type %windir%\temp
hit ok. delete all the files you can
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
---------------------------------------------
reboot computer normally, first stop is a online scan here:
ESET online scanner:
http://www.eset.com/onlinescan/
uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
post the online scan result and a new hjt log please.
shelf life
i think your right.I think my computer has a virus?
first we will use hjt, then boot directly into safe mode to delete some files:
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O4 - HKLM\..\Run: [MS Security Hotfix] spoolsrv32.exe
O4 - HKLM\..\Run: [qbcivyfnhth] C:\WINDOWS\system32\qbcivyfnhth.exe
O4 - HKLM\..\Run: [lmguv] C:\WINDOWS\system32\lmguv.exe
O4 - HKLM\..\RunServices: [MS Security Hotfix] spoolsrv32.exe
O4 - HKLM\..\RunServices: [qbcivyfnhth] C:\WINDOWS\system32\qbcivyfnhth.exe
O4 - HKLM\..\RunServices: [lmguv] C:\WINDOWS\system32\lmguv.exe
next do this:
copy (Ctrl C) and paste (Ctrl V) the text below to Notepad. Save it as "All Files" and name it fix.bat Please save it on your desktop.
sc stop Advanced Networking Service sc delete Advanced Networking Service exit
Double click Fix.bat on your desktop. A window will open and close.
-------------------------------------------------------------
in order to help show all files/dir do this:
Windows 2000
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
time for safe mode. you might want to copy/paste this into notepad and save it so you can read it in safe mode:
navigate to the C:\WINDOWS\system32 dir and see if you can find and delete each of these:
qbcivyfnhth.exe
lmguv.exe
spoolsrv32.exe
ooqsk.exe
also in safe mode:
Click Start>Run then type %temp%
Hit OK. Delete all the files you can.
click Start>Run then type %windir%\temp
hit ok. delete all the files you can
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
---------------------------------------------
reboot computer normally, first stop is a online scan here:
ESET online scanner:
http://www.eset.com/onlinescan/
uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
post the online scan result and a new hjt log please.
shelf life
How Can I Reduce My Risk?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users