Virus takes over csipro

[Guest]

[Melih]

did you try killswitch?

[5718Dewey]

I am still having trouble downloading CCE .Pop up , after I had tried to download CCe that to complete download "Please delete CCe".It has come up before when some download was being replaced by updated VER. As I watched the download I saw other programs  being uninstalled as well .

 I dont think anything to important is gone .

In the past as well as now I have been denied ability to ;format on clean install, use of cd/dvd drv.,I can do a msconfig session but am not allowed access to some feature that would remove winlogon.exe . This exe had no folder assoc. with it . Hover over it and , doing Admin Work .I can access cmd.exe but , as the last one nothing that would harm bug is allowed .logging on to forums my password would be mare than doubled in length . In so doing I could not log in.

When I try to tart stopped systems that are needed to assure no malware can get in progams or folders , I am not allowed . Not because I dont have permissions enough , ."Topic ,or program is denied to you . Or .not available at  this time .When wanting to uninstall a program bug wants to keep , message reads "Please wat untill running program is unistalled . I had not started an unintall at that time .Some times when doing a harm to bug the command black screen will pop up . Jusat a hlf second or less .The more I do to delete buug the more services are cut off from my using them  I will try to lod CCE again to see whhat h goes on

Best Regards to You 5718Dewey

[brightness]

I am still having trouble downloading CCE .Pop up , after I had tried to download CCe that to complete download "Please delete CCe".It has come up before when some download was being replaced by updated VER. As I watched the download I saw other programs  being uninstalled as well .

 I dont think anything to important is gone .

In the past as well as now I have been denied ability to ;format on clean install, use of cd/dvd drv.,I can do a msconfig session but am not allowed access to some feature that would remove winlogon.exe . This exe had no folder assoc. with it . Hover over it and , doing Admin Work .I can access cmd.exe but , as the last one nothing that would harm bug is allowed .logging on to forums my password would be mare than doubled in length . In so doing I could not log in.

When I try to tart stopped systems that are needed to assure no malware can get in progams or folders , I am not allowed . Not because I dont have permissions enough , ."Topic ,or program is denied to you . Or .not available at  this time .When wanting to uninstall a program bug wants to keep , message reads "Please wat untill running program is unistalled . I had not started an unintall at that time .Some times when doing a harm to bug the command black screen will pop up . Jusat a hlf second or less .The more I do to delete buug the more services are cut off from my using them  I will try to lod CCE again to see whhat h goes on

Best Regards to You 5718Dewey

Perhaps you could try to download CCE from another PC (eg borrow a friend's) and save it to an USB. And then boot your infected PC into safe mode by pressing F8 when the PC is starting (so that Windows only loads necessary files, makes it easier to clean). And then run CCE.

Regards.

[SiberLynx]

Perhaps you could try to download CCE from another PC (eg borrow a friend's) and save it to an USB. And then boot your infected PC into safe mode by pressing F8 when the PC is starting (so that Windows only loads necessary files, makes it easier to clean). And then run CCE.

Running CCE &/or Killswitch is very bad advices for inexperienced user
System will be dead way before any help can be provided (that was said here in the forum many times already) - dangerous!

In addition - you do not ever fight malware in Safe Mode in the 1st place
That was discussed thousands of times. In short - that is the way malware will definitely escape ... yes!

You will probably use Safe Mode, but only when & IF certified expert will tell you after he/she gathers certain preliminary info about your system

To the original poster:
5718Dewey, please visit one of the dedicated forums where you can get help and be assisted by certified specialists.

If you want to know some places, please just ask

My regards

[brightness]

Running CCE &/or Killswitch is very bad advices for inexperienced user
System will be dead way before any help can be provided (that was said here in the forum many times already) - dangerous!

In addition - you do not ever fight malware in Safe Mode in the 1st place
That was discussed thousands of times. In short - that is the way malware will definitely escape ... yes!

You will probably use Safe Mode, but only when & IF certified expert will tell you after he/she gathers certain preliminary info about your system

To the original poster:
5718Dewey, please visit one of the dedicated forums where you can get help and be assisted by certified specialists.

If you want to know some places, please just ask

My regards

Actually using CCE or Killswitch is advised by the CEO Melih.

Also, from my own experience of dealing with infected pcs, booting into safe mode makes it easy for the av to remove malware.

Here is an article:
http://www.wikihow.com/Remove-Virus-Infections

Regards.

[5718Dewey]

I am still having trouble downloading CCE .Pop up , after I had tried to download CCe that to complete download "Please delete CCe".It has come up before when some download was being replaced by updated VER. As I watched the download I saw other programs  being uninstalled as well .

 I dont think anything to important is gone .

In the past as well as now I have been denied ability to ;format on clean install, use of cd/dvd drv.,I can do a msconfig session but am not allowed access to some feature that would remove winlogon.exe . This exe had no folder assoc. with it . Hover over it and , doing Admin Work .I can access cmd.exe but , as the last one nothing that would harm bug is allowed .logging on to forums my password would be mare than doubled in length . In so doing I could not log in.

When I try to tart stopped systems that are needed to assure no malware can get in progams or folders , I am not allowed . Not because I dont have permissions enough , ."Topic ,or program is denied to you . Or .not available at  this time .When wanting to uninstall a program bug wants to keep , message reads "Please wat untill running program is unistalled . I had not started an unintall at that time .Some times when doing a harm to bug the command black screen will pop up . Jusat a hlf second or less .The more I do to delete buug the more services are cut off from my using them  I will try to lod CCE again to see whhat h goes on

Best Regards to You 5718Dewey

[5718Dewey]

This partly re; black screen. What happened the last time was caused by me taking ownership of every program and file I could . After the next clean install ,I no longer have this option . Quick learner my bug.

Some how PC Doctor was downloaded onto PC ..Should I delete it?

I also have some screen shots of activities on PC. from Comodo security . Do you want to see them ? Take a rest
5718Dewey

[5718Dewey]

While I love Comodo very much I must say that some professionals say the detection rate of CIS is not that high and CIS is not capable of repairing infected PCs most of the time.

FIRST OF ALL, please provide details of your infection. For example, the symptoms and what make you know that it is infected. This could assist the knowledgeable members of the forum to help you (BTW I am not knowledgeable at all )

You could try this:
1. Download avast antivirus (free) from another pc. Save the setup file on a usb.

2. Boot your infected pc into safe mode (repeatedly press F8 when booting). Install avast. Fully update the program and do a full scan. Also, do a boot time scan (avast -> scan computer -> boot time scan -> schedule now -> restart now).

3. If avast cant be installed, dont panic. On another pc download SuperAntiSpyware (free). Save onto usb. Boot up your infected pc into safe mode (repeatedly press F8 when booting). Install SAS. Update the program. NOTE: if SAS cant be start due to virus, go the Start -> SuperAntiSpyware Alternate Start (this would start up SAS with random process name -- a very powerful defense against virus attack).

4. Run a Complete scan with SAS, you could tick the Enable Rescue Scan box. Also, select all drives to scan.

Also, if you have fully reformatted your hdd and the virus still persists, it is probable that it has infected your BIOS. If so, it is a big deal and really not easy to fix. You could seek help from a technician.

Reference:
http://www.ehow.com/how-does_4809843_removing-bios-virus.html

This is my 2 cents.

Good advice .  When I get too much crap on PC it makes i hard for the GEEKBUDDYS to waade thru' all the debris from my attempts to delete bug . This came from a very good Buddy wiyh whom I had two sessions with . So much coruted files and stuuff. TU for your interset 5718Dewey

[5718Dewey]

Running CCE &/or Killswitch is very bad advices for inexperienced user
System will be dead way before any help can be provided (that was said here in the forum many times already) - dangerous!

In addition - you do not ever fight malware in Safe Mode in the 1st place
That was discussed thousands of times. In short - that is the way malware will definitely escape ... yes!

You will probably use Safe Mode, but only when & IF certified expert will tell you after he/she gathers certain preliminary info about your system

To the original poster:
5718Dewey, please visit one of the dedicated forums where you can get help and be assisted by certified specialists.

If you want to know some places, please just ask

My regards

Oh yes I want help

If it will  help I have Highjackthis results as well as OTL.exe results . I can not run or use CCE because thr bug on my PC is very intrusive ,and keeps watch over all I do . The other day I was deleting processes that had no file assoc. wiyh them .then as i tried to mouse to others my mouse was no longer in my control on that page . WHAT a mess . Yhank You for your interesr 5718Dewey

[5718Dewey]

I ,today ran across an article on the web Re;C:\MSOcache\sysfiles\winlog.exe .Supposed to be what takes over and causes svchost.exe to multiply, as well as winlogon.exe .  I am not skilled enough t take on this . I have tried in the past to do things beyond my skill level and had to do another clean install . SOOOO I need help .

Thank you for your interest

[Chiron]

Can you please run HijackThis and post the results?

Also, can you please run GMER and post the results? You can do this by a screenshot if you want.

With this information we should be able to get a better idea of what's going on.

[SiberLynx]

Hi brightness ,

I'll try being as laconic as possible because I don't want to create OffTopic discussion here

Actually using CCE or Killswitch is advised by the CEO Melih

does it really matter?
With all due respect to Melih...
... the said Tools are for experts only. Probably for GB folks in case they have strong believe in them (I don't). Those Utilities definitely should not be offered & being used by any common/average (no offense intended ) users.  

Also, from my own experience of dealing with infected pcs, booting into safe mode makes it easy for the av to remove malware

I am not judging your experience, but NO! again. See what I posted above. One should know when & why it's time using any removal procedures in Safe Mode  

Here is an article:
http://www.wikihow.com/Remove-Virus-Infections

Few words - that is very poorly written & extremely weak article.
I hope you will find some real ones worth reading and following

Install the anti-virus software and update. example: Malwarebytes, combofix

As soon as you see an advice to download ComboFix as a starting point - you should stop reading(!)
ComboFix must not be run without supervision of an expert ever (see disclaimer) ... well, unless you are an expert. Otherwise unrecoverable damage can be done before one can get any help

Using the arrow keys, select Safe Mode with Networking.

Why with Networking? In many cases you have to disconnect physically by unplugging cable

When the scanning is done, see the Scan results and you will see the lists of infections....
...Select all of them, and then click Remove Selected.

Really???!!! woW! That is bloody not funny at all, but I'll allow myself to   a bit.... oh boy!

Cheers!

[5718Dewey]

did you try killswitch?

  Yes I did . You are going to think I an nuts . As the relts were being shown and before I could use the snipping tool, .All the results were changed to safe . every on of them . Windows side Bar has been infected two installs ago  . I have deleted it several times and it keeps coming back , as do other deletes . I have Highjackthis on PC. Lately when i run it I have deleted things I eas sure were infected.Now on the next scan they are back.

I ran that program you suggested . I was wondering if the report got back to you?

 This infection on my PC , has developed the ability to spoof scans from the GEEKBUDDYs. What  I am able to detect myself never shows up for the staff. Not long ago , while checking Task Manager  for processes that had no folder or file to prove it genuine . As i deted a couple ,the mouse would not obey my movements . I am no longer able to check services and ,or processes. Sorr for thelong note .I am going to post this as well as some images that may prove helpful .  Thank you for the services that are provided by your CO. INC   5718Dewey

[5718Dewey]

dont think anything to important is gone .

In the past as well as now I have been denied ability to ;format on clean install, use of cd/dvd drv.,I can do a msconfig session but am not allowed access to some feature that would remove winlogon.exe . This exe had no folder assoc. with it . Hover over it and , doing Admin Work .I can access cmd.exe but , as the last one nothing that would harm bug is allowed .logging on to forums my password would be mare than doubled in length . In so doing I could not log in.

When I try to tart stopped systems that are needed to assure no malware can get in progams or folders , I am not allowed . Not because I dont have permissions enough , ."Topic ,or program is denied to you . Or .not available at  this time .When wanting to uninstall a program bug wants to keep , message reads "Please wat untill running program is unistalled . I had not started an unintall at that time .Some times when doing a harm to bug the command black screen will pop up . Jusat a hlf second or less .The more I do to delete buug the more services are cut off from my using them  I will try to lod CCE again to see whhat h goes on

Best Regards to You 5718Dewey

[5718Dewey]

Another try at a reply to Chiron:I cant run a download or file the bug dos not want me to .It redirects me to a null file . I Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:55 PM, on 1/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Dewey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dewey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dewey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\desktop\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKCU\..\Run: [DuckCapture] "C:\Program Files\DuckLink\DuckCapture\DuckCapture.exe" /autorun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{83697CB7-40C7-4955-AF79-A78845888921}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs:  C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO
GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3506 bytes
did download gemer ,but as above No Joy there One more attempt at an attachment,


Edit by EricJH: I edited the HJT log. There were breaks where there should not be any.

[Tags:]