TPC Virus & Spyware Removal Thread (must read page 1)

• WinXPert on August 23, 2010 03:30 PM

  batch file programming will do

• hotpandesal on August 24, 2010 03:28 PM

  
  
  

  Thread Reminders:
  1. Before posting your issue, please try to initially read the first page of the thread. <click here for link>
  2. Keep the thread clean. And stick to the topic.
  3. Be patient. You don't have to repeat yourself. There are other people who can also answer your inquiry aside from the VSRT members. Most of us are volunteers in other sites too and we stop by here to help if we can steal more time from real life and our families, so please be patient. Then we look quickly for folks with no replies to help out. We hope you understand.
  4. Don't post links to warez and cracks, doing so may get you banned.
  5. When posting pictures of screenshots and other things related to the topic, please limit it to 640x480 pixels. Anything beyond that will be reported to our mods for immediate deletion.
  6. Upload your HiJackThis and/or other logs to our 4Shared account, and create a folder with your name in it. <click here for link>
  7. If our tools are detected as virus (like Win32/Packed.Themida), exclude the tool to be scanned by your antivirus. Better yet disable your AV temporarily as you run the tool/s.
  8. Our fixes are implied without warranty. Use at your own risk.
  9. No spoonfeeding and text speak here in the forum and anywhere else in TipidPC/CP.
  10. Please don't email or PM anyone from the VSRT members for "personal" HJT/virus help. We all benefit when a problem is discussed in the open.
  11. Not all error/s you get in Windows is/are caused by a virus. If this is so, then your issue will be out of the topic. However, we can still help you figure out if it is a virus problem or not, but then afterwards you may look for another forum for a solution.
  12. Sorry, but we can not provide support for those using illegitimate and/or unlicensed Software. As much as possible, we keep piracy to a minimum or zero level at all times.
  13. Those who violate the TPC-VSRT Rules and Regulations will be ignored of their issue, unless they manage to correct their mistake/s.
  14. 14. People who may be interested in joining the TipidPC Virus & Spyware Removal Team may PM GIGZ_09
  15. We are not 24/7 online, and we are a non-profit, all-volunteer group. If you cannot wait for us to get a solution, better ask another forum instead of wailing wildly and complaining.
  16. The TPC-VSRT thread cannot be utilized as a source of information for income-generating purposes such as Malware removal services and the like, and other unnecessary means. Any actions undertaken may lead to banning from this thread.

  
  
  Here are some steps that you may need to do first so we can assist you better:
  
  

  Intructions before posting your Malware issue
  1.Update your Antivirus
  2.Download MalwareByte's Anti-Malware Install and Update
  3.Download SuperAntispyware Install and Update
  4.Disconnect from the Internet
  5.Back-up important files
  6.Disable Sytem Restore(Optional only disable when necessary and instructed to you)
  7.Do a Full System Scan with your Antivirus
  8.Do a Full System Scan using MalwareByte's Anti-Malware(if prompted to restart do so)
  9.Do a Full System Scan using SuperAntiSpyware(if prompted to restart do so)
  10. If you think you are still infected Scan your system with HijackThis or QuickSmash

  
  
  

  Using HijackThis
  1.Download HijackThis Executable: <click here for link>
  2.Close all running applications and scan your system with HijackThis
  3.Save and Upload your HJT Logs in our 4Shared Account.
  4.Post the Download link of the log here along with your Malware issue.
  
  How to Upload HJT Logs
  1. Go to our 4Shared Account: <click here for link>
  2.Click on the Hijackthis logs folder
  3.Click on the folder with the green plus (+) icon (Create a new folder)
  4.When asked for a name, type in your tpc username, and click OK.
  5.Now click on your newly created folder
  6.Click Browse (on the lower part of the screen)
  7.Find your hijackthis log and select it.
  8.Click Open and then Upload
  9.Now it will say Uploaded successfully
  10.Right click on the Download link for the file, and click Copy Link Location (for Firefox Users) or Copy Shortcut (for Internet Explorer users)
  11.Paste the webpage on the thread and notify us if you have done so already.
  
  Do not post your hijackthis log directly in the thread.

  
  
  

  "Quicksmash Assistance" Developed by t68kv
  
  1. Download Quicksmash, after downloading open it.
  2. Check "include hijackthislog", "Update Before Smashing".
  3. Follow the steps on uploading the log created by the quicksmash.
  Wait for the "Finish" message, and follow the instruction on the next messageboxes.
  Usually the filename is named at the current date on you computer. EX "13-08-2008"
  4. Post the link, The link must be working for fast response from the team.
  5. Wait For Response Or Further Instruction From T68KV or Other Reliable Team Member.
  Usually they will tell you to redo the instruction. After Updating the Defintion.
  6. Download Quicksmash from here: <click here for link>

  
  
  Disclaimer:
  NEITHER THE TEAM OR ANYONE DIRECTLY CONNECTED IN PUBLISHING FIXES FOR YOUR PC SHALL MAKE ANY WARRANTY EITHER EXPRESSED OR IMPLIED. FURTHER, NEITHER THE TEAM OR ANYONE HELPING OUT SHALL BE LIABLE FOR ERRORS OR OMISSIONS CONTAINED HEREIN, OR FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. THE FIXES ARE PROVIDED "AS-IS", AND THE READER/MEMBER BEARS ALL RESPONSIBILITIES AND RISKS CONNECTED WITH IT'S USE.
  
  TipidPC Virus and Spyware Removal Team website: <click here for link>
  Feel free to leave your comments and suggestions!

• scroolflux on August 24, 2010 10:43 PM

  @signgemini_2 assembly language po ang ginagamit sa paggawa ng anti-virus.. i may take a while para maituro ko sa'yo ng maayos kung papano nadedetect ng isang antivirus ang mga virus. you will need an expertise to do softwares like that. Much better sir kung magdownload ka na lang ng software para matanggal ung virus sa usb mu.

• schutzstaffel on August 25, 2010 08:36 AM

  team pa advise naman...
  
  me naka encounter na ba sa inyo ng svchosty.exe? Ive tried cleaning with malware bytes, symantec, nalilinis naman kaso after reboot, lumilipat lang sya ng folder. Ive disabled system restore na din... thanks

• WinXPert on August 25, 2010 09:59 AM

  if your're using xp use gpedit.msc instructions here <click here for link>

• schutzstaffel on August 25, 2010 01:32 PM

  @winxpert
  
  thanks bro, ill try that next time.

• WinXPert on August 25, 2010 03:31 PM

  You're MAJOR MAJOR welcome! :)

• liam_allen on August 25, 2010 08:04 PM

  mga sir may naka encounter na ba sa inyo nung google sorry?di na kc ako maka pag search sa google laging sorry yung lumalabas.kapag enter kung nung mga characters na binigay para maverify kung human ka wala naman epekto pau lit ulit lang ganun.nag virus scan na ako wala naman infected sabi sa mga forum na nabasa ko sa net change ip kc naka ban na raw once ma encounter mo ito...any idea mga sir?

• liam_allen on August 25, 2010 08:12 PM

  The 'We're Sorry' message appears when Google detects that a computer on your network is sending automated traffic to Google. Automated queries are against our Terms of Service.
  The error page most likely displays a CAPTCHA (a squiggly word with a box below it). To continue using Google, type the squiggly word into the box -- it's how we know you're a human, not a robot
  
  
  eto po yung sinasabi ko baka meron ng mga naka experience po nito sa inyo help naman po...TIA

• WinXPert on August 26, 2010 01:53 PM

  please follow our instructions and post your HJT log, let's see if we can find some nasties lurking in your system first that may be causing the problem

• waryor on August 26, 2010 07:41 PM

  http://www.4shared.com/account/file/95TxAsfH/hijackthis.html?sId=UtfH2oZKteG9pGHn ito un aken.. ang problem ko is palage na disable yun sound driver ko.. palagi walang sound.. tapos nireformat ko na ganun pa rin.. teka scan din ako ng mbam at super antispyware

• jundeleon1 on August 27, 2010 05:26 PM

  What is an auto.exe file?
  
  A google search says its a malware. but superantispyware or avg free cant detect.
  
  
  How can this be removed?
  
  Theres a window "bobo: you think you are smart" that appears from time to time in my laptop.
  
  *************
  
  update: i was able to fix it. the auto.exe file was traced and removed by iobit 360. thanks.
  
  -- edited by jundeleon1 on Aug 27 2010, 08:13 PM

• xtien on August 28, 2010 10:53 AM

  Intructions before posting your Malware issue
  1.Update your Antivirus
  2.Download MalwareByte's Anti-Malware Install and Update
  3.Download SuperAntispyware Install and Update
  4.Disconnect from the Internet
  5.Back-up important files
  6.Disable Sytem Restore(Optional only disable when necessary and instructed to you)
  7.Do a Full System Scan with your Antivirus
  8.Do a Full System Scan using MalwareByte's Anti-Malware(if prompted to restart do so)
  9.Do a Full System Scan using SuperAntiSpyware(if prompted to restart do so)
  10. If you think you are still infected Scan your system with HijackThis or QuickSmash
  
  ---guys have you heard of combofix? too tired to backread. when we encounter virus the first thing we do in our company is run combofix in safemode then scan malwarebytes and so on. almost the same process natin to remove virus. thanks

• brwneyes on August 28, 2010 04:52 PM

  kamusta??
  
  major major pa rin ba prob nyo sa virus?? ak ak ak!!!

• hotpandesal on August 29, 2010 07:12 PM

  @waryor
  Sir ok na po ba yung problem nyo? wala po ko makita kakaiba sa logs nyo bukod sa 2 antivirus na naka install sa PC nyo...^_^
  
  @xtien
  yes sir we know of Combofix...kaya lang need ng guide ng isang combofix expert that can read and analayze its logs and suggest the user on what to do next...we can't just run combofix without checking its logs and then go with the antivirus/malware scan after...medyo delicate kasi ang combofix for average PC user unlike HiJackThis...hindi kasi sya yung type na Run and Forget Malware Removal Tool na tulad ng iba...I have used combofix many times pero minsan nagkakamali parin ako sa pag analyze ng logs nya..and the result was not good pag nangyayari yun...thats why i personally dont suggest it here!
  
  but if you can teach how to use combofix to our TPC members na nag iinquire about their malware problem then be our guest...or rather join us here...tyanks ^_^
  
  ^_^

• xtien on August 30, 2010 02:03 AM

  @hot
  
  i love too pero masyado na kasi busy sir =)
  
  keep up the good work and more power! this thread is very informative
  
  Virus & Spyware Removal Thread! unlike others na Virus and Reformat Team
  
  
  and one thing regarding removal process
  
  1.Update your Antivirus
  2.Download MalwareByte's Anti-Malware Install and Update
  3.Download SuperAntispyware Install and Update
  4.Disconnect from the Internet
  5.Back-up important files
  6.Disable Sytem Restore(Optional only disable when necessary and instructed to you)
  7.Do a Full System Scan with your Antivirus
  8.Do a Full System Scan using MalwareByte's Anti-Malware(if prompted to restart do so)
  9.Do a Full System Scan using SuperAntiSpyware(if prompted to restart do so)
  10. If you think you are still infected Scan your system with HijackThis or QuickSmash
  
  if you have extra machine with updated antivirus/malware. why not slave the hardrive of the infected computer and scan it? pwede din makatulong.
  
  Thanks

• WinXPert on August 30, 2010 12:56 PM

  combofix
  
  

  @xtien
  yes sir we know of Combofix...kaya lang need ng guide ng isang combofix expert that can read and analayze its logs and suggest the user on what to do next...we can't just run combofix without checking its logs and then go with the antivirus/malware scan after...medyo delicate kasi ang combofix for average PC user unlike HiJackThis...hindi kasi sya yung type na Run and Forget Malware Removal Tool na tulad ng iba...I have used combofix many times pero minsan nagkakamali parin ako sa pag analyze ng logs nya..and the result was not good pag nangyayari yun...thats why i personally dont suggest it here!

  
  
  i agree you need an expert in reading the log and creating cfscript.txt the will be used with combofix after the first scan.
  
  bottomline it's ok to use it only when an expert in combofix (www.bleepingcomputers.com) instructed you to run it and be properly guided on what to do next or face major major problems afterwards.
  
  here is a snippet from www.bleepingcomputer.com <click here for link>
  
  

  You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

• waryor on August 30, 2010 04:09 PM

  ganun parin pag install ko ng driver ng onboard soundcard ko wala parin siyang nadedetect na sound.. kasi bagong reformat ito.. bago ko ito nireformat may virus siya na location is nasa volume ko..
  
  -- edited by waryor on Aug 30 2010, 04:11 PM

• ranDeLroCks on August 30, 2010 09:22 PM

  patulong nman po.
  
  heres my log
  http://www.4shared.com/file/Ma60qCP-/hijackthis.html
  
  pag nag start ako ng pc laging may mga nagpopop up lyk csr.exe,
  
  tapos knuconvert nito ang mga folders ko as .exe application.
  
  meron ding recycler na di ko madelete delete at system volume information...
  
  may mga sites rin akong di mapuntahan lyk anti-virus sites...
  thanks po =)

• hotpandesal on August 31, 2010 12:01 AM

  @waryor
  may partition po ba yung Hard Disk nyo? wala po ba "?" or "!" yung sound device nyo sa Device Manager?
  nakakapag browse po ba kayo ng mga online scanner or antivirus sites?
  
  
  @ranDeLoCks
  
  -Run HiJackThis again
  -put check on this entry:
  

  O4 - S-1-5-21-1390067357-1284227242-725345543-1004 Startup: cssrs.exe (User '(^__^)')
  

  -click the Fix button
  -close HiJackthis
  
  Download and run HostXpert<click here for link>
  -Unzip HostsXpert.zip
  -Run HostsXpert.exe
  -Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
  -Click Restore Microsoft's Hosts File and then click OK.
  -Click the X to exit the program
  
  -Run CCleaner (yung cleaner lang muna)
  -Restart
  -Fallow mo ulit yung steps sa Intructions before posting your Malware issue
  -then post the link of your new hijackthis logs
  
  ^_^
  
  -- edited by hotpandesal on Aug 31 2010, 12:05 AM
  
  -- edited by hotpandesal on Aug 31 2010, 12:06 AM

• nivra888 on August 31, 2010 05:12 PM

  mga boss
  
  pa tulong naman po sa virus ko sa network kaya pala nag loloko connection ko pag sa network. panu po matatangal yun virus na toh W32.Downadup.B
  
  tnx sa reply

• zenitheous on August 31, 2010 05:30 PM

  possible po ba na virus dahilan kung baket nagrerestart modem ko at naddc. kasi sabi ng mga tech na pabalik balik dito. test na lahat ng lines, signals etc. wala naman daw problema . nagtataka sila baket naddc parin ako at nagrerestart modem ko. pinalitan narin ng bagong modem pero ganon parin. mga experts. possible ba na virus to??

• zenitheous on August 31, 2010 05:48 PM

  _____edited_____
  
  -- edited by zenitheous on Sep 01 2010, 08:53 PM

• zenitheous on August 31, 2010 07:48 PM

  <click here for link>
  
  pahelp naman . pakichek nman po. ^_^ hehe

• zurigano on September 01, 2010 03:23 AM

  meron na ba sila new version ng tpc virus and spyware removal pack? gusto ko sana po madownload ung updated pack nyo...

• hotpandesal on September 01, 2010 01:00 PM

  @nivra8888
  paki fallow po yung Intructions before posting your Malware issue na nasa Thread Reminder thanks ^_^
  
  @zenitheous
  paki delete po ng 2nd post nyo thanks ^_^
  
  will try to analyze your logs today if time permits thanks ^_^
  
  @zurigano
  sorry sir wala pa po updated version yung TPC-VSRT Removal Pack,,super busy sa studies nya si sir ParticleX ^_^

• zenitheous on September 01, 2010 04:57 PM

  @sir hot
  
  
  alin pong post ang edit ko hehehe. salamat po

• hotpandesal on September 01, 2010 05:12 PM

  @zentheous
  yung 2nd post nyo sir yung August 31, 2010 05:48 PM
  
  wala po ko makita kakaiba sa logs nyo sir eto lang:

  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

  but i think wala yan kinalaman sa pag reset ng modem nyo
  
  -run hijackthis again
  -seach for that entry and lagyan mo ng check
  -clcik mo yung fix botton sa baba
  -close hijackthis
  -run Ccleaner
  -then ulitin mo yung Intructions before posting your Malware issue na nasa Thread Reminder
  -tas post mo ulit dito yung bagong link ng logs nyo..like what you did sa 3rd post nyo "August 31, 2010 07:48 PM"
  
  ...can you remember the first time nag occur yung prob nayun? any new program na nainstall or activity bago sya nangyari?

715 active users within the last 5 minutes, 461 members, 254 guests.
Our newest member is TrefeTulpshes
Click here to see online members.