|
| | | New Member
Group: Forum Members
Last Login: 6/22/2008 1:40 AM
Posts: 41, Visits: 567 |
| hello,
well i have two pc both are windows xp sp2. One has the internet the other has no internet.
my little sis went to her friends house shared a usb came back home and used it in her pc that now it's acting weird. Her computer is slow the floppy drive makes noise everytime i go to msconfig it just automatically shuts the pc if i go to regedit it says i do not have permission and i need administrative rights.And i keep getting some web page link in my documents to some foreign language web site. I tried going in safe mode samething.She doesnt have a antivirus software. And im very worried to share any floppy or cd in her pc. So if anyone could help figure out what to do and what is the name or genre of this virus or trojan?
thank you |
| |
| | | New Member
Group: Forum Members
Last Login: 6/22/2008 1:40 AM
Posts: 41, Visits: 567 |
| im only able to go to taskmanager after so many tries.ill give the list.
NAME MEM USAGE
isass.exe 6,240k
services.exe 4,832
winlogon.exe 5,132
SVCHOST.exe 2,496
ctfmon.exe 3,444
Navapw32.exe 7,136
ituneshelper.exe 3,980
rundll32.exe 3,684
realsched.exe 484
explorer.exe 21,400
alg.exe 2,568
MSPMSPSV.EXE 1,112
wdfmgr.exe 1,344
svchost.exe 2,852
Ipodservice.exe 3,224
mdm.exe 1,632
bgsvcgen.exe 1,208
AvidSDMService.exe 656
spoolsv.exe 5,068
svchost.exe 3,184
svchost.exe 2,020
StyleXpservice.exe 1,864
svchost.exe 17,960
svchost.exe 3,344
svchost.exe 3,656
isass.exe 960
services.exe 3,088
csrss.exe 2,810
smss.exe
taskmgr.exe
system.exe
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,009, Visits: 54,734 |
| Welcome
Right click on system.exe in Task Manager and select 'End Process',what happens.
__________________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 6/22/2008 1:40 AM
Posts: 41, Visits: 567 |
| tnx for replying i tried that nothing worked anyways i did some research my sis got infected with
Win32/Brontok worm becuz she shared a usb with her friend.
What do i do to disinfect help would be appreciated.
thank u |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,009, Visits: 54,734 |
| First you'll need to download all the following,then transfer the installers over to the pc without the net connection via USB/Flash drive etc.
W32/Brontok disinfection instructions:
http://www.sophos.com/support/disinfection/brontok.html
Download the Brontok Worm Removal Tool by sUBs and save it to your Desktop:
http://download.bleepingcomputer.com/sUBs/CleanX-II.exe
Disconnect the computer from the Internet and close all other programs.
Double-click CleanX-II.exe and follow the prompts.
The tool will begin scanning your machine. Because this worm names it's files randomly, there are a series of cross-checks/verification processes to ensure that the tool does not remove legitimate files. Depending on the size of your drives, this scan may take several minutes. Please be patient during this period & allow it to complete it's task.
Once the scan is complete it will provide a text log of the results.
If the log shows any files remaining in the bottom portion under "POST RUN ANALYSIS" run the entire scan a second time.
Once you've done the above,you need to post a Hijackthis log.
Download Trend Micro HijackThis 2.0.2 to your desktop:
Double click on HJTInstall.exe,it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis.
When the install is complete,HijackThis will automatically launch.
When the license agreement appears,select "I Accept" and then click on the "Do a system scan only" button.
When the scan is complete,click on the "Save Log" button,then save it to your desktop.
Copy and paste the entire contents of that log into a new topic in the HijackThis Logs forum, not here.
__________________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 6/22/2008 1:40 AM
Posts: 41, Visits: 567 |
| | hi is it possible to put those files in a 3 1/2 floppy or would that be infected if i put it in the brontok infected pc? |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,009, Visits: 54,734 |
| | |
| | | New Member
Group: Forum Members
Last Login: 6/22/2008 1:40 AM
Posts: 41, Visits: 567 |
| the pc has no internet connection which virus scan should i download which is latest updated
and how would i send in the other pc? 3 1/2 floppy or with cd-rw?
would that infect?
ive tried brontgui it didnt work
CleanX-II did work but the following day it came back? is it to do with alot of user names in that pc
somehow it satyed behind?
thank u |
| |
| | | |
|
