Problems with viruses

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

I have a problem with virus. I can get it under control when I turn on the computer, but I can't manage to get rid of it.

When I turn on my computer, the first thing that I do is turn on task manager, as the virus blocks the task manager when it is initiated.

Then I remove the process UMont.exe (The process is rated as safe in Hijackthis... it is to work with USB stuff).

When I remove UMont.exe, a green shield from AVANT Antivirus disappears from the notification area.

Then I remove like 5 or more more processes that are unfamiliar to me.

Then I go to Firefox (when I go to any page BUT the page to purchase the full licese AVANT Antivirus) it throws me a page telling me that Internet Explorer blocked that page because it may contain virus... I'm using Firefox.

In Firefox I go to tools and stop it from using the System Proxy and use No Proxy (Like using the Internet directly or something like that). When I do that, the internet works fine and I don't get an error on Google... I see Google like you should and would.

Here is when I come to a stand still... I don't know where to go to check the system proxy... well, change it altogether. (Or just remove it).

Here is another road-block... I ran hijackthis and removed all the entries that were classified as bad, and ran smitfraudfix in Safe Mode, but the virus still persists. I'm not sure how to fix it.

I haven't run Combofix yet because I'm not sure if I should.

I couldn't update smitfraudfix when I used it because the internet wouldn't work (or so I thought), I just tried to update smitfraudfix, and it wouldn't update because (I think) that firewall or something blocked it from using the internet.

I bought this PC from some guy at a garage sale about a year ago and never had problems with it. The problem with that purchase is all that I got was the PC... no restoration disk or anything.

Currently I'm running a full scan using the C:/WINDOWS/System32/MRT.exe

I would really appreciate the help that I can get in resolving this issue. Thank you.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6801
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Go ahead and run combofix. You could also try MalwareBytes as well.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Alright... I'll do that as soon as MRT.exe is done.

Thanks.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Here is a little update on the problem. MRT.exe didn't fix anything. The issue is bigger than I thought. Umont.exe always turns on at boot (never happened as UMont.exe is for USB and I never have anything plugged in the USB when turning it on... or so I think that how it works).

No wmiprvse.exe turns on at boot... didn't happen earlier today when I was making the original post up top. Googling it told me that developers use that service for monitoring purposes... Under task manager the user is NETWORK SERVICE.

Also, right after the computer got infected (at least that is when I noticed it), I have updates ready for the PC. The PC is Windows XP. Not sure whether its home edition or professional edition.

ComboFix found some rootkit activity, but I fear it might be a full blown hack, but I'm not sure. I might as well spend $200 (or something like that), buy Windows 7, repartition the entire hard drive and install windows 7 on the PC and start off clean.

(Obviously, I'm trying to prevent that from happening.)

I'm writing this post as the ComboFix is running. When I put it to my desktop, I renamed it to Combo-Fix.exe as ATNO has advised me in a previous post and ran it. Now it has rebooted after finding some rootkit activity and preparing to run.

Does anyone think that this could be some hacking attempt that went horribly right? It looks like someone is trying to create some monitoring program to monitor the activities on this PC.

There's nothing illegal or bad, but it still not wanted.

By the way, I attempted to terminate the wmiprvse.exe process from task manager, but it simply won't go away.

Also, I didn't get this answered from my previous post, so I am re-asking it here in fear that it would get missed :lol:

How do I change the system proxy settings? I googled and all I found there is how to set up my firefox to use a proxy of my choosing, and I simply can do that, but using system proxy settings on my PC doesn't work... it uses the proxy of that hacker which blocks everything but the download page to their anti-virus thing.

Just think, advertising some anti-virus program with viruses... That just grinds my gears.

Right now Combo-Fix.exe has deleted a few files and folders named weird, a few of them having the name of the process I turn off every time the computer boots.

I'm just going to wait a little bit for the Combo-Fix.exe to fininsh preparing the Log Report so I can add it in here. I really hope that ComboFix actually would fix this issue and that the weird thing that is going on doesn't persist on coming back.

The way I got this virus is my brother was online and playing some online game, and he pressed to play another game and right when he clicked that game some kind of downloading bar showed up and downloaded something really quickly. My brother had no chance of clicking the cancel button, it happened so fast.

ComboFix finished running, and now I have like 27 less process than I did when it booted before. Which, I think is good news.

The processes that ComboFix removed (Or at least it told me it did) are:

c:\documents and settings\Jeff\Local Settings\Application Data\drytmctdy\gsuvwdmtssd.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\voabowrad\mmwcjvttssd.exe

I checked the report myself and didn't really find anything (mostly because I'm not really sure what the report says). I think the report is mainly to check the findings and try and see anything that ComboFix might have missed. I'm not savvy enough to see anything out of ordinary there so I'm letting someone (or giving someone a chance in other words :) ) to take a look at it and see if there is anything out of ordinary.

I will run malwarebytes if I notice the PC running out of ordinary. Or do you think I should run malewarebytes right now regardless?

Thanks for the patients and the help on this issue and sorry for writing this novel. Sorry, no report from ComboFix... Trying to put it here is like trying to wedge an elephant through a human door... I'm 74000+ characters over the 200000 characters limit :shock: I don't feel like splitting the entire post into 3+ posts... unless you want me to.
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6801
  • Loc: Martinsburg, WV

Post 3+ Months Ago

As long as the PC is running fine I wouldn't worry about posting the log, you could add it as an attachment I think.

I'd run MalwareBytes just as a secondary precaution.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Alright, thanks. It seems that the PC is running fine right now. I'm going to rune malewarebytes regardless I guess.

Thanks for the help :)

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 44 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.