great... just GREAT!

[Savagefreak]

I had my antivir off for 30 min,
and I got some cind of virus...
Everytime I boot windows, it will stay on for about 20 min and shuts itself down again with a message:
OMG h4X!!!

( )


Can someone please help me?

[delight1]

1. erase hard drave
2. install linux
:P

[madsoul]

lool, funny virus

uhnmm, well try to reistall windows maybe..?

[Savagefreak]

1. HELL NO!
2. I have linux on my PC, but I gaame on Windows (I have dual boot)

[PopeOfDope]

Boot into safemode and use virus scanner, a free one is AVG.

If that fails, try a system restore to before you turned off your anti virus.

If that fails, run Hijackthis and post a log here. You can get hijackthis from http://www.majorgeeks.com/download3155.html

If that fails, try a repair install if you have your Windows CD.

[Savagefreak]

Quote:

Originally Posted by MaDSouL

lool, funny virus

uhnmm, well try to reistall windows maybe..?

Yeah... REALLY funny..... NOT
-= Double Post =-
Logfile of HijackThis v1.99.1
Scan saved at 14:51:30, on 7-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss. exe
D:\WINDOWS\system32\winlo gon.exe
D:\WINDOWS\system32\servi ces.exe
D:\WINDOWS\system32\lsass .exe
D:\WINDOWS\system32\svcho st.exe
D:\WINDOWS\System32\svcho st.exe
D:\WINDOWS\system32\spool sv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDL L32.EXE
D:\Program Files\Java\jre1.5.0_03\bi n\jusched.exe
D:\Program Files\iTunes\iTunesHelper .exe
D:\Program Files\HighCriteria\TotalR ecorder\TotRecSched.exe
D:\Program Files\SyncroSoft\Pos\H2O\ cledx.exe
D:\Program Files\Common Files\InstallShield\Updat eService\ISUSPM.exe
D:\WINDOWS\system32\ctfmo n.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Stardock\ObjectDock \ObjectDock.exe
D:\WINDOWS\system32\dxcom bin.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc 32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServ ice.exe
D:\Program Files\iPod\bin\iPodServic e.exe
D:\WINDOWS\system32\wscnt fy.exe
D:\WINDOWS\system32\wuauc lt.exe
D:\WINDOWS\system32\svcho st.exe
D:\WINDOWS\system32\svcho st.exe
C:\BitLord\BitLord.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\dllho st.exe
C:\Program Files\Microsoft Visual Studio\VB98\Project1.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\WILLEM~1\LOCA LS~1\Temp\Rar$EX00.963\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\I nternet Explorer\Main,Start Page = http://forums.qj.net/
R0 - HKCU\Software\Microsoft\I nternet Explorer\Toolbar,LinksFol derName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper. dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl .dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcT ray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bi n\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper .exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Program Files\HighCriteria\TotalR ecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\ cledx.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\Updat eService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmo n.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\A dobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock \ObjectDock.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFI CE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFI CE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.ex e
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.ex e
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGR AP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGR AP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc .exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DirectX multi version - Unknown owner - D:\WINDOWS\system32\dxcom bin.exe
O23 - Service: InstallShield Licensing Service - Macrovision - D:\Program Files\Common Files\InstallShield Shared\Service\InstallShi eld Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodServic e.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc 32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServ ice.exe

[-TheSilenceOfNoOne-]

Quote:

Originally Posted by savagefreak

Yeah... REALLY funny..... NOT
-= Double Post =-
Logfile of HijackThis v1.99.1
Scan saved at 14:51:30, on 7-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss. exe
D:\WINDOWS\system32\winlo gon.exe
D:\WINDOWS\system32\servi ces.exe
D:\WINDOWS\system32\lsass .exe
D:\WINDOWS\system32\svcho st.exe
D:\WINDOWS\System32\svcho st.exe
D:\WINDOWS\system32\spool sv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDL L32.EXE
D:\Program Files\Java\jre1.5.0_03\bi n\jusched.exe
D:\Program Files\iTunes\iTunesHelper .exe
D:\Program Files\HighCriteria\TotalR ecorder\TotRecSched.exe
D:\Program Files\SyncroSoft\Pos\H2O\ cledx.exe
D:\Program Files\Common Files\InstallShield\Updat eService\ISUSPM.exe
D:\WINDOWS\system32\ctfmo n.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Stardock\ObjectDock \ObjectDock.exe
D:\WINDOWS\system32\dxcom bin.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc 32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServ ice.exe
D:\Program Files\iPod\bin\iPodServic e.exe
D:\WINDOWS\system32\wscnt fy.exe
D:\WINDOWS\system32\wuauc lt.exe
D:\WINDOWS\system32\svcho st.exe
D:\WINDOWS\system32\svcho st.exe
C:\BitLord\BitLord.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\dllho st.exe
C:\Program Files\Microsoft Visual Studio\VB98\Project1.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\WILLEM~1\LOCA LS~1\Temp\Rar$EX00.963\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\I nternet Explorer\Main,Start Page = http://forums.qj.net/
R0 - HKCU\Software\Microsoft\I nternet Explorer\Toolbar,LinksFol derName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper. dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl .dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcT ray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bi n\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper .exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Program Files\HighCriteria\TotalR ecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\ cledx.exe
O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\Updat eService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmo n.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\A dobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock \ObjectDock.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFI CE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFI CE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.ex e
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.ex e
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGR AP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGR AP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc .exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DirectX multi version - Unknown owner - D:\WINDOWS\system32\dxcom bin.exe
O23 - Service: InstallShield Licensing Service - Macrovision - D:\Program Files\Common Files\InstallShield Shared\Service\InstallShi eld Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodServic e.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc 32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServ ice.exe

You need to post this on Dell.com annd someone'll help you.

LAWLZ, Your starting webpage is forums.qj.net... XD

[Realn0whereman]

rofl


hackers these days have a sense of humor. go into linux and scan ur windows partition from there. also u can game in linux....
-= Double Post =-
also maybe creat a partition in linux and back ur **** up and just delete windows

[PopeOfDope]

Hmm I can't see anything particularly incriminating but I can't read logs that well just yet.

Uninstall BitLord. The older versions were littered with spywayre and adware so use uTorrent or Azureus instead.

dxcombin could be potentially infected, but there's very little information on it. It's real owner should be microsoft so it may have been modified. Try reinstalling DirectX 9.0c perhaps?

Other than that, nothing seems too wrong. Project1.exe is your own I'm assuming?

Also run this and check if theres any suspicios processes running. http://www.sysinternals.com/Utilitie...sExplorer.html

[Savagefreak]

Ive DONE IT!!!!
ZOMFG IT WORKS AGAIN!
I have formatted my harddrive
and installed linux on it...

Maybe Ill reinstall windows later this dayy......

But w/e, thanks for the help :-p

(BTW: when I tryed system-recovery it comes up with another box that says:
''Aw, Hell no!''.......)
-= Double Post =-
Project1 wasn't my own...
Could I be that then?

[PopeOfDope]

Yeah, project1.exe is a trojan apparently. Several viruses rename themselves to project1 like codebase-e and count2k.

I guess it doesn't matter anymore

[FreePlay]

*LOL*
http://www.greatis.com/appdata/d/d/dxcombin.exe.htm
D:\WINDOWS\system32\dxcom bin.exe was also a backdoor/trojan.

C:\Program Files\Microsoft Visual Studio\VB98\Project1.exe wasn't a virus, it was a VB program. Unless, of course, you weren't making any VB programs at the time, in which case it was probably a virus.

Tip: Stay off porn sites if your antivirus is turned off -_-