--Please help me-- Virus

  Joshuahiggi 15:57 06 Apr 2008
Locked

Hello, i am aware i have a virus, but cannot find it nor delete it..
Its trying to completely fill up 2gb's of ram, and is slowly grinding my laptop to a halt..
Its replacing normal ads with the typical "You have a virus" messages, causing my laptop to do erratic things such as changing settings and removing them, shows on certain web pages actual photos in my "My pictures" folder, and seems to play weird music when i try to open NOD32..
I have run many scans, different anti-viruses and have even run (Trusted) online virus scanners..
I usually use firefox (Awesome) as it has not been hugely effected by the virus.. however as it does not use activeX the online scanners have to be used on IE7+8.. IE7+8 has been completely ruined by the virus and almost impossible to use.
PLEASE HELP!! :P
I have run HIJACKTHIS and the report is:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joshua Higgins\Desktop\Hijackthis\HijackThis.exe

  kindly 16:03 06 Apr 2008

Post your hijackthis on thier site and someone will come back to you. I did and got sorted. I opened my Task manager and googled all processors running and the one that was causing me problems was there.
In the end i had to use a program called "move on boot" to get rid of it. Then after i was sure everything was ok i had to get rid of all my system restore points so it was not hidding in there as well.
Hope this helps you.

  Tj_El 16:06 06 Apr 2008

Hi Joshuahiggi,

You may be better off posting this issue on the Wilders Security Forum (
click here) as they deal with issues such as these in the main.

I can highly recommend them as I have had to use them in the past and they do know how to help plus they will give you relevant information on how to keep and stay as safe as possible while on-line.

Hope you get rid of the virus quickly! Good luck!

Tj_El

  Joshuahiggi 16:07 06 Apr 2008

Ahh thanks Kindly, how long did it take for them to reply?
Its very urgent as i have to send photos of to the BBC and its stopping me...
Cya and thanks for the quick reply :)

  Joshuahiggi 16:08 06 Apr 2008

and thank you very much Tj_EI :)
I was writing the last message as you posted yours :)

  kindly 16:09 06 Apr 2008

It can take a couple of days because they go into it with you. Try Tj advice you might get done faster.

  tullie 16:41 06 Apr 2008

Incidently,what have you used to scan your computer?

  Tj_El 16:59 06 Apr 2008

Hi Joshuahiggi,

It's a site with volunteers very much like this site so you may get a quick response i.e. today or you may get one tomorrow - it very much depends. But what help you get will be of great help to you so stick with them.

  Joshuahiggi 17:08 06 Apr 2008

I Have used NOD32, AVG, ANTI-VIR, Kaspersky, bitdefender, f-secure, jotti, HouseCall, panda, onlyfreeantivir, and Avira..
most of em found viruses... but some still remain..
Did this site have PORN ads before?
Cus the virus have smothered all my sites with them..... -_-

  Ditch999 17:39 06 Apr 2008

Did you run all your scans in Safe Mode?

  Joshuahiggi 17:42 06 Apr 2008

Yeah, both normal and safemode

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment créer, modifier et réinitialiser un compte Apple ?