virus help please firewall.exe

[prenton01]

Hi all

 

i have a virus on my laptop and have tried various things but cannot get rid of it

 

my laptop is connected to internet but will not display any page

 

cannot update and programs including avg as error comes on saying no connection to internet

 

firefox opens to blank page not the homepage which is set to google and will not open any webpage just stays blank

 

ran avg and had following infections

 

c:\\windows\system32\hcqmhteg.exe trojan back door generic_r.dz

 

c:\\windows\system32\hcqmhteg.exe trojan back door generic_r.dz

 

c:\\windows\system32\bxkik.exe trojan back door generic_r.dz

 

c:\\windows\system32\hbxkik.exe trojan back door generic_r.dz

 

when i select all to heal all it asks if i want to force removal so i click on yes

it then says files could not be healed as specified file cannot be found

 

tried deleting the files straight from system32 folder but would not let me says file is in use

 

can anyone help please

 

oh sorry i have XP proffesional on laptop

 

Tony

Edited February 6, 2009 by prenton01

[maynardvdm]

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark C:\Fixed Drive.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[BeeCeeBee]

Have you tried to connect to the internet using safemode with networking?

 

Have you tried to do a system restore to a point before this all began?

You are going to have to disinfect that machine and it is much easier to do if you can get some limited access to the internet.

 

If you know that you have actually identified the offending files you may try a reboot into safe mode and try to remove them as your very first step. Be sure that you know what you are deleting and be aware that even if it helps it is not an overall fix.

 

This was posted after then maynardvdm post above and without my having seen it, (sorry Maynard.) If you have no internet access you will need to download the programs onto discs or other media and install them from there. Two will have to be updated. The links are as follows.

 

http://www.superantispyware.com/definitions.html

 

http://www.superantispyware.com/definitions.html

 

 

The above process is exactly what you need to follow so, if you can attain access to the internet so much the better.

Edited February 6, 2009 by BeeCeeBee

[prenton01]

Thanks people

 

I did try a system restore but to no avail

 

have started the process that maynardvdm posted currently running Malwarebytes' Anti-Malaware it wouldnt update as anything that tries to update says that no internet connection available even though i am clearly connected as my skype is connected

 

i am dowloading the files on to my external from my wifes laptop then running on my laptop

 

will let you know how i get on

 

Tony

[Dalo Harkin]

tried deleting the files straight from system32 folder but would not let me says file is in use

 

You would need to kill the process before you could delete it.

 

AVG is shockingly bad AV - I would suggest you have a look at new AV software

[prenton01]

I do have a copy of trend micro pro i won it in a competition was going to put that one when all thjis is sorted

[Match]

AVG is shockingly bad AV - I would suggest you have a look at new AV software

 

I'll second that from experience

[Dalo Harkin]

Yeah - you are not in a good position - as AVG could be the only thing at the moment holding it back -

If you didnt have a Virus on the machine, I would advise removing AVG and installing Trend - but you cant do either at the moment.

 

We dont normally recommend it, but I would install Trend and then remove AVG and restart.

[prenton01]

Thanks everyone

 

ran through all the checks and deleted loads of infections, internet is running good again and laptop is running as it was but AVG is still coming up with trojans after all the scans when the laptop is turned on

 

i am going to put trend on it see if that helps

 

any other suggestions ??

 

thanks

tony

[BeeCeeBee]

Does the fact that you are back on the internet mean that you were able to run the eset on line scan? If not do so.

 

Also take a look at the attached.

http://extremetechsupport.com/forum/malware-removal-av-firewalls-etc/3597-free-pc-help-recommended-security-products.html

[Plastic Nev]

Hi Tony.

As an also, before installing the Trend, uninstall or at the least disable the AVG, they may conflict with each other if you don't.