I think I have a virus

[snapper23]

:mad:Help please

pc was not working normally after a littlte investigating I ran

combofix.exe and this deleted

c:\windows\system32\_000003_.tmp.dll

c:\windows\Zqixya.exe

 

I also found a zfx.exe and zfr.exe which I deleted found running in taskmanager

 

then I ran hijack this and the following line was present

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\Program

files\nuafydlf\vbrrjduv.exe

 

I tried to delete it with hijack this BUT reappears when i scan again

I tried to delete the nuafydlf directory But I was not allowed to do this yet the folder appears empty

 

I then went onto the internet and tried trend housecall free scan service - BUT - it was not allowed to load,

kept saying you may net be connected to the internet

 

anyone out there that can offer help

regards

[RandyL]

An expert should be along to help you soon. Be patient please. This thread may get moved to the Security section. Just wanted to let you know.

[Starbuck]

Hi snapper23

 

Step 1

Combofix is a program that shouldn't be run just for the sake of it.

There are correct procedures to follow.

As you have already run Combofix,

Please include the C:\ComboFix.txt in your next reply.

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.
 
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT
 
 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

Once i have these reports, i'll move this thread if needed.

 

Thanks