Destroying a virus...

[Hyper Freak]

I have some kind of virus i think it is a botnet.I fight with it almost 6 month and it is gettin only worse.I dont have anymore idea how to fight against this smart virus so i will need your help.
It slows my pc a little but that is not the big problem, the problem is that it use too much internet.1h=1-2 gb internet.And it slows down my net speed to 32-40 kb/s when i download.It is too much and i cant afford that with my very limited internet.I care only for 2 things on my pc and that is to have Fast pc and fast internet, i know how to make my pc fast but this virus makes a problem with the internet.I need to destroy it so i can get my internet speed back.Iam online user all i do is online,all my files are online all i do is made with online tools. Thanks to avira i found that i uses explorer.exe process to connect to the internet.I think that there are no other files who are infected since today i found 2 files called explorer in windows folder.I need to find a way how to destroy it forever coz everythink is infected my usb/s my mobile phone/s my cd/s everything.
I tryed a lot programs here are some of them: Kaspersky, avira 9, avira 10, Ashampoo Antimalware, Eset(all products), AVG, Avast, Panda(almost all products from cloud to internet security..), Malwarebytes and etc...
I scaned explorer.exe file with few online scaners and scaned my pc with online scaners also but they dont find anythink.I will format my pc in few hours and hope with your help i can destroy this smart piece of code and get my cyber life back to normal.
Thanks for your help.
Hyper Freak

 

[ElItE_HaXoR]

download hijack this, find the processes and also the name of this virus and kill it manually, anti viruses are kinda useless lol

 

[raghuram]

iam getting problem with WIN32 HOST GENERIC,DOES HIJACK ROMOVE VIRUS?

 

[Hyper Freak]

Here is the log file:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:34:49 AM, on 8/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer[B].EXE[/B]
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE0A7AA-BEF8-4D49-82FD-5E37C36526E9}: NameServer = 62.162.32.6 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E79646B6-4248-410E-9EF1-34C3AFFCB875}: NameServer = 62.162.32.5,62.162.32.6
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

--
End of file - 3143 bytes

I see what is the virus but iam not sure how to stop it.
I stoped the process and i think that....it works fine now..But my phone is infected.I dont think cleaning everytime after i connect somethink to my pc i good idea.Is there option to delete virus from my phone and usb too?
Thanks..

 

[RT]

Hijack removes w/e u want it to remove, careful not to remove an important file.

That explorer file seems to be infected hyper

 

[Flash]

Do the following:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

 

[Mind Freak™]

Use Unlocker to unlock the file which is being infected i.e if you arent being able to delete the file

and go for a better protection like
Avira (It Detects Anything and everything ) + Comodo Firewall + Roboform (Password Manager) + Keyscrambler (Anti Keylogger)

These dont stop the infection just holds them up
If the file is 100% FUD
U will surely get infected but if u use a firewall u come to know which program u have downloaded and u are trying to install is trying to access the internet connection if it is a unreliable source so better not use it

 

[w3bpr0jectz]

scan with malwarebytes. it's the best software for fighting this kind of things.

 

[NewEraCracker]

Use Malware Bytes AntiMalware as other said.
It saved some friends computer many times.

Also if you use warez I advise u to test warez in a virtualbox and run keygens sandboxed.


Good luck.

Regards,
NewEraCracker.

 

[Hyper Freak]

Malware bytes=tryed dont works.For now virus removed.Looking for some way how to remove the virus from my phone and usb coz everytime i connect phone to pc i will be infected again.
@mindfreak dont use and i wont use any av.I download av for testing only.I have bad pc and it is little slow with av so i preffer to be without av.I can only use Ashampoo Antimalware since it is the only av program that doesnt slow my pc If i suspect in a virus i download portable version of kaspersky or bit defender.

 

[barcodenation]

I don't know how to get it off your phone, but i do know that these programs work well to stop usb viruses from getting on your device and/or infecting your computer further... USB Drive Antivirus, Panda Research USB Vaccine. They might work on your phone too I don't know, but they removed the viruses from my jump drives and helped stop them from spreading on my PC.

 

[NewEraCracker]

You should boot your computer in safe mode with command and right after windows starts booting plug your infected drive.

Then u should when u get to cmd find the USB drive.

d:
cd\
dir /A

Is this your USB drive, if yes skip next attempt to find it?

e:
cd\
dir /A

When u find drive perform.

attrib -r -h -s autorun.inf
del autorun.inf
mkdir autorun.inf

Look for files in root with exe extension? do they have H or S attributes?

you can find this by running:
attrib

PS: After that autorun steps above u can boot in normal mode as virus will not probably be automatically executed.

 

[Hyperz]

Install Linux and get it over with. Some virusus are damn near impossible to remove because they run in the kernel space. Meaning they get executed even before drivers get loaded, let alone AV software.

 

[Exel]

I have some kind of virus i think it is a botnet.I fight with it almost 6 month and it is gettin only worse.I dont have anymore idea how to fight against this smart virus so i will need your help.
It slows my pc a little but that is not the big problem, the problem is that it use too much internet.1h=1-2 gb internet.And it slows down my net speed to 32-40 kb/s when i download.It is too much and i cant afford that with my very limited internet.I care only for 2 things on my pc and that is to have Fast pc and fast internet, i know how to make my pc fast but this virus makes a problem with the internet.I need to destroy it so i can get my internet speed back.Iam online user all i do is online,all my files are online all i do is made with online tools. Thanks to avira i found that i uses explorer.exe process to connect to the internet.I think that there are no other files who are infected since today i found 2 files called explorer in windows folder.I need to find a way how to destroy it forever coz everythink is infected my usb/s my mobile phone/s my cd/s everything.
I tryed a lot programs here are some of them: Kaspersky, avira 9, avira 10, Ashampoo Antimalware, Eset(all products), AVG, Avast, Panda(almost all products from cloud to internet security..), Malwarebytes and etc...
I scaned explorer.exe file with few online scaners and scaned my pc with online scaners also but they dont find anythink.I will format my pc in few hours and hope with your help i can destroy this smart piece of code and get my cyber life back to normal.
Thanks for your help.
Hyper Freak

Just reformat. It's simple

 

[Hyper Freak]

I know linux will save me from viruses but the problem is that iam not the only one who use this pc.My brother use this also and he only play games.I know i cant play some games with wine but he is young and it is little complicated for him.Linux is not my way..Not for now..
I tryed to install linux but with 222mb ram i cant do a lot.I had ubuntu 7 or 8 iam not sure whitch version and i wasnt able to load the live cd.It takes loot of time to start and it freeze after it loads
Any sugestion what linux to use?
@Exel it is simple to write that but not simple to do that.Yes i tryed formated pc and next day i connect my phone and my 'Friend"(virus) is here again.
And btw HiJackThis seems isnt helping a lot.I destroy virus now but after i restart pc virus is here again.
I had 2 explorer.exe files deleted the one who was virus but somehow virus is still here.. (

 

[ElItE_HaXoR]

i had this same virus as well, reformat as already has been suggested, linux is ok if you code all day and do boring shit, if you want usable applications and games you need windows lol

 

[greatseeder]

Backup everything you wanna keep. And Reinstall

 

[Hyper Freak]

I aredy reinstaled my windows.But it is still here. I reinstaled win about 5-7 times but no..i cant destroy him..
And if i choose linux does my cracking tools wont work right?

 

[brainst0rm]

i had this same virus as well, reformat as already has been suggested, linux is ok if you code all day and do boring shit, if you want usable applications and games you need windows lol

Who says linux is just for coders? Get the latest ubuntu, you would forget windows and mac.

 

[dermechove]

ehh.
Can u upload a copy of files that u suspect that are the virus??
also try (if you know how) to sniff your connection to see what processes are using your Internet connection(and try to stop it or upload it).
try Linux is a better way to protect yourself.(you can dual boot that's so simple)