Ok, so here is my problem. I was on Myspace looking at a music artists’ photos, when all of a sudden, my anti virus program (Avast Professional Edition, the one that you buy) pops up and tells me a whole bunch of viruses are invading my computer. After this occurrence, my internet has been really slow and unresponsive. Never again will I go on Myspace.

So over the past 5 days or so, I have been virus scanning my entire computer about 10 times, and my anti virus cannot find any more viruses. I have also done anti-spyware scans and I have eliminated a bunch of spyware, too. The problem hasn’t gone away, though.

When I say my internet has been really messed up, I mean this: My anti virus’ script blocker and all of the other blockers are on their highest settings along with Firefox’s pop-up blocker, and I still get pop-ups, something I have almost never gotten before.

Besides this, when I try to visit websites, my Firefox error console gets riddled with error messages telling me it doesn’t recognize or can’t read a certain part of a website and it says “Declaration dropped.” For example, on youtube, I looked on the error console and it said this: “Unknown Property ‘zoom’. Declaration dropped.”

Also, when I tried to install a registry clean up software, I got a message saying that the download wasn’t a valid Win32 application or something of that sort. The download was from www.download.com, for the record. I eventually got one installed, but my internet hasn’t shown any signs of improving.

By the way, when I typed in Firefox’s website to try to re-install it, the website wouldn’t load. It just wouldn’t. Also, Google Chrome and Internet Explorer aren’t any faster. In fact, most websites don’t load for me at all. I can’t check Email. On YouTube, the page itself will load, but when I click on a video, I get a black video window with a swirling load icon that would have stayed there for hours if I has just left it there.

What I also found quite intriguing was that whenever a pop-up appeared on my internet while using Firefox, it would say at the top of the window “Internet Explorer” despite me not being on Internet Explorer.

Also, I have tried to do a System Restore to multiple points within the past few months and every time my computer starts back up, I get a message telling me “Restoration Incomplete.” The funny thing is that I am never told why.

My computer can still play video games and do almost everything else that doesn’t include the internet just fine, but my internet is just so messed up.

I have the disc for the operating system I am running (Windows XP Professional), so I could re-install my operating system, but I really don’t know a lot on this subject so I am waiting for advice on what to do.

One more thing: I have reset my router about 5 times and it has done nothing to help the problem.

Can someone please help me? My computer’s internet has never acted this way.

Thank you!!!

Have you tried

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, then click the “remove selected” button to quarantine anything found and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

you may post the scan logs here

@ jaxter9000
What would help us to help you is some information the “whole bunch of viruses are invading my computer.”

What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

• Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

Hi

If you run these scans and post the logs, I’ll have a look.

Download OTL to your desktop.

[*]Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output
[*]Check the boxes beside LOP Check and Purity Check.
[*]In the window under Custom Scans/fixes, copy and paste the following bold text

%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%*. /mp /s

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in or attach them.

NEXT

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

Download GMER Rootkit Scanner from here or here.

[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
[*] If it gives you a warning about rootkit activity and asks if you want to run scan…click on NO.

http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif

Click the image to enlarge it

[] In the right panel, you will see several boxes that have been checked. Uncheck the following …
[] Sections
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “Gmer.txt” or it will save as a .log file which cannot be uploaded to your post.

[*]Save it where you can easily find it, such as your desktop, and post it in your next reply.

Caution
Rootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries

.
Please post back with
[]OTL log
[]GMER log

Thanks

Hi, this is in response to DavidR, I have the notepad file, but it is really huge. DO I ned to split it up into multiple posts?

delete

come on knock it off you could have posted all of this in an attachment file way to up your post count.

wait what??? no seriously i had no idea

I’ll go back and delete all of the posts, where is this attachment file??

just place your notepad logs in a folder then either winrar them or zip them and use the attachment option in your reply thank you

All you needed to do was to copy and paste the relevant parts (as there is no way anyone is going to beaver through all those posts) what I asked for was the information related to the ‘detections.’

The file is arranged in chronological order, the most recent at the end of the file.

I wouldn’t worry about attaching the file either, as in its raw state it would be just as large and hard trying to find ‘just the detections’ and not any other error items.

I would suggest abandoning my request for more information on the files detected and concentrate now on the more productive work of analysis in oldman’s post, http://forum.avast.com/index.php?topic=52433.msg443909#msg443909.

Ok, here is the relevant info from that file (attached) I’m working on olman’s program now. My infected computer will not download anything off of the internet due to the virus. When I load it on Firefox, the “open” button is grayed-out. I have to transfer the file with a flash drive from the laptop I am currently on.

hi jaxter,

can you please now delete the content of you past posts, just write delete in each instead, as you can’t delete as a user, and a mod will clean this

Ok, I’ll do that. Sorry again.

Hi jaxter9000,

If you are using another computer to transfer tools and files, please do this first on the clean computer. We will try to protect it and the flash drive.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
[]Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
[]The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
[*]Wait until it has finished scanning and then exit the program.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.

.
When transfering to the infected computer, please make sure to transfer the tools directly to the infected computer’s desktop.

Thanks

Thank you oldman, I will do that. My scans are almost done for the two programs you suggested. Do I split them into files that are less than 200kb and upload them onto my post?

Hi jaxter9000,

They may be fairly long, you can attach them if you wish.

Ok, just to make sure, which would you prefer - I copy and paste the text, or, file upload at the bottom of the post?

OK jaxter9000 I looked at the more concise report.txt.
Looks like the site that you visited hXXp://good-task.com on the 17/12/2009 was hacked, but the abort connection should have stopped that getting on the browser cache. So I’m not sure if this was the start of the whole Vundo thing, but possibly.

The following day is when the Vundo detections start, what is most noticeable from this information is that you use the Administrator account rather than another user account and preferably a limited user account. Once malware gets on your system it can inherit the privileges of the account you are using. If that is ‘The Administrator’ account there is little that it can’t do given that level of permissions.

So that is something which you are going to have to address once you get free of this. For now just concentrate on oldman helping you, the above can be addressed when things calm down.

Ok, so while I was on a walk, GMER apparently finished and restarted my computer. There is a text file called “Extras” that popped up during the scan. Is that the one I should post?

UPDATE: Just now, when my computer restarted, I got a pop-up window that said Windows has recovered from a serious error. Also, this website came up.

Second update: Firefox froze on my infected computer, so I closed it. After I tried to re-open Firefox, my computer froze and I had to restart it.

Third update: After my conputer restarted on me the first time and now on the second time, I got a pop-up window that says on the top “DLL”. It says,

"error loading c:\windows\system32\loseteni.dll

Access is denied"