Hey everyone. Just yesterday,my computer started acting weird. Avasts on-access (or the thing that scans what your on) stopped working for the mail. Then avast can’t update (and later found out that my Internet doesn’t work, same for my firewall). I did an avast scan and found nothing. I then Downloaded sophos, adaware, spybot s&d, and mbam. Sophos picked up 2 different viruses, mbam found one, and adaware found a popup and mass mailing worm virus, and mirar toolbar(tried to delete registries but it keeps coming back). Sorry, I can’t remember the names of them except for the ones adaware found. Even after I found them and quaratined/deleterd them, my Internet connection and firewall won’t work. ( I also scanned on safe mode) and just a few hours, my login screen won’t come up when I boot up my computer, so I’m forced to run my computer in safe mode. If anyone can help me or give advice (besides formatimng my pc) that will help me in removing these viruses, I will do whatever you want ::). So here it is again
Symptoms : can’t connect to Internet (even though cable is plugged in), avasts email scanner won’t work, firewall won’t turn on, login screen wont pop up when starting my cpu normally, and computer is running slow. Tried scanning with: avast (free home edition), sophos antivirus, spybot s&d, ad-aware, and mbam in safe mode. (btw, I downloaded all of these antiviruses from a cd, which I made two days ago :D, so they should be pretty up to date. But I can’t update it again since I have no Internet connection). I’ve unplugged my Internet cable and my CPU is in safe mode right now since adaware picked up a mass mailing worm (and a backdoor Trojan, which I quarantined) I can also remember that some of the files were called winsys.exe, and updater.exe in my system32 folder. Thanks for everyone that helps me, and I typed all of this on my iPod touch :P. Thanks again, cya. Edit: I scanned again and ad-aware picked up some stuff like mirar toolbar, bearshare, hijacker.InternetExplorerZoneHijack. I deleted them when adaware first picked it up, but it came back.
Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:
Alright. When you say follow the instructions, do you mean the instructions in the links? And what do the rescue disks do? Thanks. If anyone else has any ideas (besides formatting) please post. Thanks.
As man, now my CPU cant read clean discs (but they can read ones with info on them).
I scanned my cpu again and sophos had an error saying : scanning “C:/windows/system32/drivers/sptd.sys” returned SAV interface error 0x0040210: The file could not be accessed. What does this mean?
Yes.
Will allow scanning of the XP system before booting… and cleaning.
Ok, and is there a reason why my CPU can’t find empty discs? (it says there’s no disc inserted when I bust put one in) but it can find discs with info on them.
Please elaborate… not following you. Which is CPU here? The computer?
Empty discs? Blank CD/DVD?
sorry, yes I mean blank (empty) cd/dvds. And I mean the computer (CPU) that has the viruses. And also, the spdt.sys in my system32/drivers that can’t be scanned, does it mean that it’s a virus/ is infected?
avast! will normally give the reason why it can’t be scanned.
See http://forum.avast.com/index.php?topic=35347.msg297170#msg297170 this topic for more information on why files can’t be scanned.
Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned. Provided that is the reason is legitimate for the program it is associated with and that is what you have to find out.
Do you have Alcohol/Daemon tools installed ?Spdt.sys belongs to that software usually
I did a little searching on spdt.sys and it might be part of the virtual drive program I have installed. VirtualCloneDrive by http://www.elaborate-bytes.com
So googling the file name returns many hits relating to some programs, do you have either of the above ?
Yes, I have daemon tools and magiciso. I will try to make those recovery discs on another computer if that computer can detect the blank cd/DVD. And will one of the four rescue discs detect the hijacker.internet virus? Because i think thats the virus that isnt allowing me to access the internet. Thanks.
Only testing will say…
I don’t know if those programs specifically come with.use spdt.sys and if they would protect it in some way stopping avast scanning it. You didn’t mention wht avast couldn’t scan it as this really is the crux of the matter.
I would suggest you try running MBAM (link and info below) from safe mode and report the findings.
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Ok, but does anyone know the virus (name) that takes over my internet explorer/firefox and says that I have no connection (even though I go on my control panel and check my network connections). And is there also a virus that makes the login screen (when you start up your computer) dissapear? Can you please tell me the name of the viruses and if they can be removed using the recovery discs? (if the virus can’t be removed/ detected can you please tell me a program that will detect and remove the virus for me?)
Because I’m going to go over to my friends house and put them on a disc. So if the viruses don’t get detected, then im screwed cause it’s my dads computer 
and I won’t be able to access another computer for a while.
And how do you run the cd/DVD drive When the computer is starting up? You press F6 right?
sorry, one more question. Will the computer be able to detect the recovery discs? Because the infected computer couldn’t read empty CD/DVD discs.
Anyways, sorry for asking these questions when I should be asking this after I’ve scanned the computer and it didn’t work. Anyways please help me :-[ I’m becoming paranoid cause if I don’t fix it… Anyways please help me. Thanks everyone that’s helped me so far.
Edit: I’ve scanned again and found mirar toolbar even after deleting the registry from where it came from. Same with hijacker.InternetExplorerZoneHijack (I think this is the one that isn’t allowing me to access he internet even though I have a connection), can anyone please post a program or antivirus that will remove these viruses that keep coming back?
Sorry for acting like such a noob… Cause I’ve only got one chance :-[ and if the virus is still there after everything all of you have told me to do, then I won’t be able to do anything. (the only reason I’m able to post is because of my iPod touch) sorry again you guys .
Also, I dont think any of my 5 antiviruses aren’t detecting a virus/viruses and that’s what is downloading all of those viruses.
What is the database version of your MalwareBytes ? Open the program, click on update,and you will see it there. Download the latest definitions from the link and transfer them to the infected pc.Also download SuperAntispyware and the latest definitions, and transfer them onto the infected pc.To update SAS,Save the file to your desktop and double-click it to run the installer. Once the installation is complete, you must exit and restart SUPERAntiSpyware for the new definitions to be active…Run both programs in safe mode, and post back.
http://www.superantispyware.com/
My database version currently right now is 1456 (12/3/2008). LOL pretty outdated. I tried to download mbams update file but I couldn’t find it on the website. Thanks, I’ll put this into my USB stick/disc. And do you know the name of any virus that hijacks your Internet and says that your not connected even though you are when you to to network connections? Thanks again.
Yes InternetExplorerZoneHijack. The link I gave you is the one you need to update,I would advise you to install and run both SAS and MBAM.The latest database is 1526, use the links I posted
Alright, sorry just one more thing. Is there also a virus that doesn’t let the login screen pop up when starting up your computer? Cause I deleted some registries and 2 files from my system32 folder (I have the 2 files from the system32 folder are in a USB stick). And, for the recovery discs, can you put them on a USB stick just in case my cd/DVD drive doesn’t find the cd? Thanks. I just need these 2 more questions answered and I’ll be off :
Hey, sorry for bringing up this again, but what do you do if the virus has destroyed your system.exe (or something) in your system 32 folder and the computer wont start up. And it can’t run burnt discs? Can I put the recovery discs on a usb stick, and if i can, how do you run it? Thanks.
I don’t think this is possible, at least, for Vista.
Alright, thanks. So I can do this for Windows XP right?
I’ve found some pages in Internet about this… but it will be a preloaded XP system, requires a lot of configuration and knowledge… I’ve gave up in the past and never tested again.
I’m not sure this is really possible.