i think i may have a virus, or something worse.

three .exe files appeared on my desktop after a (what i believed to be) a safe download, called d1.exe, d2.exe and d5.exe. i deleted these files and emptied the recycle bin.

a pop-up system message then popped up saying spoolsvv.exe has encountered an error and has had to close. i tried searching for this file (to delete it) and my search facility is blocked. i tried to run my anti-virus software, and spyware software, and as soon as either starts scanning a message pops up saying that the pc will close in 60 seconds.

though sometimes the pc just crashes & switches off.

i've attempted to system restore, but as soon as the system restore begins, the computer crashes & switches off immediately.

i've tried to install autoruns (AutoRuns for Windows v8.61) in hope to counter the problem, but a pop-up arrives saying my current security settings do not allow this type of file to be downloaded.

have booted in safe mode. still unable to system restore & search for files. when i run any antivirus/spyware software it still turns off in 60 seconds.

i'm really stuck as to what to do next! i desperately need a working pc (student in final 4 weeks of uni!) so any help would be greatly appreciated.

kindest regards.

hello retrocircles, and welcome to the forums..... if you could click the 'prework' link in my signature and follow the steps there, you should come out with 3 logs to attach; a spy sweeper log, an AVG log (be sure to choose ‘delete’ or ‘quarantine’ for all that it finds), and an HJT log. Please attach all 3 as .txt files, and I will be more than happy to parse them for you. Sooner you can post those, sooner we can get this cleaned up for you.



Thanks,
v

thanks in advance for your help.

i had some trouble saving the log files of both avg and spy sweeper. the buttons weren't where the instructions stated, i think it may have been because the versions i downloaded hadn't been updated & were old versions. but i couldn't update since whatever is wrong with the pc, won't allow me to connect to the internet.

anyhow. i have attached the hijackthis! log. i did run both avg & sypsweeper (sheesh they both took long) and quarantined/deleted anything they found. i hope just the one log file is useful.

thankyou again.

Attached Files

hijackthis.log (13.1 KB, 8 views)

yup, you're infected.....let's start with SAS, and go from there.

Please download SUPERAntiSpyware Home Edition (free version)

• Install it and double-click the icon on your desktop to run it.
• It will ask if you want to update the program definitions, click Yes.
• Under Configuration and Preferences, click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
• On the main screen, under Scan for Harmful Software click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right, under Complete Scan, choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.
• To retrieve the removal information for me please do the following:
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
  • Click Preferences. Click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything in the notepad, then right-click and choose copy.
• Click close and close again to exit the program.

Please paste that information here for me with a new HijackThis log.

thanks,

v

have attached the superantispyware log, and also a new hijackthis log.

thankyou again.

Attached Files

	hijackthis2.log (13.3 KB, 2 views)
	SUPERAntiSpyware Scan Log - 04-18-2007 - 20-34-51.log (7.6 KB, 1 views)

okay, getting there....still something I don't like, and let's try this; if this doesn't work, we'll hit it with a really big hammer.

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please attach C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

i ran vundofix and it found no files.

i'm not sure if that's a good thing or bad!