Help with stubborn virus

  1. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    About a month ago I got a virus on my PC (running Vista), after running as many antivirus programs as I could get I couldn't get rid of it. I eventually read about autorun viruses and killed the autorun files on my external backup drive. Seemed to clear the problem for a while but it came back.
    Decided to reformat drive and install Win7. No problems for a couple of weeks but virus came back and now nothing will find it.

    Symptoms:
    On load there are several strings of coloured pixels around the screen which come and go.
    The screen will flash (on Vista) or close and restart (Win7) as graphics is recovered.
    The screen will distort and become very blurred.
    Eventually the screen shuts down completely but not the computer.
    The screen freezes and mouse stops working.

    I did consider that the whole problem was graphics based but the antivirus software shuts off (happened with Norton 360 on Vista and Microsoft SE on Win7)

    Malwarebytes scan in safe mode finds nothing.

    I don't know where to go from here - am considering buying a new pc, but if I don't know how the virus is getting in will it infect that?

    Sorry to ramble - any help would be greatly appreciated!
  2. samuria

    samuria Network Specialist Staff Member Moderator Elite Member

    Joined:
    Aug 15, 2009
    Posts:
    20,338
    Likes Received:
    1,461
    Location:
    Crewe Uk
    Local time:
    23:07
    My System
    Loading...

    Welcome to the forum. We have a tried and test system for cleaning pc's if you look in my signature below there is a link to our prework if you follow that and post the logs our team will help you remove any virus
    Gargoyle likes this.
  3. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    Thanks for that but I get the message:

    PC Help Forum - Error

    You do not have permission to view this page or perform this action
  4. Arctos

    Arctos You may call me Arctos. Elite Member

    Joined:
    Sep 28, 2006
    Posts:
    13,813
    Likes Received:
    3,945
    Location:
    24°52'28.39"S 152°20'20.82"E
    Local time:
    08:07
    My System
    Loading...

  5. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    That works - thanks
  6. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    Scan files attached

    Attached Files:

  7. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    Sorry if I'm being pushy - not sure about the protocols - but I can't help noticing that my problem seems to be the only one without a status flag (solved, pending, etc). Is there something I have failed to do?
  8. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    17:07
    My System
    Loading...

    I'm so sorry that your issue seems to have been missed. I've applied an OPEN tag to draw the attention of the Security team. Your patience is appreciated!
    Gargoyle likes this.
  9. Crush

    Crush Tech Member Tech Member Elite Member mvp

    Joined:
    Sep 28, 2008
    Posts:
    42,178
    Likes Received:
    4,382
    Location:
    New Jersey
    Local time:
    18:07
    My System
    Loading...

    Hi,

    Can you open Malwarebytes Anti Malware, click the Updates tab, choose Check For Updates, install any updates requred and then run a Quick Scan?
    Gargoyle likes this.
  10. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    MBAM run (in safe mode) - no malicious items detected.
  11. Crush

    Crush Tech Member Tech Member Elite Member mvp

    Joined:
    Sep 28, 2008
    Posts:
    42,178
    Likes Received:
    4,382
    Location:
    New Jersey
    Local time:
    18:07
    My System
    Loading...

    There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Please note that as long as you are using any form of P2P networking to download files you can anticipate infestations of malware to occur.

    P2P file sharing used to be fairly safe. This is no longer true; continue to use P2P sharing at your own risk!

    Keep in mind that this practice may be the source of your current malware infestation.

    References... citing the risk factors, of using P2P programs:
    How cyber criminals infect victims via P2P with pirated software on Vimeo
    Malware: Help prevent the Infection
    Perils of P2P File Sharing
    How to Prevent the Online Invasion of Spyware and Adware

    I strongly recommend that you uninstall:
    uTorrent

    You can do so using the Control Panel >> Add or Remove Programs function. However, that choice is up to you.

    As long as you have the P2P program(s) installed, per PCHF Policy, We can offer you no further assistance.

    If you choose to remove these programs, when finished: Please generate a new set of OTL logs and we'll go from there.
    Gargoyle likes this.
  12. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    I understand and agree - I have removed uTorrent (I hope).

    Attached Files:

  13. houndmom

    houndmom Trusted Security Analyst Silver Member

    Joined:
    May 26, 2010
    Posts:
    140
    Likes Received:
    49
    Location:
    NC , USA
    Local time:
    18:07
    My System
    Loading...

    Hello,
    Welcome to PCHF! I'm houndmom :) and I will be helping you with your Malware issues. Please note, this may or may not solve other issues you’re having with your PC.

    A few things to keep in mind as we progress:

    1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

    2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

    3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

    4. Please do not run any tools or fixes unless asked to do so by myself or a member of the Security Team

    5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

    6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    8. If you have any questions or issues please stop and ask! We are all here to help.


    IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    If you follow these instructions, everything should go smoothly :).

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

    To do so, when you click the [​IMG] scroll down until you see this:

    [​IMG]
    Make sure it is set to Instant Email Notification


    With that out of the way:

    Please download ComboFix [​IMG] from BleepingComputer.com

    Alternate link: GeeksToGo.com


    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  14. Gargoyle

    Gargoyle New Member Bronze Member

    Joined:
    Apr 24, 2012
    Posts:
    18
    Likes Received:
    0
    Local time:
    23:07
    My System
    Loading...

    I've run ComboFix. I followed the instructions for switching off MSE but it told me that it was still running (!?!), but I ran ComboFix anyway - log attached.

    Attached Files:

  15. houndmom

    houndmom Trusted Security Analyst Silver Member

    Joined:
    May 26, 2010
    Posts:
    140
    Likes Received:
    49
    Location:
    NC , USA
    Local time:
    18:07
    My System
    Loading...

    ok, that's better.

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    How is your computer running?
Similar Threads
Forum Title Date
External Hardware help identify monitor port Mar 28, 2014
External Hardware help looking for something Mar 26, 2014
External Hardware USB TV stick help Mar 20, 2014
External Hardware Help with gaming keyboard not being recognized Mar 11, 2014