Windows Help - Getting on my nerves

Windows Help - Getting on my nerves - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: Other (https://sampforum.blast.hk/forumdisplay.php?fid=7)
+--- Forum: Everything and Nothing (https://sampforum.blast.hk/forumdisplay.php?fid=23)
+--- Thread: Windows Help - Getting on my nerves (/showthread.php?tid=88592)

Windows Help - Getting on my nerves - rafay - 27.07.2009

Hi guys, long time since I'm posting.

I'm facing a really wired problem with Windows XP. Most of the services stops automatically after running for some time, I can't shutdown Windows with the "Shutdown" button. I've to switch it off. Whenever I start my computer, it works normally but after some time (10-15 minutes), suddenly the theme changes to classic then blue one then classic really fast. Just a matter of seconds. Then it stays on classic until I re-boot. I can't do anything! most of the services shutdown like Security Center, Audio Control, USB Ports etc...

Yeah, I've already scanned my computer for unwanted stuff like 20 times. With Avira and just now with Avast! Still the same problem. Avira detects some files like "x.exe" (IDK what's this shit). But I deleted it. Avast! doesn't detects these files.

Can somebody help me?

Thanks.

Re: Windows Help - Getting on my nerves - Mrkrabz - 27.07.2009

Hey rafay, seems like a Trojan, Or even a keylogger behind that. If your A-V's cannot detect it, another thing is a roll back untill the problem was not occouring, Or' im afraid you will have to format. Or on the other hand you can just put up with it and never enter any passwords/bank details :3

Re: Windows Help - Getting on my nerves - rafay - 27.07.2009

Quote:

Originally Posted by scorp1543

Hey rafay, seems like a Trojan, Or even a keylogger behind that. If your A-V's cannot detect it, another thing is a roll back untill the problem was not occouring, Or' im afraid you will have to format. Or on the other hand you can just put up with it and never enter any passwords/bank details :3

Ey, just now Avast! gave me a heart attack. (CAUTION!!! OMG A VIRUS HAS BEEN DETECTED! :3) I've moved it to the chest. Let's see what happens. It's C:\WINDOWS\System32\x\[UPX] (Malware)! OMG! damn! I reinstalled just a few days ago..

Re: Windows Help - Getting on my nerves - Mrkrabz - 27.07.2009

Too much porn mate, Anyway, see how you get on, and ill investigate into what that is.

Re: Windows Help - Getting on my nerves - rafay - 27.07.2009

Quote:

Originally Posted by scorp1543

Too much porn mate, Anyway, see how you get on, and ill investigate into what that is.

Dude, I don't do that. Just some torrents. But, I scanned them very well and they seems to be OK.

Re: Windows Help - Getting on my nerves - Mrkrabz - 27.07.2009

Okey, i got some information Remember use this at your own risk.

Download http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Open notepad and paste in

KILLALL::

File::
c:\windows\system32\mm.exe
c:\windows\system32\xj.exe
c:\windows\system32\drivers\yrfurtgx.sys
c:\windows\system32\secupdat.dat
c:\documents and settings\LocalService\cxuoum.exe
c:\windows\system32\ku.exe
c:\windows\system32\xk.exe
c:\windows\system32\44.scr
c:\windows\system32\qs.exe
c:\documents and settings\Faiz\Application Data\cugesyfuhy.vbs
c:\program files\Common Files\hyfuby.com
c:\program files\Common Files\igolup.inf

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\yrfurtgx.sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20 ,61,75,74,6f,63,68,6b,20,2a,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Updater"=c:\windows\system32\updater\explorer .exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dxdiag.exe"=-
"c:\\WINDOWS\\System32\\ku.exe"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9a444539-b7ac-11dd-a227-00804840618b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{aa8bf502-c144-11dd-a257-00804840618b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dd8ff266-07c5-11de-a355-00804840618b}]

FOLDER::
c:\windows\system32\updater

Driver::
yrfurtgx

Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

Drag CFScript.txt onto Combofix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Re: Windows Help - Getting on my nerves - Mrkrabz - 27.07.2009

Sorry for double post Also try this.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
http://www.besttechie.net/tools/mbam-setup.exe

or

http://malwarebytes.gt500.org/mbam-setup.exe

or

http://www.majorgeeks.com/Malwarebyt...are_d5756.html

Do a scan, and if it asks to reboot, do that straight away.

OH AND REMEMBER TO DISABLE AVAST!

Re: Windows Help - Getting on my nerves - .::: Ecko :::. - 29.07.2009

I had same problem,it's a virus.
I had to reinstall windows.

Ecko

Re: Windows Help - Getting on my nerves - Jese - 29.07.2009

Try downloading smit fraud fix.

Re: Windows Help - Getting on my nerves - -Sneaky- - 29.07.2009

That sounds like a really bad virus lol, I had a bad virus like this once, I couldn't get rid of it even after formatting it was still there o_O But I quickly realized that 'quick format' doesn't do the trick, so I fully formatted, re-installed Windows XP and it was all good

I suggest formatting your PC and re-installing Windows would be the best, if you really can't get rid of it, make sure not to press 'quick format' when you do it :P