#1
  1. I love your chinese eyes :*
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2006
    Location
    Her heart... she claims!
    Posts
    1,668
    Rep Power
    1049

    IE and Firefox are hit by virus


    Hi

    I installed fresh windows on one of my PCs at home. I thought to install Anti-Virus later. Meanwhile my brother used internet on it and I am not sure what he visited but now the IE is corrupt. It is showing .exe icon instead of IE icon and when i click it, it opens many windows. Also when I right click on some file and click OPEN WITH I see a new message in the available option "refer your friends" which I believe is what has struck the system.

    I installed firefox on it. As soon as I opened a new FF window, it opened 18 windows with some email in it in addition to one FF window with mozilla home page. Rest of the 18 windows have some email written to China .cn domain.

    I am very upset with all this. Can anybody help me how can I kick out this from my PC and restore my PC? I tried to restore it from System Restore but that also failed.

    One more thing I have noticed that as soon as I start windows and check processes I see RUNONCE.exe which I guess is some virus. I kill it but it comes again very quickly.

    I went to msconfig and start services and checked it but there is nothing additional which starts with window.

    I also went to regedit but I dont know what to do with that

    Your help is highly appreciated.
  2. #2
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    I installed fresh windows on one of my PCs at home.
    How long ago? If it was me I would just format and start over. And do it right this time.

    Give me some feedback and if formatting is not an option I will see what I can do.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #3
  5. I love your chinese eyes :*
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2006
    Location
    Her heart... she claims!
    Posts
    1,668
    Rep Power
    1049
    formating is a very scary option for me because once I did it and my pc started to give hardware conflict and I wasn't able to install window on it.

    I paid some hardware guy to fix it. Can you guide me to fix it without formatting?
  6. #4
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Lets take a look.

    Download Deckard's System Scanner. HERE

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, a text file will open - Main.txt
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread Here.
    5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
    6. Attach Extra.txt to your post.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What Deckard's System Scanner will do:

    * create a new System Restore point in Windows XP and Vista.
    * clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    * check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


    When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

    Please post both of the logs.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #5
  9. Not much of a contributor
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2006
    Location
    Hidden
    Posts
    1,012
    Rep Power
    1092
    RUNONCE.exe. Well, it only means that some installation did not finished successfully. It isn't a virus, in fact it is necessary for some programs to work. What is your operating system? If it's XP, is it on SP2 already?
  10. #6
  11. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Originally Posted by zynder
    RUNONCE.exe. Well, it only means that some installation did not finished successfully. It isn't a virus, in fact it is necessary for some programs to work. What is your operating system? If it's XP, is it on SP2 already?
    There is a problem and lets just wait for the logs before making any suggestions.

    Comments on this post

    • aitken325i agrees : Exactly
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  12. #7
  13. I love your chinese eyes :*
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2006
    Location
    Her heart... she claims!
    Posts
    1,668
    Rep Power
    1049
    hi

    Sorry for the late reply. I was out for my IELTS exam. I installed panda and it fixed most of the issues. However, today I'm going follow your instructions and will get back tomorrow.
  14. #8
  15. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    I will be here
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  16. #9
  17. I love your chinese eyes :*
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2006
    Location
    Her heart... she claims!
    Posts
    1,668
    Rep Power
    1049
    Buddy ..................

    I installed the scanner and then switched off the pc as I had to do some stuff. When I switched on my pc later time the windows is not starting. Every time the windows starting screen appears but as soon as it comes to show the administrator login screen, the system displays a BLUE screen with some white text written on it pointing to some sectors and memory error then it restarts itself. I tried to restore it by "last known good configuration" but that doesn't make any difference.

    please guide me to recover my pc and let's forget about anti-virus
  18. #10
  19. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    I HATE to say this. You have some issues that I wont be able to even think about fixing unless the computer can boot up.

    I could offer some ideas but they might make things even worse.


    But for starters do you have your Windows CD??
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  20. #11
  21. I love your chinese eyes :*
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jan 2006
    Location
    Her heart... she claims!
    Posts
    1,668
    Rep Power
    1049
    Originally Posted by Porthos
    I HATE to say this. You have some issues that I wont be able to even think about fixing unless the computer can boot up.

    I could offer some ideas but they might make things even worse.


    But for starters do you have your Windows CD??
    Yup, I do have many windows CDs. Please tell me the next all steps in one go I dont want the sword hanging ...
  22. #12
  23. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Ok all in one go it is.

    I would reformat that machine. Easy and painless and and the best choice.

    If you still want to mess with it you could try a repair install. If that gets us back into Windows we still have the infection to deal with.

    Your choice.

    Repair install instructions ....
    http://www.michaelstevenstech.com/XPrepairinstall.htm
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.


IMN logo majestic logo threadwatch logo seochat tools logo