Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 3 of 3 Posts

3 Posts
Discussion Starter · #1 ·
hello, usually when i have trouble with my computer i clean install windows XP, also this time i did that but it was of no use, even after i made new partitions and formatted the partitions. the problem is that i get QQ popups on the websites i am visiting (not all though) and when i scroll down the popup will stay in the right corner (after a while there will be a second one that stays in the left corner). ever since i reinstalled XP and downloaded firefox (via IE) i also have the problem that IE will open with some Chinese ads. the QQ ad also takes the place of some ads that are usually on the websites. when i reload the site, the QQ ads do not always return. I always ran free AVG to scan for viruses but i can't anymore somehow because when i update the virus database it tells me that the file is damaged. in my attempt to get rid of it i downloaded spybot s&d, it tells me about a 1000 errors concerning C:/windows/system32/drivers/etc/hosts cannot be checked because it's being used by another program. before i re-installed my XP i experienced that it got more and more difficult to actually open a website through a link on a page. sometimes it was necessary to click at least a few times and sometimes it was just impossible. I tried to make my HJT logfile (although it started also with an error message about 01 hosts file redirection and after it saves my logfile it crashes) and the i found out that the HJT logfile is empty.

the sdbot logfile says:
Error during check!: Microsoft.Windows.RedirectedHosts [61] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()

Error during check!: Microsoft.Windows.RedirectedHosts [62] (Cannot open file "C:\WINDOWS\System32\drivers\etc\hosts". The process cannot access the file because it is being used by another process) ()

this about a 1000 times always changing the number in the brackets [61]

i tried to install HJT again but with the same results. i did include a screenpic of my taskmanager , i hope it's of help (i am using a no brand chinese schoolcomputer1.7ghz celeron 40 gb hd 384mb ram)
would be thankful for some help of course!


3 Posts
Discussion Starter · #2 ·
first of all here is my HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:43:41 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gyzz\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ~.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D87E8799-A450-45D5-871E-2782A5FF24DD}: NameServer =
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

End of file - 2345 bytes

After I reinstalled windows xp sp2 i installed firefox and the free AVG virus software again. i updated the virus software once and it worked fine. it was ok for a few hours, then i installed adobe flashplayer to view some websites and now the problem is back again.

1. popup ads from QQ
2. IE explorer opens with QQ ad websites

ever since the problem is back i cannot update my AVG virus database: it says the update is damaged. i did a virus scan for on my external harddrives but it could not find anything. when i reinstalled windows i first deleted the partitions on my harddrive and formatted them again. i hope with my HJT log the problem can be clearer. thanks in advance for help

3 Posts
Discussion Starter · #3 ·
i have just heard that all the computers in our school have viruses. i am not sure but my guess is that the server of the school might be infected and sends its viruses to all the computers on their LAN. could this be the case or is it something else. if so what can i do about it? I'm fine with reinstalling my OS again if that would make things easier. anyway i hope somebody can shed some light in here!
1 - 3 of 3 Posts
Not open for further replies.