Photobucket Virus?

Buffman · Post by **Buffman** » Mon Feb 22, 2010 7:01 am

run this program and paste the log:

http://www.gmer.net/

Mattheww044 · Post by **Mattheww044** » Mon Feb 22, 2010 9:44 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 00:37:05
Windows 5.1.2600 Service Pack 2
Running: 07pz6rni.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axxoapog.sys

---- Kernel code sections - GMER 1.0.15 ----

? pkshbhxa.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[1888] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 0316A939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll

---- EOF - GMER 1.0.15 ----

Buffman · Post by **Buffman** » Mon Feb 22, 2010 8:46 pm

I'd have to say pkshbhxa.sys, 07pz6rni.exe, and the axxoapogo.sys files are what's causing your problems.

I have never heard of either of those system files, and they do not sound legitimate. Will it physically let you find and delete those system files? or disable that 07pz6rni.exe?

Right click my computer and go to properties.
Go to hardware tab and click on device manager. Under View click view hidden devices. Go to non plug and play drivers. Look for any of those instances that log found, and disable them if possible. See if Internet access returns.

The key indication of the problem is that .sys file sitting in a temp folder. Sys files don't sit there. Can you run CCleaner and delete it? Right click on my computer and go to the restore tab. Turn off ssytem restore for the time being.

Mattheww044 · Post by **Mattheww044** » Tue Feb 23, 2010 8:40 am

Ok... I went to device manager andnits competely blank. Went to view hidden devices and still nothin

fishbone79 · Post by **fishbone79** » Tue Feb 23, 2010 1:31 pm

If I were you, I would just get your files off and reinstall windows. You probably could have done it twice in the amount of time you've spent chasing this thing around, and the fix is going to be complicated. A fresh install always runs faster anyway.

Buffman · Post by **Buffman** » Tue Feb 23, 2010 7:21 pm

the only other program I could recommend running is combofix. Or install ms recovery console (or run from disk) and delete those .sys files mentioned in the GMER report along with that exe file.

Malware has gotten very complicated. as Fishbones states if you don't want to spend anymore time, you're almost better off reinstalling windows.

Mattheww044 · Post by **Mattheww044** » Tue Feb 23, 2010 8:25 pm

Ya. The only thing is I don't have the install disc anymore......

Buffman · Post by **Buffman** » Wed Feb 24, 2010 4:12 am

well run combo fix and see if it will delete those mentioned files. You can download recovery console. Or you could even try Microsoft Security Essentials program also.

Mattheww044 · Post by **Mattheww044** » Wed Feb 24, 2010 4:14 am

at this point I would honestly rather save my music and pics to a CD and start from fresh. What exactly are recovery console and MSE?

Buffman · Post by **Buffman** » Wed Feb 24, 2010 7:23 am

recovery console allows deletion, copy, insertion, and Fixing of your OS before it loads aka like DOS...

MSE is a antivirus/malware free software suite.

Mattheww044 · Post by **Mattheww044** » Wed Feb 24, 2010 9:10 am

hmmmm... well what do you thin would be the best way of "restoring" my computer without a recovery disc? I don't have ANY of the discs... this comp is like 8 years old, still runs good though when its not infected haha

Buffman · Post by **Buffman** » Wed Feb 24, 2010 5:16 pm

without the disc you're pretty much hosed. You could download keyfinder and get your product key, and see if one of your friends will let you borrow their OS disc.

That or remove those files listed in the GMER report. They are more than likely the cause of your infection as stated earlier, because of their location, and oddball naming structure.

Mattheww044 · Post by **Mattheww044** » Wed Feb 24, 2010 9:59 pm

Yea. I searched for them to try and remove but no luck. I'll see what I can do

Buffman · Post by **Buffman** » Wed Feb 24, 2010 11:50 pm

recovery console is about the only way to remove them or use combo fix, as they will hide themselves fairly well.

Mattheww044 · Post by **Mattheww044** » Mon Mar 01, 2010 9:01 pm

ok, i finally got ahold of my computer-smart buddy. He said it would be much easier to just re-format it, so I will just have him do that for me. Time to start moving all my pics/music to a disc!!

Buffman · Post by **Buffman** » Tue Mar 02, 2010 2:07 am

just make sure to use keyfinder to grab your product key off the PC before you re-format.

Mattheww044 · Post by **Mattheww044** » Tue Mar 02, 2010 6:17 am

ok thanks will do. Thanks alot everyone for your help!! Malware FTL!!!!!!!

Mattheww044 · Post by **Mattheww044** » Wed Mar 17, 2010 6:41 am

finally got my damn computer back, my friend reformatted it for me and put windows 7 on here. It should work fine until I can afford a new one!

legacycentral bbs

A forum for 89-94 BC-BF(BJ) Legacy Owners and Fans

Photobucket Virus?

Re: Photobucket Virus?