Virus help!! please!

[Gr44]

Dear god, I swear if this doesn't get sorted soon I'm going to throw my bloody pc out of a freaking window from a great height!

Right, story...

Mate comes round and uses my 2nd pc ( one im on now ) and we play some games over the LAN, another m8 wants to join so i DMZ my pc so I can host a game so he can join over the inet - he cant connect and the Inet eventually goes down. I some how got a virus which spams my net connection so badly nothing else works. Fixed it from killing my net, but was still on the pc so though sod it i'll just format ( I have a partition so it only takes 40mins ish - easier than messing around )

So I get it back up, all drivers back on etc. All is sound. Get home from work ( having done nothing to the pc other than put some drivers on, and the net doesnt work... It's back.. Okie.

So I find the main offender from the Process list (Scardclnt.exe) and download a fix for it, it finds some stuff gets rid of it etc.

I figure to completly get rid of the git I'd format just to make sure theres nothing left in the registry that might come back to life in a week or 2 - and since I had just formatted anyway, what was the harm?

Reinstall 2k ( after a quick format on the partition ) then have to goto work. Get home from work and guess what... the internet isnt working for the rest of the house because my pc somehow has been infected again - having done nothing, not even load up IE/Firefox/ press the bloody start menu.

I should point out during this time that I did un-DMZ myself long ago and my Inet IP has changed serveral times.

Now I am OH so fed up. I backup my data onto my other pc ( after making sure none of it is infected. I unplug one HDD and low-level format the other one. then unplug that and low-level format the other one.

Both HDD's have been Low level formatted. They havent been plugged in at the same time - so they cant have infected each other since.

Make a partition for my OS. Install 2k.

What the - hell - I get a windows messenger pop up saying some crap about my registry is broken. This is BEFORE I have even connected to the internet! ( although just after I had installed my network drivers )

Please. Help me. Before I go postal.

[Gr44]

Should of said, current running 'dodgy' processes -

stsr32.exe
spoolsv.exe ?
mousehs.exe
winhlpp32.exe
smss.exe ?
svchost.exe x 3?

Messenger service is from 'SYSTEM' to 'ALERT' Got another one when I just booted it to check what processes were running.

Gonna turn that off right now.

Just scanned the win 2k cd i used for viruses and was ok, just put in the Asus cd i used and this pc now has stsr32.exe running on it to, didnt notice it before, but its not found any viruses on it yet...

some one please help me

[Flibb]

Stupid question time, have you got a firewall? If not you need one as you can get re-infected as soon as you connect the pc to the internet.

[Gr44]

router has one, but I have never bothered using one and always been okie tbh, been on the inet for about 6-7 years and broadband for 4-5 years and never had anything like this. Had the odd bit of spyware from a bit of er, googling shall we say lol

Gona try and download one now, atleast I can block it and carry on using the inet - this one is getting well slow because of it!

[Trippledence]

Try Kerio as it goes right into the core of windows and shouls stop apps you dont want from conectiong to the net. Or running.

[rajagra]

1) Are you really doing a low-level format? (Trick question, really. You can't do a true low-level format of modern drives!) Or are you just formatting partitions without the QUICK option? You could be leaving something in the MBR.
2) Are you only checking one of your PCs for viruses? Sounds like it's spread over the network, and is going to keep on doing so until you isolate and clear each PC.

[Taz]

MBR doesn't get formatted by a normal 'format'. Don't you have to use someting like 'fdisk /mbr'? Also, 'fixmbr' under recovery console of XP will also repair your MBR (but probably will not reformat it).

[Nox]

Should of said, current running 'dodgy' processes -

stsr32.exe
spoolsv.exe ?
mousehs.exe
winhlpp32.exe
smss.exe ?
svchost.exe x 3?

stsr32.exe - never heard of it
spoolsv - this is the printer stuff
mousehs.exe - http://www.bleepingcomputer.com/star....exe-9016.html
winhlpp32.exe - http://securityresponse.symantec.com...gaobot.ao.html
smss.exe - some system thing, doesn't mean it isn't infected tho
svchost - these are literally anything...

i like www.cai.com for virus info personally, have a browse I'm assuming it still tells you how to manually remove each virus.

Nox

Nox

[Gr44]

Ok, last night i low level'd ( or wrote zeros to my drive, for the pedantic ones ) one of my hdd's and put an os on it, put a firewall on it before i even touched a cat5 cable and all seems well!

Problem is the other one is still infected lol - think thats more of a tomorow job though :|

Cheers for all your help guys!

[Flibb]

You might also want to get some of this



A bit of holy water from http://www.discountcatholicstore.com
should prevent future infection from the cyber demons