Help With Freaky Virus?

[l33thunt3r]

Well this virus just occured today (3 times) I know how to fix it temporarily, but as I said , its happened 3 times.

 

 

 

It makes the game lag a bit, like some clicks dont work, then i run super fast later. Then it makes my pc load really slowly (freezes pc, so i restart) Any way to solve this? Is this a known virus?

 

 

 

:cry:

 

 

 

BTW Im doing a scan now.

 

 

 

 

 

EDIT:

 

 

 

It's not a virus, I scanned and cleaned everything, but it happened just now. I lost connection to the internet, then everything was slow. I turned off the power switch (to all the stuff, not just the pc) and turned it on again, now it works, but I need to get rid of it! It makes me lose connection, or maybe just makes everything slow...

 

 

 

HELP?

[Phil]

I think we might need a bit more information.

 

 

 

Why do you think it's a virus? Just because the game is running slow?

 

 

 

What virus scanner are you using? Lets wait untill after the scan to do anything further. I'd also suggest running scans for spyware. Even a HijackThis log would be handy.

 

 

 

Also make sure your Operating System & browsers are up to date.

[weezcake]

Run an anti-virus, some anti-spyware, and update your edition of Windows. If the problem persists, please say so :)

[l33thunt3r]

I ran scans, but it showed nothing. So it's not a virus, but an application. I was only running RuneScape and a music player.

 

 

 

Also, I think my headphones are broken, their wires are chewed up.

 

 

 

:lol:

 

 

 

Now im using new headphones, I'll see if it works

[tunaboy692004]

Wait, what does your headphones have to do with it? lol

 

 

 

ctrl+alt+del check your system processes, check the cpu colum and see if there is any outragously high results (besides system idle process)

[l33thunt3r]

Ok, it's happened again. GAH HELP!

 

 

 

I deleted lots of stuff, but its still messed up.

 

 

 

I didn't download anything etc, but it just randomly lags every 1 hour and 45 mins.

[weezcake]

Download hijackthis and post a log here.

 

 

 

1. http://www.spywareinfo.com/~merijn/

 

2. Download the program and move it into a new folder on your desktop.

 

3. Run the scan and save a log.

 

4. Post here.

 

 

 

Maybe one of our techies can find something :)

[l33thunt3r]

here you go:

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 5:30:32 PM, on 4/20/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

G:\WINDOWS\System32\smss[Caution: Executable File]

 

G:\WINDOWS\system32\winlogon[Caution: Executable File]

 

G:\WINDOWS\system32\services[Caution: Executable File]

 

G:\WINDOWS\system32\lsass[Caution: Executable File]

 

G:\WINDOWS\system32\svchost[Caution: Executable File]

 

G:\WINDOWS\System32\svchost[Caution: Executable File]

 

G:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

G:\WINDOWS\Explorer[Caution: Executable File]

 

G:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr[Caution: Executable File]

 

G:\Program Files\Trend Micro\OfficeScan Client\pccntmon[Caution: Executable File]

 

G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: Executable File]

 

G:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File]

 

G:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

G:\WINDOWS\system32\rundll32[Caution: Executable File]

 

G:\WINDOWS\system32\CTsvcCDA[Caution: Executable File]

 

G:\Program Files\Cisco Systems\VPN Client\cvpnd[Caution: Executable File]

 

G:\PROGRA~1\SurfPass\Firebird\bin\fbserver[Caution: Executable File]

 

G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan[Caution: Executable File]

 

G:\WINDOWS\System32\nvsvc32[Caution: Executable File]

 

G:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: Executable File]

 

G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc[Caution: Executable File]

 

G:\Program Files\Trend Micro\OfficeScan Client\tmlisten[Caution: Executable File]

 

G:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap[Caution: Executable File]

 

G:\WINDOWS\TEMP\WZCA38[Caution: Executable File]

 

G:\Program Files\SwiftSwitch\SwiftSwitch[Caution: Executable File]

 

G:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

G:\PROGRA~1\WINZIP\wzqkpick[Caution: Executable File]

 

C:\unzipped\HijackThis[Caution: Executable File]

 

 

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

 

O4 - HKLM\..\Run: [surfPass Client] G:\PROGRA~1\SurfPass\SPCLIENT[Caution: Executable File] /AutoRun

 

O4 - HKLM\..\Run: [surfPass Server] G:\PROGRA~1\SurfPass\SPSERVER[Caution: Executable File]

 

O4 - HKLM\..\Run: [samsung LBP SM] "G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr[Caution: Executable File]" /autorun

 

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "G:\Program Files\Trend Micro\OfficeScan Client\pccntmon[Caution: Executable File]" -HideWindow

 

O4 - HKLM\..\Run: [NVMixerTray] "G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray[Caution: Executable File]"

 

O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File]"

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] G:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: Executable File] nview.dll,nViewLoadHook

 

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK[Caution: Executable File]

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5553572238

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA[Caution: Executable File]

 

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Cisco Systems\VPN Client\cvpnd[Caution: Executable File]

 

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - G:\PROGRA~1\SurfPass\Firebird\bin\fbserver[Caution: Executable File]

 

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan[Caution: Executable File]

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32[Caution: Executable File]

 

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc[Caution: Executable File]

 

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\tmlisten[Caution: Executable File]

[Albosky]

The following needs to be removed IMMEDIATELY , unless you purposely installed surfpass , its purpose is to limit usage time and is almost guaranteed to be the source of your trouble

 

 

 

O4 - HKLM\..\Run: [surfPass Client] G:\PROGRA~1\SurfPass\SPCLIENT[Caution: Executable File] /AutoRun

O4 - HKLM\..\Run: [surfPass Server] G:\PROGRA~1\SurfPass\SPSERVER[Caution: Executable File]

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

Winsock Hijacker

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - G:\PROGRA~1\SurfPass\Firebird\bin\fbserver[Caution: Executable File]

 

 

 

Make sure those entries are removed and the file is completely wiped from your system (uninstalled surfpass totally)

 

 

 

Remember , only do so if SurfPass was not meant to be installed on the system.

 

 

 

Oh , and stop using SS :P

[l33thunt3r]

SurfPass isnt a problem, I've had it for a while now. (it's to block my brother from looking up 'images'.)

 

 

 

If all else fails, I'll uninstall it.

 

 

 

BTW, my dad's gonna try to fix it. :oops:

[tunaboy692004]

Hmm, ive never even heard of surf pass, so i cant help you there. But sometimes the problem may not be caused immeditally when you use the program, but possibly weeks after.