I Think I May Have A Worm or Virus

Hey I've been getting ICMP flood errors lately, and now today hardly any of the services on my machine work like Windows Audio and I can't enable the audio services, etc... And the services keep getting disabled like security center and stuff. And I can only choose Windows Classic and the High Contrast as my themes now.

Welcome

Run an antivirus scan then download and run malwarebytes.
http://www.malwarebytes.org/mbam.php

Follow richs' advice and scan your computer, if that comes up clean, do a system restore to a point before the problem started.... if you are behind a router, make sure that you are using WPA or WPA2 security... Keep us informed..

richc46 said:

Welcome

Run an antivirus scan then download and run malwarebytes.
Malwarebytes' Anti-Malware: Malwarebytes

Click to expand...

Malwarebytes detected 4 things on my system, I believe 2 of them were files, 1 of them was registry and the other I can't remember because I had to restart my system. But now I'm doing a complete system scan with Avira Premium Security Suite. I'm still having my problem, but hopefully I won't after I run the system scan.

If the problem still exists after the scans, which were clean. Follow the instructions of TEWS. The system restore hopefully, will make things right.

richc46 said:

If the problem still exists after the scans, which were clean. Follow the instructions of TEWS. The system restore hopefully, will make things right.

Click to expand...

Ok here is the report I got from Avira Premium Security Suite

Premium Security Suite
Report file date: Friday, June 04, 2010 07:26
Scanning for 2188598 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Austin Pippin
Serial number : 2207399699-ISECE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Xanity
Computer name : XANITY-PC
Version information:
BUILD.DAT : 10.0.0.542 43194 Bytes 4/19/2010 15:06:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/20/2010 06:31:13
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 06:31:13
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:59:23
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 13:19:46
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 13:19:46
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 13:19:47
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 13:19:47
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 13:19:47
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 13:19:48
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 13:19:48
VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 13:19:48
VBASE014.VDF : 7.10.7.226 2048 Bytes 6/2/2010 13:19:48
VBASE015.VDF : 7.10.7.227 2048 Bytes 6/2/2010 13:19:48
VBASE016.VDF : 7.10.7.228 2048 Bytes 6/2/2010 13:19:49
VBASE017.VDF : 7.10.7.229 2048 Bytes 6/2/2010 13:19:49
VBASE018.VDF : 7.10.7.230 2048 Bytes 6/2/2010 13:19:49
VBASE019.VDF : 7.10.7.231 2048 Bytes 6/2/2010 13:19:49
VBASE020.VDF : 7.10.7.232 2048 Bytes 6/2/2010 13:19:49
VBASE021.VDF : 7.10.7.233 2048 Bytes 6/2/2010 13:19:49
VBASE022.VDF : 7.10.7.234 2048 Bytes 6/2/2010 13:19:50
VBASE023.VDF : 7.10.7.235 2048 Bytes 6/2/2010 13:19:50
VBASE024.VDF : 7.10.7.236 2048 Bytes 6/2/2010 13:19:50
VBASE025.VDF : 7.10.7.237 2048 Bytes 6/2/2010 13:19:50
VBASE026.VDF : 7.10.7.238 2048 Bytes 6/2/2010 13:19:50
VBASE027.VDF : 7.10.7.239 2048 Bytes 6/2/2010 13:19:50
VBASE028.VDF : 7.10.7.240 2048 Bytes 6/2/2010 13:19:51
VBASE029.VDF : 7.10.7.241 2048 Bytes 6/2/2010 13:19:51
VBASE030.VDF : 7.10.7.242 2048 Bytes 6/2/2010 13:19:51
VBASE031.VDF : 7.10.7.249 56832 Bytes 6/4/2010 13:19:52
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/26/2010 23:49:13
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/4/2010 13:20:30
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 16:31:27
AESBX.DLL : 8.1.3.1 254324 Bytes 4/26/2010 23:49:19
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 13:59:35
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/12/2010 07:40:09
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 16:31:26
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/4/2010 13:20:17
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/4/2010 13:20:01
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/4/2010 13:19:59
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/26/2010 23:48:55
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 16:31:21
AEBB.DLL : 8.1.1.0 53618 Bytes 4/26/2010 23:48:49
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/20/2010 06:31:13
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/20/2010 06:31:13
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 06:31:12
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 4/20/2010 06:31:12
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/20/2010 06:31:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Friday, June 04, 2010 07:26
Starting search for hidden objects.
Error in ARK library
The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '122' Module(s) have been scanned
Scan process 'COCIManager.exe' - '37' Module(s) have been scanned
Scan process 'LWS.exe' - '66' Module(s) have been scanned
Scan process 'avgnt.exe' - '77' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '43' Module(s) have been scanned
Scan process 'avmailc.exe' - '50' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '30' Module(s) have been scanned
Scan process 'LVPrS64H.exe' - '25' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '89' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0

Its good news. Now use system restore from before the problems.

richc46 said:

Its good news. Now use system restore from before the problems.

Click to expand...

When I opened System Restore it said
System Restore does not appear to be functioning correctly on this system.
A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. (0x80042302)

Seems to be a lot of problems

Try this
type cmd in search, do not hit enter, right click and run as administrator

In cmd type sfc /scannow

If errors are found run several times

If that does not work try this
http://www.sevenforums.com/tutorials/3413-repair-install.html?filter[2]=General Tips

1 Hidden objects were found

Click to expand...

You may want to try an online scan.

Go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan

or

Go here and run an on-line scan with the F-Secure scanner .

• Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.

Thanks for the astute advice, as always.

Corrine, that is excellent help to the OP.

Thank you, Gentlemen.

The hidden object could very well be legitimate. However, an online scan certainly can't hurt. Another option would be a rootkit scan, such as this from Sophos: Anti-Rootkit | Free Rootkit Removal | Rootkit Detection - Sophos

Avira Premium Security Suite has a rootkit scan

Jacee said:

Avira Premium Security Suite has a rootkit scan

Click to expand...

How do I use the rootkit scan on Avira?

Since you performed a complete system scan with Avira Premium Security Suite, that would have included a rootkit scan.

Not all hidden files are malicious. The reason I suggested scanning with a different vendor is because each has different scanning engines and detection and it appears you are still having problems.

Corrine said:

1 Hidden objects were found

Click to expand...

You may want to try an online scan.

Go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan

or

Go here and run an on-line scan with the F-Secure scanner .

• Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.

Click to expand...

Eset Online Scanner is a solid online virus scan. I also recommend this to folks that don't have an anti-virus or when an infection has rendered their current protection useless. Good advice.

Corrine said:

1 Hidden objects were found

Click to expand...

You may want to try an online scan.


Go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan

or

Go here and run an on-line scan with the F-Secure scanner .

• Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.

Click to expand...

ESET Online Scanner is slow, it's been running for 9 hours and 58 minutes now.

Let's hope it comes out clean. If you decide to run a scan with any other programs, I recommend a shutdown/restart between scans.

Corrine said:

Let's hope it comes out clean. If you decide to run a scan with any other programs, I recommend a shutdown/restart between scans.

Click to expand...

It finished after 10 hours and 43 minutes with no threats found.