Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I Think I May Have A Worm or Virus

04 Jun 2010   #1
Anpippin

Windows 7 Ultimate 64-Bit
 
 
I Think I May Have A Worm or Virus

Hey I've been getting ICMP flood errors lately, and now today hardly any of the services on my machine work like Windows Audio and I can't enable the audio services, etc... And the services keep getting disabled like security center and stuff. And I can only choose Windows Classic and the High Contrast as my themes now.


My System SpecsSystem Spec
.
04 Jun 2010   #2
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Welcome

Run an antivirus scan then download and run malwarebytes.
http://www.malwarebytes.org/mbam.php
My System SpecsSystem Spec
04 Jun 2010   #3
Tews

64-bit Windows 8.1 Pro
 
 

Follow richs' advice and scan your computer, if that comes up clean, do a system restore to a point before the problem started.... if you are behind a router, make sure that you are using WPA or WPA2 security... Keep us informed..
My System SpecsSystem Spec
.

04 Jun 2010   #4
Anpippin

Windows 7 Ultimate 64-Bit
 
 

Quote   Quote: Originally Posted by richc46 View Post
Welcome

Run an antivirus scan then download and run malwarebytes.
Malwarebytes' Anti-Malware: Malwarebytes
Malwarebytes detected 4 things on my system, I believe 2 of them were files, 1 of them was registry and the other I can't remember because I had to restart my system. But now I'm doing a complete system scan with Avira Premium Security Suite. I'm still having my problem, but hopefully I won't after I run the system scan.
My System SpecsSystem Spec
04 Jun 2010   #5
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

If the problem still exists after the scans, which were clean. Follow the instructions of TEWS. The system restore hopefully, will make things right.
My System SpecsSystem Spec
04 Jun 2010   #6
Anpippin

Windows 7 Ultimate 64-Bit
 
 

Quote   Quote: Originally Posted by richc46 View Post
If the problem still exists after the scans, which were clean. Follow the instructions of TEWS. The system restore hopefully, will make things right.
Ok here is the report I got from Avira Premium Security Suite

Premium Security Suite
Report file date: Friday, June 04, 2010 07:26
Scanning for 2188598 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Austin Pippin
Serial number : 2207399699-ISECE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Xanity
Computer name : XANITY-PC
Version information:
BUILD.DAT : 10.0.0.542 43194 Bytes 4/19/2010 15:06:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/20/2010 06:31:13
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 06:31:13
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:59:23
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 13:19:46
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 13:19:46
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 13:19:47
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 13:19:47
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 13:19:47
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 13:19:48
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 13:19:48
VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 13:19:48
VBASE014.VDF : 7.10.7.226 2048 Bytes 6/2/2010 13:19:48
VBASE015.VDF : 7.10.7.227 2048 Bytes 6/2/2010 13:19:48
VBASE016.VDF : 7.10.7.228 2048 Bytes 6/2/2010 13:19:49
VBASE017.VDF : 7.10.7.229 2048 Bytes 6/2/2010 13:19:49
VBASE018.VDF : 7.10.7.230 2048 Bytes 6/2/2010 13:19:49
VBASE019.VDF : 7.10.7.231 2048 Bytes 6/2/2010 13:19:49
VBASE020.VDF : 7.10.7.232 2048 Bytes 6/2/2010 13:19:49
VBASE021.VDF : 7.10.7.233 2048 Bytes 6/2/2010 13:19:49
VBASE022.VDF : 7.10.7.234 2048 Bytes 6/2/2010 13:19:50
VBASE023.VDF : 7.10.7.235 2048 Bytes 6/2/2010 13:19:50
VBASE024.VDF : 7.10.7.236 2048 Bytes 6/2/2010 13:19:50
VBASE025.VDF : 7.10.7.237 2048 Bytes 6/2/2010 13:19:50
VBASE026.VDF : 7.10.7.238 2048 Bytes 6/2/2010 13:19:50
VBASE027.VDF : 7.10.7.239 2048 Bytes 6/2/2010 13:19:50
VBASE028.VDF : 7.10.7.240 2048 Bytes 6/2/2010 13:19:51
VBASE029.VDF : 7.10.7.241 2048 Bytes 6/2/2010 13:19:51
VBASE030.VDF : 7.10.7.242 2048 Bytes 6/2/2010 13:19:51
VBASE031.VDF : 7.10.7.249 56832 Bytes 6/4/2010 13:19:52
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/26/2010 23:49:13
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/4/2010 13:20:30
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 16:31:27
AESBX.DLL : 8.1.3.1 254324 Bytes 4/26/2010 23:49:19
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 13:59:35
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/12/2010 07:40:09
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 16:31:26
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/4/2010 13:20:17
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/4/2010 13:20:01
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/4/2010 13:19:59
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/26/2010 23:48:55
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 16:31:21
AEBB.DLL : 8.1.1.0 53618 Bytes 4/26/2010 23:48:49
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/20/2010 06:31:13
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/20/2010 06:31:13
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 06:31:12
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.32 2899304 Bytes 4/20/2010 06:31:12
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/20/2010 06:31:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Friday, June 04, 2010 07:26
Starting search for hidden objects.
Error in ARK library
The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '122' Module(s) have been scanned
Scan process 'COCIManager.exe' - '37' Module(s) have been scanned
Scan process 'LWS.exe' - '66' Module(s) have been scanned
Scan process 'avgnt.exe' - '77' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '43' Module(s) have been scanned
Scan process 'avmailc.exe' - '50' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '30' Module(s) have been scanned
Scan process 'LVPrS64H.exe' - '25' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '89' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '142' files ).

Starting the file scan:
Begin scan in 'C:\'
Begin scan in 'D:\'
Begin scan in 'E:\'

End of the scan: Friday, June 04, 2010 09:21
Used time: 1:55:23 Hour(s)
The scan has been done completely.
26609 Scanned directories
775384 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
775384 Files not concerned
4091 Archives were scanned
0 Warnings
0 Notes
49 Objects were scanned with rootkit scan
1 Hidden objects were found

Dang I was for sure I had a virus or worm or something.
My System SpecsSystem Spec
04 Jun 2010   #7
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Its good news. Now use system restore from before the problems.
My System SpecsSystem Spec
04 Jun 2010   #8
Anpippin

Windows 7 Ultimate 64-Bit
 
 

Quote   Quote: Originally Posted by richc46 View Post
Its good news. Now use system restore from before the problems.
When I opened System Restore it said
System Restore does not appear to be functioning correctly on this system.
A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. (0x80042302)
My System SpecsSystem Spec
04 Jun 2010   #9
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Seems to be a lot of problems

Try this
type cmd in search, do not hit enter, right click and run as administrator

In cmd type sfc /scannow

If errors are found run several times

If that does not work try this
Repair Install[2]=General Tips
My System SpecsSystem Spec
04 Jun 2010   #10
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote:
1 Hidden objects were found
You may want to try an online scan.

Go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
or

Go here and run an on-line scan with the F-Secure scanner .
  • Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.
My System SpecsSystem Spec
Reply

 I Think I May Have A Worm or Virus




Thread Tools




Similar help and support threads
Thread Forum
I think I have a virus or a worm in my system
I am lately getting a lot of "Undelivered Mail Returned to Sender" from the Mail Delivery System and in the same email "Why is this message in Spam? It seems to be a fake "bounce" reply to a message that you didn't actually send." I am also been bombarded by a bunch of unwanted popups again. ...
Browsers & Mail
Path to .exe is not a valid Windows application (worm virus??)
Received a laptop the other day with the following error Path to .exe is not a valid Windows application - error message. All files seem to have disappeared (showing in remove programs but not under start folder) and i cannot run any programs. I've even tried running regedit to have a look...
System Security
Recovering from a virus or worm
Ok so I think I may have had a zombie computer virus or worm or something, more info on that here https://www.sevenforums.com/system-security/89259-i-think-i-may-have-worm-virus.html and I had to do a custom install to get my computer back to normal, but when I did the custom install I didn't format...
BSOD Help and Support
Worm vb-740
I use ClamWin AV (latest, up-to-date version) Windows 7 (Build 7100) Anyone else find one of these in a virus scan? It wasn't there until after i did a Windows Update! Scan Started Mon Jun 01 13:26:54 2009 ---------------------------------------
System Security
Msdt.exe corrupt disk error? Virus/Worm??
Hi all, I was wondering if this msdt.exe corrupt error is caused by a win32 worm? A Chkdsk was performed but errors keep happening. Also this msdt.exe error pops up while browsing the internet. I am trying to help somebody else with this issue.... my own pc is ok. I suggested that he run...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:06.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App