Jump to content

Virus attacking my graphics


Recommended Posts

Hey preconmanager,

It sounds like there are some corrupt Windows files and settings, and things just seem to be deteriorating. I don't think malware is behind this.

See how you go with updating the Windows Media Centre. :)

Link to post
Share on other sites
  • Replies 147
  • Created
  • Last Reply

Updating Windows Media Center might interfere with Avast as it requires updating through windows, I couldn't find the path. It looked

like some of the options would have conflicted...Media Center is just a package of music, gaming, DVD naming, ETC, which I already have

in other programs so its redundant. I thought maybe there was a conflict in the video streaming.....

This is just and old OS (like me). It goes in and out....in fact things are just fine at this point in time....but tomorrow is another day.

I believe just the opposite, before you started working with me things were alot more deteriorated than they are now.

Link to post
Share on other sites

sfc /scannow completed and no error messages. I ran chkdsk /f, it ran for 4 minutes then rebooted (I could not see the results-black screen below blue). I am still getting the distortion so I will work on Media Center so at least so it does not create conflict. I just wish I knew what is creating this "black-out" of a portion of the screen. Scan should come clean....but who knows after the successes and drawbacks of today.

Windows Updates has given me an update (driver?) for my monitor within the past few weeks, and this is not what has caused my distortion in the first place, but....Would you suggest I try and reload my monitor program from its CD (I do have that) just in case that is the problem? What hardware would possibly be causing this?

Will worry about this tomorrow.....to the bat cave......

Link to post
Share on other sites

Hello preconmanager,

Yes, give your CD a try. I think, given that your monitor plays up in the Windows Media Centre as well, that certain things must just trigger the weirdness. Maybe the old driver will fix it. Let me know how it goes. :)

Link to post
Share on other sites

OK, I have been updating all day...BIOS, graphic & monitor drivers, program updates. I am able to run alot of diagnostics that I wasn't able to recently, which is a very good sign that my PC is getting healthy, however, I have one issue left then I might be able to let this rest. I have a list of unsigned drivers (9 total). I went to Microsoft Malware Security site to check them, and I am prevented from going in there (monitor goes black). I will run these drivers in VirusTotal and see if I have issues. My question is..Do you know why I would have a driver with no prefix file name?

Link to post
Share on other sites

Goo afternoon preconmanager,

This is not uncommon with Windows and manufactured drivers. You can run them through VirusTotal if you wish.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I ran ESET. During the scan at about 32k the monitor distortion started and I could not see what was being scanned at times.

I have a hosts file driver that when I searched for it in search engines, the only response was this thread. (Just like the DOS File search).

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=40576895d7b7ac4987066433e17a8e5e

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-02-04 09:26:12

# local_time=2013-02-04 01:26:12 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=774 16777213 100 91 0 135758244 0 0

# scanned=125991

# found=0

# cleaned=0

# scan_time=12328

Link to post
Share on other sites

I ran all my hosts files in etc through VirusTotal...they came back clean. These are my unsigned drivers;

Microsoft Signature Verification

Log file generated on 2/3/2013 at 8:56 PM

OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3

Scan Results: Total Files: 323, Signed: 312, Unsigned: 10, Not Scanned: 1

User-specified search path: *.*

User-specified search pattern: C:\Windows\system32\drivers

File Modified Version Status Catalog Signed By

------------------ ------------ ----------- ------------ ----------- -------------------

[c:\windows\system32\drivers]

103c_hp_cpc_er890aa- 5/23/2009 None Not Signed N/A

eappkt.sys 10/9/2007 500.1001.802.2007 Not Signed N/A

mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A

nvphy.bin 7/8/2008 None Not Signed N/A

nvtcp.sys 7/29/2005 1.0.0.5009 Not Signed N/A

pxhelp20.sys 4/25/2005 2.3.32.0 Not Signed N/A

usbkey.sys 11/18/2005 None Not Signed N/A

[c:\windows\system32\drivers\etc]

hosts 1/29/2013 None Not Signed N/A

hosts.ics 1/22/2013 None Not Signed N/A

hosts_bak_188 1/10/2013 None Not Signed N/A

Unscanned Files:

------------------

[c:\windows\system32\drivers\umdf]

msftwdf_user_01_00_0

I was researching these drivers to find either there service connection or driver updates when I found the driver in question.

Link to post
Share on other sites

[c:\windows\system32\drivers]

103c_hp_cpc_er890aa- (not the full name)

eappkt.sys

mhndrv.sys

nvphy.bin

nvtcp.sys

pxhelp20.sys

usbkey.sys

These are all unsigned, and if I remember, they were related to comm or DCOM. I understand these can be hijacked.

What did you come up with on the hosts_bak_188 driver? I cant find its use.

I also have the following unsigned file that in the past has been deemed viral. I was just in the process of running it through VirusTotal

[c:\windows\system32]

ps2.bat Unknown None Not Signed N/A

Link to post
Share on other sites

This morning, I went into the command prompt and there were trails of internet sites I have recently visited from this machine. This isn't common. It's like someone writing command scripts. I went to open Notebook to record it, and in going back to the CP, the script had disappeared.

I do remember this site being in there and I had trouble getting to the sign in on this site (monitor interference-grey undulating).

I hate sounding like a hypocondriac, and I know we have run every AV test coming in clean, but I can sense things are still not right. Is there a way to trace this action?

Link to post
Share on other sites

I have done some diagnostics on my graphics driver and monitor as suggested by MS again (have done this many times over the past few months).

Monitor- I did not have any wiring within 3 feet of the monitor, no motors or electronic devices (cell phone)(TV off and unplugged for a day), no neighborhood radio interference is apparent (not affecting any other computers in the house) and have checked the monitor on another computer. I had replaced the power cord, surge protector and connector cable (upgraded to Belkin Pro) in December. I am going to take the monitor for testing just in case.

Graphics Driver- Troubleshooter ran...no problem...I can get to YouTube and play videos...no problem...I can get to my homepage and perform searches (incl AV) over IE and Firefox....no problem (was problem in the recent past)...scripts running in websites...no problem...I have a few games (installed for years) that I can run...no problem...go to adjust my Avast, download AV (then abort), now Malwarebytes Forum (within the past day)....BIG problem.

I've looked back through this thread (as you have), the symptoms have definitely reduced, but I have noticed that AV interaction has been my main issue. I have removed all known old traces of AV that I can find on this machine with the exception of quarantined virus. On second thought, maybe I should do that.

I am trying to locate an XP Pro Disk, as this might be the solution as you have suggested.

At this point, I need to here that we have done everything you can prescribe, so that I do not overtax this site.

Link to post
Share on other sites

Hello preconmanager,

In terms of running tools and scans we have exhausted pretty much the majority. Anything else is unlikely to turn up something else I'm afraid.

Definitely reformatting will remove the issue unless it is a hardware issue. :)

Link to post
Share on other sites
  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.