Need Help

I have a problem. My Norton Antivirus cannot start, it shuted down automatically. I bought McAfee Virus Scan 2004 ver 8.0 and couldn't install it because of the same reason.McAfee Online virus scan has found two infected files in my computer:
C:\windows\system32\ccSort.exe
C:\System Volume Information\...\A0000024.exe.
Both files have infected by Morphine.
Can somebody tell what is it and what i have to do?

 

Hi AZL,

Welcome to Wilder's!!!!!

You best solution would be to go HERE and follow the instructions.

Regards,
Kent

 

I couldn't use my Norton Antivirus, because it shuted down automatically. I couldn't install McAfee Virus Scan 2004 ver. 8.0 because of the same reason.
I have scaned my computer with Ad-aware 6.0 and with HijackThis.
This is the result:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ccSort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SpyKiller\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4344/mcfscan.cab

thank you for help

 

Hi AZL,

Welcome to Wilders.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe

Then reboot in Safe Mode and delete the following:

ccSort.exe <-- You may have to do a serch (showing hidden and system files) to find it.

Reboot and then post a fresh HijackThis log being sure to post the ENTIRE log including the header info.

Regards,
Kent

 

Hi AZL,

I just wanted to add that one of the infected files is in you System Restore.....

To clean out your System Restore, do the following:

Turn OFF System Restore.
1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. Check the box beside "Turn off System Restore".
5. Click Apply, and then click OK.
6. Restart the computer. (You must restart your computer to clear the old Restore Points)

To Turn System Restore back ON.
1. Follow the above Steps 1 to 3
2. UNcheck the box beside "Turn off System Restore".
3. Click Apply, and then click OK.
4. Restart your computer.
5. Then CREATE a new restore point.

Regards,
Kent