• You are not registered on MyBroadband, which means you miss out on great benefits. To join our community is very easy, and completely free. Register now.

I don't know what to do anymore, should I just give up?


Senior Member
Apr 4, 2008
The past 2 days I have had HUGE virus and malware problems. It all started with one single virus called "sopidpc". It took over my pc and created various other viruses (like "forx..." and "heur"). From there on everything just went downwards. My pc was flouded with trojan horses and virusses. I only had AVG 8 PRO installed and running at the time, but it was useless against this attack.

I didn't know what to do, but I took some time to do some research and installed the following software: Malwarebytes Antimalware, Hijackthis, Microsoft malicious software removal tool March and Registry Mechanic.

I Updated all of these software's and scanned my pc . All of them found something and supposedly deleted it. My USB flash drive (memory stick) was also inserted at the time of the "attack" so I also scanned it with all the software. I then realized that it might be a good idea to scan in safe mode, so I did so (this took about 5 hours for all the scans). I then thought that my pc was fine again.

I started up and backed up everything while it was still working (very glad I did that!). After I was done I looked through my hard-drive again to make sure I backed up everything and then suddenly AVG popped up and told me that my pc was infected with:

"Runtime packed upack";"C:\WINDOWS\system32\forx821407.exe";"";"2009/03/26, 05:34:29 PM";"File";"C:\Program Files\AVG\AVG8\avgscanx.exe"

"Trojan horse Generic12.BYMI";"goasi.cn/ex/a.php";"";"2009/03/26, 07:55:07 PM";"File";"C:\WINDOWS\system32\winlogon.exe"
So then I didn't know anymore, so I called one of my guru friends and he told me to install Bit defender total security 2009 30 day trial. I did that and updated it. After I updated I restated but after logging in to windows just the background came up without the task bar and icons. I left it but after 15 minutes it was still frozen. I then restarted into safe mode to try to uninstall bit defender. It started up in safe mode but when I tried to uninstall it a error came up that told me that I didn't have sufficient privileges (I was logged on Admin). I then tried uninstalling with your uninstaller! 2008. It couldn't uninstall but the stupid thing then deleted the registry entry and "left over files". I knew that I was basically screwed at that moment. But luckily I found the Bit defender uninstall tool, which successfully removed Bit defender.

An here I am now, no Bit defender, a lot of viruses. What should I do now, should I just give up and stop using a computer. I really feel like doing that now:(


Senior Member
Apr 4, 2008
Here are also some logs you might want


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:55:10 PM, on 2009/03/26
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-299502267-1801674531-682003330-73334\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-299502267-1801674531-682003330-73334\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (User '?')
O4 - HKUS\S-1-5-21-299502267-1801674531-682003330-73334\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TSHWANE.GOV.ZA
O17 - HKLM\Software\..\Telephony: DomainName = TSHWANE.GOV.ZA
O17 - HKLM\System\CCS\Services\Tcpip\..\{05B21640-C971-4C67-8B04-4FACFC5C9236}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A523294-21C1-4DBD-8CB5-A308F4BA138B}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TSHWANE.GOV.ZA
O17 - HKLM\System\CS1\Services\Tcpip\..\{05B21640-C971-4C67-8B04-4FACFC5C9236}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TSHWANE.GOV.ZA
O17 - HKLM\System\CS2\Services\Tcpip\..\{05B21640-C971-4C67-8B04-4FACFC5C9236}: NameServer =,
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

End of file - 9900 bytes


Senior Member
Apr 4, 2008
And here is Malwarebytes antimalware:

Malwarebytes' Anti-Malware 1.34
Database version: 1894
Windows 5.1.2600 Service Pack 3, v.3264

2009/03/25 07:37:17 PM
mbam-log-2009-03-25 (19-37-17).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 199358
Time elapsed: 1 hour(s), 15 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Sorry for so much posts but I can't post more than 10000 characters at a time. :eek:


Honorary Master
Nov 1, 2003
1. Remove current antivirus if it isn't AVAST
2. Download Avast free from www.avast.com
3. Install it
4. Say yes to boot time scan but do not restart
5. Download updates for Avast and install them
6. Now restart...

I always just hit the DELETE ALL option when a virus is found but you can be more conservative if you want to. With your kind of infestation, I would rather be very LIBERAL!!! :D


Honorary Master
Jun 29, 2006
I've found malwarebytes also works well in conjunction with a good AV package. Make sure its up to date and run a scan in safe mode. Also try running the free online scan from kaspersky.

Download autoruns from MS - you have a ton of stuff in your autostart - removing a lot of this will speed up things too.


Expert Member
Sep 7, 2007
I'm very disappointed with avg of late. Have switched to avira after trying avast for a couple of days. Happy so far. Avg has missed a couple of biggies...that I had to manually remove. Not recommending it to anyone any more.


Expert Member
Feb 7, 2007
Have you tried using the onlin scanners? Eset has one as well as Trend Micro.

Usually what I do is use one of those then afterwards use malware bytes. You can also use ccleaner which cleans out temp files and history.


Senior Member
Jan 14, 2009
AVG seems to be slipping down the scales as of late...

But here's a couple of pointers:

1. Never install more than one AV product on your machine at once (when removing them make sure all components are uninstalled - Symantec seem notorious for this). The problem is that they tend to interfere with each other, and in cases break each other's scanning engines.

2. Make sure you have at the following: an anti-virus product, an anti-spyware product, a rootkit scanner, and a firewall. People have preferences - choose one that works for you and is adequate. Remember that free products are slightly behind the purchasable equivalent (in a number of ways, but not that significantly).

3. Make sure the above products are kepp up to date. All AV products suffer from not being able to detect ALL samples, so you may get a bugger that falls through. This doesn't mean that the product is not worth it, unless of course this happens regularly :p.

Now to address your issue:
1. make sure you have one of all the above products installed each up to date.
2. if you are on a network, close all open shares, or better, pull the network cable. Chances are either your machine is attempting to infect others, or the source of the attack and reinfection is from another machine on the network, with open shares being a favourite avenue.
3. empty the Recycle Bin, disable System Restore (big one) and clean out temp folders.
4. run a rootkit scan. More than likely, if the machine is being reinfected and none of the above-mentioned avenues are the cause, then a rootkit could be hiding on your system. This is not detected by AV products, as it is designed to be seen as part of the system, executing before even the AV loads up (basic explanantion, I can go into technical detail if required).
5. Run full scans of the machine both with AV and AS. ensure that any detected malware is deleted.
6. Reboot the machine. By this stage any malware products should have been deleted, and rebooting clears out any memory resident routines. If you really are paranoid, you can run another scan after this again, to make sure.

As it seems to detect the infection by a specific name, I'm assuming the AV product you choose already has recognition of the infection, hence it isn't a new undetected variant. Also, don't insert any USB devices until you are sure that the machine is clean.

Sorry for the long explanation, hope it helps though

Dark Agent

Expert Member
Nov 30, 2008
AVG 8.5 takes time to pick up a virus. Normally when opening a crack it pop up "Virus Detected" and now it pops up while playing games.

Is there any good AV out there for free?


Well-Known Member
Mar 31, 2006
As wishblade pointed out, you probably have a rootkit. I had a very similar experience not so long ago, all the apps mentioned here will only clean up the resultant virus, but leave you with the real threat.

Download combofix and run it from safe mode. you can get it from here and the guide and tutorial from here

Don't use or insert any flash disk, that's probably how you got infected in the first place. Download Flash Disinfector from here to clean any hidden autorun.ini on the flash disk.

Once you've completed all that get hold of a 30day trial of Nod32 ver4


Executive Member
Aug 24, 2005
1. Remove current antivirus if it isn't AVAST
2. Download Avast free from www.avast.com
3. Install it
4. Say yes to boot time scan but do not restart
5. Download updates for Avast and install them
6. Now restart...

I always just hit the DELETE ALL option when a virus is found but you can be more conservative if you want to. With your kind of infestation, I would rather be very LIBERAL!!! :D
AVAST FTW, I used to use AVG but avast is just do much better!


Super Moderator
Feb 23, 2005
You've backed everything up so why expend so much time and effort - reinstall windows and be done with it.


Well-Known Member
Mar 31, 2006
You've backed everything up so why expend so much time and effort - reinstall windows and be done with it.
Good idea, use Combofix first, you might be amazed at just how powerful one little freeware app can be at rootkit removal.

Asha'man X

Expert Member
Aug 31, 2006
Format sounds the best option here, but if you want to save the system, you need a way to scan that doesn't invove the computer starting up. I would suggest downloading the Ultiamte Boot CD for Windows (completely legal), and building it as well as adding whatever tools you need.

Boot from the disk afterwards and run the scanners on your system. Malware can't hide like they can, even in Safe Mode. If it does clean stuff out, you'll still need to clean your registry out, as these buggers hide themselves in there, and often they go deep.


Honorary Master
Aug 8, 2005
he best is to use BitDefender Rescue CD because it has the ability to automatically update its virus definition if it finds an internet connection whenever you boot up the computer with the Rescue CD. As far as I know, BitDefender is highly sensitive in detecting both known and unknown virus.


I'd do that. Download the rescue CD from BitDefender, burn it, then BOOT with it, it should download the latest updates from the internet and clean your PC - all from BartPE.

Then when finished cleaning the system, buy a good AV eg Bitdefender, install it, update it and activate it
Install Comodo FireWall Professional - it's a great FireWall and a great HIPS (Host Intrusion Prevention System - will warn ya if you a strange application wants to mess with other apps, contains a whitelist of apps)
Install SpyBot and 'immunise' your browsers, turn on real-time-protection
Install MalwareBytes and use to scan anything you trust but not 100% sure of
Run FireFox with NoScript plugin, Opera is also great
Scan all your flash drives, external harddrives and recently burned CD-R/DVD-Rs
Don't run any dodgy executable files from the internet eg keygens unless you scanned them with VirusTotal OR even better run them on a seperate machine
or virtual machine which you can wipe if it becomes infected, ideally don't run them at all
Don't open any file attachments unless you trust the source, even then your friends could be forwarding you a virus. It's great if your ISP uses a seperate
AV package to prescan your mailbox for viruses and block spam
Avoid using Outlook Express or Outlook as they can autoload viruses in preview panes
Disable ActiveX in Internet Explorer
Turn Explorer's View File Extension setting ON, Turn Show Hidden Files ON too.
Keep your AV, Comodo Firewall Pro, Spybot, MalwareBytes, Windows and browsers up-to-date
Last edited:


Senior Member
Feb 24, 2008
Only one word will help in this case: Avast!

Our university has McAfee installed on all their PC's and McAfee isn't even detecting the basic viruses like Hupigon (Trojan) that spread via Autorun whereas Avast detects it even when I try to run the infected file on my flash at home.

I haven't had a problem with even one virus since installing Avast... and that's about two year's ago


Honorary Master
Aug 8, 2005
I haven't had a problem with even one virus since installing Avast... and that's about two year's ago
I haven't had a problem with any viruses since 1992 and that was Plastique. That time a program called TNTVIRUS for DOS cleaned it off, later it was bought by Central Point and finally by Symantec/Norton.

I've had Turbo Antivirus, McAfee, F-PROT, PC-CILLIN, Norton, Dr Solomon, Kaspersky and Bitdefender block viruses but nothing ever got through. Ideally one should also run a HIPS
with the AV and FireWall. *Touch wood* :) An alternative HIPS is System Security Monitor.