Options

Problem related to Herocodec

Unknown
edited May 2009 in Spyware & Virus Removal
Stupidly, when I was prompted to download a codec for a downloaded movie I did it. It was called herocodec.exe and shortly after I got a prompt that rundll32 stopped working. Also a day later (today) firefox/IE/safari dont connect to the Internet, even though I have a connection. I'm posting this from my iPod right now, and I've tried to browse online for ways to delete it.

I've tried to run spybotS&D and eset(nod32), but haven't had any fixes. Spybot fails to run and nod32 doesn't come up with any malware/viruses. I've also tried to delete smss.exe in safe mode but all access is denied.

Thanks for any help.

Edit: I've also tried a system restore to about a week or two ago but it wasn't able to complete (failed after reboot)

Comments

  • phillg22
    edited April 2009
    First of all, thank you for all your help. Unfortunately, using the method you described, I am still unable to be able to get firefox,etc. to work and I get the errors of "Connection Interrupted. The connection to the server was reset while the page was loading."

    In attempting to manually remove the files listed, I've only been able to find the registry values for herocodec. After it first occured and I had a feeling it was a virus, I had deleted the files associated with it ( I.e. the original .exe and the folder it installed to). Also, I searched for the other files you listed in step 2 & 3 (autorun, etc.) and came up with nothing from those too.

    I read on one forum something about a smss.exe file being infected with it. When I try and delete smss.exe in win\system32 I am denied from deleting it and I don't have access to it. I've ran in safe mode and the process smss.exe is running; I stop the process and attempt to delete it again but I get the same error.

    Thank you again for all your time and effort.
  • phillg22
    edited April 2009
    Upon getting a call from my ISP that my Internet would be cancelled since they detected a virus, I auto updated nod32 (since I have Internet, but I'm blocked from using it in a web browser) and scanned. So far, it's found and quarantined Win32/AutoRun.ABH worm.

    I'll update If anything else comes up. Thanks!

    Edit:

    It just finished and the follwing threat was found:
    Object: D:\RECYCLERS\S-3-6-30-100011764-100010018-100030024-2255.com
    Threat: Win32/AutoRun.ABH worm

    However, when I try to clean it or delete it, there's an error.

    I'll try it again in safe mode. I'll update then, thanks.
  • phillg22
    edited April 2009
    Yeah, it shows up in safemode and nothing changes even when I end the process.

    Also, nod32 fails during safe mode... Great.


    I think all I REALLY need is to be able to get on the Internet, then I'm sure I can download the programs necessary to remove it. Again, any help is greatly appriciated.
  • RichDRichD Essex, UK
    edited April 2009
    Download them from a friends or work PC and save them to memory stick.
  • phillg22
    edited May 2009
    Long story short, I've managed to get malwarebytes installed (trojan gxvxcounter shows up every time I scan), superantispyware installation causes my computer to restart, and avast won't install (says there's an error). Any ideas what I should do next?
  • RichDRichD Essex, UK
    edited May 2009
    Unfortunately I am not qualified to advise you on how to clean your PC. My next piece of advice is download and install HijackThis and post a log in a new thread. People who are qualified will come along and find it. The chance of them looking in this thread are slim as the look for threads with 0 replies. Make sure you refference this thread and be patient. There are more infected people out there than there are helpers, so it can take a while for them to get around to you.
  • KatanaKatana
    edited May 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe



    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper
Sign In or Register to comment.