You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
My C Drive Data Deleted Automatically :'(
experts plz help me fix my PC....all my precious C: data has vanished 
.....it deleted automatically.....some days back it happened with Desktop data.....Though i recovered much of the C: data by using PowerDataRecovery....some files have been corrupted...... 
Also a BIG RED CROSS on C: and it is filled with some posxxx TMP files.......
Also my Internet Explorer is most probably hi-jacked....it opens all pop-up websites....
plz help me wat to do?????????
Comments
-
here is the HiJackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:33 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal
Running processes:
\WINDOWS\System32\smss.exe\WINDOWS\system32\winlogon.exe\WINDOWS\system32\services.exe\WINDOWS\system32\lsass.exe\WINDOWS\system32\svchost.exe\WINDOWS\System32\svchost.exe\Program Files\Common Files\Symantec Shared\ccSetMgr.exe\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe\WINDOWS\system32\spoolsv.exe\Program Files\Symantec AntiVirus\DefWatch.exe\Program Files\Avira\WebProtector\difsvc.exe\Program Files\Symantec AntiVirus\Rtvscan.exe\WINDOWS\system32\igfxtray.exe\WINDOWS\system32\hkcmd.exe\WINDOWS\SOUNDMAN.EXE\Program Files\Common Files\Symantec Shared\ccApp.exe\PROGRA~1\SYMANT~1\VPTray.exe\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe\WINDOWS\system32\wscntfy.exe\Program Files\Mozilla Firefox\firefox.exe\Program Files\Internet Explorer\IEXPLORE.EXE\WINDOWS\explorer.exe\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O4 - HKLM\..\Run: [igfxTray]\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray]\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1201633844515
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} -\WINDOWS\system32\ieframe.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Avira Web Filter Service (difsvc) - Unknown owner -\Program Files\Avira\WebProtector\difsvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner -\WINDOWS\system32\windows (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec -\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation -\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5225 bytes0 -
Please scan your system for rootkit activity. If you don't have this kind of scanner you can download one from http://www.gmer.net. Once you've done that enter safe mode (try using a boot cd and copy these files in other location if you can't see them in Safe Mode) and send us any hidden file that were reported by the rootkit scanner. Also please try to send us the file
\WINDOWS\system32\windows (again you may need to enter safe mode or try with a boot cd. If you don't see the file using the boot cd then it means it was deleted by one of your antiviruses).0 -
welcome on board, you are not alone, read the following threads:
0 -
welcome on board, you are not alone, read the following threads:
Dude...m not so expert in all these things.....if u could explain in Layman's language....or simply give me steps to fix my pc...i wud appreciate it......
N yeah.....can i delete all that tmpxxx files from my C: drive now?????0 -
Have you scanned your computer for rootkit activity? The tmp files are part of the files that PowerDataRecovery could not recover.
0 -
Have you scanned your computer for rootkit activity? The tmp files are part of the files that PowerDataRecovery could not recover.
yeah i've scanned for rootkit activity.....i'll upload the log file....u see n tell me is there any problems still with my PC???
n can that big red cross thing be fixed???/applications/core/interface/file/attachment.php?id=1426" data-fileid="1426" rel="">dd.zip
0 -
yeah i've scanned for rootkit activity.....i'll upload the log file....u see n tell me is there any problems still with my PC???
n can that big red cross thing be fixed???
Sorry for the delay. It is highly probable that you are infected with a version of Vundo virus. To be sure, please send me the file "D:\WINDOWS\system32\sstqo.dll".0 -
Sorry for the delay. It is highly probable that you are infected with a version of Vundo virus. To be sure, please send me the file "D:\WINDOWS\system32\sstqo.dll".
hey here is the file.......plz plz rply back soon...../applications/core/interface/file/attachment.php?id=1449" data-fileid="1449" rel="">sstqo.zip
0 -
yes, that is vundo all right(that explains the popups in iexporer, and why it didn't appear in hijackthis.log : as far as i know it displays 100 popups per day and injects itself in hijackthis.exe so it doesn't appear in the log). You have to delete that file. you can try in safe mode or using a boot cd. To remove the red cross over your hard drive try to delete this key using regedit (after you have deleted the file) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons
(and by the way, if you were using bitdefender you wouldn't be infected right now (BitDefender detects that file))
Tell me how it went.0 -
yes, that is vundo all right(that explains the popups in iexporer, and why it didn't appear in hijackthis.log : as far as i know it displays 100 popups per day and injects itself in hijackthis.exe so it doesn't appear in the log). You have to delete that file. you can try in safe mode or using a boot cd. To remove the red cross over your hard drive try to delete this key using regedit (after you have deleted the file) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons
(and by the way, if you were using bitdefender you wouldn't be infected right now (BitDefender detects that file))
Tell me how it went.
hey thnx for that reg edit thing............the red cross has gone..........n btw m using symantec corporate edition antivirus......n it detected it.........but i did not delete it thinking if it wud unstabilize my system,,,,,nw i've deleted it......n my PC working smmoth..................
THNX TO THE BD FORUM.............0 -
To get a full HiJackThis Log download Highjack this and rename the executable to something like myscanner.exe and then rerun it.
Since you do have Vundo on your machine I recommend download and running VundoFix
If it is still running I recommend downloading Comodo Firewall 3 to run side by side with bitdefender.
Comodo's Defense+ system will more then likely stop vundo from doing anything once installed.
Just make sure you turn on everything to Paranoid Mode not Clean PC or Installation Mode, and anything that happens on your system will have to be approved by Comodo Defense+ and Comodo Firewall.
Also make sure that you enable all of Bitdefenders registry's privacy control.
Do not forget to disable your internet on this machine, as having enabled could allow an attacker to stop you while you try to clean up. If you do have to enable the internet only enable it for a short period of time.0
