Antivirus does not install ???

May 14, 2009 3:53 AM from

Hi friendz Please help me!

Yesterday, I went to cyber cafe to scan some photographs. I plugged my pendrive to copy scanned files into it. I noticed "usbcillin .exe" created in my pen drive. I had not copied it hence I understood its a virus and deleted. I came home, scanned it on my pc several instances detected with AVG and successfully removed. I happily yups happily copied the scanned photographs in my album on drive 'F'. OS Win XP SP2 is on drive 'C'. Now there is 'Katrina'. It blew my antivirus, tried to disable it but my antivirus would not quit fighting till the death, disabled task manager and registry. and computer hangs. At last, I had to restore from backup image. I have no backup image for other drives. Now everything is perfect, I can access task manager, registry etc but I cannot install AVG which I had kept on drive 'F', same on which I copied scanned photographs.

Is it still infected? Will I have to format? Is there any exclusive removal tool for usbcillin?

Thanks and karma a lot.

6,912 views 12 replies

Reply #1 May 14, 2009 4:48 AM from

WinCustomize Forums Top

Reply #2 May 14, 2009 5:46 AM from

WinCustomize Forums Top

why dont you download and run the malicious software tool remover from microsoft? its always up to date.

TouchTasks - Access tasks with ease on Windows touchscreens.

Reply #3 May 14, 2009 6:22 AM from

WinCustomize Forums Top

Excellent advice, Vampy!

Also, check this out, Divya: LINK

And here: LINK

Reply #4 May 14, 2009 6:24 AM from

WinCustomize Forums Top

Clean and reinstall.............that's the only way you'll be sure that your system is virus free.

Reply #5 May 14, 2009 7:33 AM from

WinCustomize Forums Top

Thanks for replies

I have checked it with Malwarebytes Anti-malware (with todays definitions) and Wnidows Malicious software removal tool. No infections found since I had restored from backup. However I can not install antivirus. I have mailed report to AVG.

Should I download another setup file or try another antivirus? But why I can't install that if system is clean.

Clean and reinstall.............that's the only way you'll be sure that your system is virus free.

End of quote

3L = ? It's last alternative.

Reply #6 May 14, 2009 7:43 AM from

WinCustomize Forums Top

Quoting divyasugar, reply 5

It's last alternative.

End of divyasugar's quote

I agree. Did you use the cleaning tool in the second link I posted?

Reply #7 May 14, 2009 8:00 AM from

WinCustomize Forums Top

Yes It detect no threats.

Reply #8 May 14, 2009 8:02 AM from

WinCustomize Forums Top

but how to uninstall it ?

Reply #9 May 14, 2009 8:32 AM from

WinCustomize Forums Top

Just had to log off and I could remove it.

Reply #10 May 14, 2009 9:00 AM from

WinCustomize Forums Top

Either it's there, or not.

Go to LINK and do the scan... Don't delete anything you are unsure of. You can save the report, and publish it here and email yrag and ask his opinion....he can be 'abrupt' so don't get upset.

Above all, Divya take is advice...or format. I hope you have a backup of your system BEFORE the infection.

Reply #11 May 14, 2009 10:18 AM from

WinCustomize Forums Top

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:34 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vikesh\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 3346 bytes

Reply #12 May 14, 2009 10:32 AM from

WinCustomize Forums Top

I had said...

At last, I had to restore from backup image.

End of quote

So there shouldn't be anything in processes.

The installer got corrupt it couldn't be instslled on another pc too. I downloaded another Antivirus & installed without problems.

Could there be more corrupt files? How to stop them from being corrupt?

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!