Some sort of Virus

[Lite]

Post another HJT log.

Also check your file associations.

You might like to run Hitman Pro too. (Hold down the shift key when you run attempt to open it)

[AshTheGamer]

Update has been posted running Hit man now.

[DKT27]

Also try Microsoft Malicious Software Removal Tool.

RUN > MRT > Full Scan.

Full scan will take about 4-6 Hours depending on your system. But always works for me. :)

[Lite]

MeTuS Client is used for DOS attacks. I suggest you remove this immediately if you want help here.

Terminate these proceses (task manager):

C:\Windows\Rcikia.exe

C:\Windows\tsnp2std.exe

C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe

C:\Program Files\iTunes\iTunes.exe

C:\Users\Media\Desktop\Private tools and exploits\MeTuS Client 3.0.2\MeTuS_Client_3.0.2.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\SmartFTP Client\SmartFTP.exe

C:\Program Files\No-IP\DUC20.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exe

Delete this via HJT:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CCS\Services\Tcpip\..\{2554BA2D-D3F2-48F7-A239-281DBFE91A87}: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CS2\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164

Restart your computer and re-run and re-post your HJT log.

[BBs]

Are you sure that you fixed the items i posted above?

PS:

After you fixed them. (Again?)

Do the following:

1. Scan with SuperAntiSpyware Free Portable: Download ---> Run ---> Update ----> Scan: http://portable.superantispyware.com/sassaferun.php

2. Scan with A-Squared Anti-Malware Free: Download ---> Install ---> Run ---> Update ----> Scan: http://download4.emsisoft.com/a2FreeSetup.exe

3. Scan with Hitman Pro : Download ---> Install ---> Run ----> Scan: 32bit: http://files.surfright.nl/HitmanPro35.exe 64bit: http://files.surfright.nl/HitmanPro35_x64.exe

Then post again a new Hijackthis Log.

PS: A-Squared and SuperAntiSpyware should find and fix everything!

[HX1]

that program makes undesired changes to host file.

Yes wanted to point out that if you don't pay attention while installing and selecting option that 'UNDESIRED' activity will occur, and EVERYTHING that SpyBot does, can be reversed.. including locking the Hosts file from editing and the TeaTimer for IE.

Truthfully registry entries would be a good place to look .. and SpyBot does that..

@BBs - Hitman Pro will get the baddies and quick.. even if they smell funny..LOL

[shought]

Spybot S&D and Trojan Remover should be capable of fixing this, as this isn't a very nasty one (even though Trojan Remover is capable of busting some nasty ones).

This file: Rcikia.exe should be removed from your PC.

What's most important in malware cleaning is that you understand how it (malware) works and if you do you'll be able to make sure it doesn't get a chance at doing what it does. Lite gave you a pointer at this.

Proper actions (in chronological order):

- make absolutely sure no malware is running (by closing anything not vital to your system operations).

- use HJT to disable the entries Lite suggested.

- use a Trojan Remover normal scan (if it finds anything fix it, but don't reboot (unless it gives you no option (i.e. it has found some malware which it has to remove and is only able to do so by rebooting), then go back to step one).

- use a Trojan Remover full system/disk scan (I know it takes long, but it's worth it...), make sure you fix everything, then afterwards run another normal scan.

- use a Spybot S&D scan.

- reboot.

- If needed repeat procedure one more time.

A standard guide for all malware related issues:

1. Shut down all processes not vital to your system operations (this may even include explorer.exe).

2. Use an online scan like TrendMicro HouseCall.

3. Use Trojan Remover, Spybot S&D (, Hitman Pro) and your own AV (after each other, without rebooting in between, if you have to reboot because of some reason, do this step over).

4. Reboot.

5. Repeat step 3.

6. Check back here for additions as my malware removal skills have gotten a little old and rusty and I might want to update this at some point.

7. Done.

Note: You may want to replace Trojan Remover and Spybot S&D with your 'own' preferred products, but I suggest these as they've always served me well. You also might want to use more than just two products, do make sure you finish all scans without rebooting in between before you go forward to 'reboot and repeat step 3'.

[AshTheGamer]

I think the virus is now gone however I get 2 errors.

1)

RTSS

Cannot load RTSSHocks.dll library!

2)

MSI On-Screen Display server

Failed to initialize main window with dark.usf skin, revering to default skin!

How do I fix these?

[HX1]

What are those referring too exactly.. did you use a dark skin on anything? .. and RTSSHocks belongs to what? ( Point right here being .. are these legitimate or more entries of a trojan as it proceeded to run.. ) If you still have registry entries or startup values pointing to any of these files you may need to delete them and/or cleanup what took place while you were trying to clean them up.. Why he mentions 'Rinse and Repeat' as necessary..

[BBs]

For 1:

Reinstall the Steam Software.

For 2:

Reinstall Msi Afterburn On-Screen

http://event.msi.com/vga/afterburner/

PS: If you don't have MSI Afterburn On-Screen, then check your softwarelist if you find anything like that, and try to uninstall it!

[AshTheGamer]

Seems to be all fixed now we will see what happens in the next could of days.

[AshTheGamer]

Sorry for the double post just letting you all know its been a while and the virus has been evicted :)