Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Cyber Security virus/malware  (Read 3306 times)

0 Members and 1 Guest are viewing this topic.

lc

  • Guest
Cyber Security virus/malware
« on: November 06, 2009, 06:01:07 AM »
About two weeks ago whilst my son was looking for some images on the google site (not that google is in any way implicated here) a box popped up on the screen saying we had a virus called Cyber Security.  It outlined that there was a solution and of course when you followed those links the upshot was you had to pay for a download to fix it.

Luckily we'd heard a segment on bbc radio about this virus and ignored it and started to hunt down a fix ourselves.

After a number of what appear to be false starts (ie scans that tell you the virus is there but then demanding money to put it right!) and another reference to the bbc we found you guys.

I've worked through the malware removal guidance and have hopefully correctly posted the three relevant logs below.

It would appear that the "cyber security" rogue has now been removed but I'm following your advice and posting anyway - hope that's right and I look forward to hearing from you.

lc



[Saving space, attachment deleted by admin]

ankur16



    Rookie

    Thanked: 5
    Re: Cyber Security virus/malware
    « Reply #1 on: November 06, 2009, 09:34:03 AM »
    1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.


    Quote
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)


    2) Next perform a full scan with malwarebyte antimalware as follows.Make sure it is updated before performing a scan.


    * Open Malwarebyte Antimalware.Under the "Scanner" tab, select "Perform Full Scan" and click "Scan".In the dialog box select all your drives except CD/DVD drives.

    * Now click "Start Scan".

    * The scan may take some time to finish,so please be patient.

    * When the scan is complete, click OK, then Show Results to view the results.

    * Make sure that everything is checked, and click Remove Selected.

    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

    * Copy&Paste the entire report in your next reply.

    PLEASE NOTE:
    If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.





    3) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it

        * Double click RootRepeal.exe to start the program
        * Click on the Report tab at the bottom of the program window
        * Click the Scan button
        * In the Select Scan dialog, check:
              o Drivers
              o Files
              o Processes
              o SSDT
              o Stealth Objects
              o Hidden Services
        * Click the OK button
        * In the next dialog, select all drives showing
        * Click OK to start the scan
     

    The scan can take some time. DO NOT run any other programs while the scan is running

    *  When the scan is complete, the Save Report button will become available
     * Click this and save the report to your Desktop as RootRepeal.txt
     * Go to File, then Exit to close the program
    *Attach this log in your next  post.

    4) Download DDS by sUBs to your desktop.
    Your antivirus software might question the file. If it does, allow it.

        * Double click DDS.scr to run it and wait for the scan to finish
        * When finished DDS.txt will open
        * A small while later, a prompt will open. Answer Yes
        * DDS will continue scanning
        * When done, Attach.txt will open

    Copy and paste the DDS.txt and attach Attach.txt