Computer Hope
Software => Computer viruses and spyware => Topic started by: Google on July 28, 2008, 01:31:56 PM
-
This stupid program keeps popping up, and I didnt even download it!!! Other stuff pops up too, what can I do??? Is it a virus??
-
I think im doing what I should be??: I've downloaded spyware doctor and im downloading super anti-spyware........
-
Go here http://www.computerhope.com/forum/index.php/topic,46313.0.html
Scroll down to the MalwareBytes Anti-Malware and follow the directions for running it and posting the log.
Then scroll down to the HijackThis instructions and follow through with them.
Post the MBAM and HJT log when complete.
-
Alright, I'm busy scanning with MBAM and im busy dling hijackthis. Im soo glad I'm getting help, becasuue last time this happened, i had to pay 180 dollars to get it removed.
-
We should have this knocked out in no time.
Be sure to do HJT after MBAM is done and the computer has been restarted.
-
We should have this knocked out in no time.
Be sure to do HJT after MBAM is done and the computer has been restarted.
oh, so I shouldnt be doing them both at the same time??
-
No, MBAM needs to complete and the PC be restarted (to register the changes done by MBAM) then run HJT. If you do HJT first it will falsely show the infected entries.
-
No, MBAM needs to complete and the PC be restarted (to register the changes done by MBAM) then run HJT. If you do HJT first it will falsely show the infected entries.
Oh darn, well is it ok that I just exited hijack this?? It was like halfway done, and Mbam is taking quite a long time as I have many files on my computer...... ??? ??? ???
And I'm also in the middle of scanning with superanti-spyware free edition. Should I stop it or just let it scan??
-
Stop SuperantiSpyware. You shouldn't run two at once, they will tend to "argue" over files and therefore take longer or even crash the PC.
MBAM shouldn't take much longer in quick scan mode.
-
Stop SuperantiSpyware. You shouldn't run two at once, they will tend to "argue" over files and therefore take longer or even crash the PC.
MBAM shouldn't take much longer in quick scan mode.
Alright, I stopped it and closed the program. I've just gotta wit for MBAM now.I've also got spyware doctor open, but its not scanning or anything, and to close it I have to restart the computer, so should I just leave it and close it when MBAM is complete?-Nevermind, it shutdown.... Thanks so far.........
-
As long as two aren't scanning at the same time it will be fine.
-
Ok, thanks. MBAM has scanned for 38 minutes so far. Is it taking longer than it should??
-
Ok, its complete!! Should I take any action?? Or just post log and restart?
-
Reboot, run HJT and post the logs ;)
-
Reboot, run HJT and post the logs ;)
OK
-
Alright, finnally here:
Logs are too big so I'll upload instead.....
[recovering disk space -- attachment deleted by admin]
-
Did you save this log before applying the fix in MBAM. They all say No action taken.
Open MBAM and click the Logs tab and post that log please.
-
Ahhh, crap, you didnt tell me to fix. I asked that and you just said reboot!! ??? ??? ??? ??? ??? ???
-
Ok, well now I am rescanning, since the log was not saved, and here we go again................ *sigh* But thanks anyways.......
-
I'll post when its done and after I "fix". Thanks though, you're really helping.....
-
Apologies, please run MBAM again. It will go much quicker this time with only it running. I will need a new log from that and a new HJT log as all of the entries from MBAM are in it.
# When the scan is complete, click OK, then Show Results to view the results.
# Be sure that everything is checked, and click Remove Selected.
# When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.
# The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.
# Copy and Paste the contents of the report in your reply.
# Exit MBAM.
-
Alright Here we go:
Hope I did it correctyl. The virus isnt bothering me anymore; it seems alright.
[recovering disk space -- attachment deleted by admin]
-
Do you know what this is? C:\WINDOWS\system32\fppsys.exe Is it Password Protect?
-
Do you know what this is? C:\WINDOWS\system32\fppsys.exe Is it Password Protect?
I really have no idea. It might be?. I used to have a program called dirlock or something like that, but thats all I think it might be./.??..?1//
-
Scan Suspicious File(s)
Use the VirusTotal.com - Multi engine on-line virus scanner (http://www.virustotal.com/en/indexf.html)
(If more than one file needs scanned they must be done separately and logs posted for each one)
- Copy the file path in the below Code box:
C:\WINDOWS\system32\fppsys.exe- At the upload site, click once inside the window next to Browse.
- Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
- Next click Send File
- Your file will possibly be entered into a queue which normally takes less than a minute to clear.
- This will perform a scan across multiple different virus scanning engines.
- Important: Wait for all of the scanning engines to complete.
- Copy and then Paste the link to the results in the next reply.
.
I also need to know if you have a Keylogger on the PC, there is a KeyLogger.exe in the HJT log.
-
http://www.virustotal.com/analisis/10b5bf5b388cb80435d54b7063a8c80a
Yes, I do have a keylogger installed for personal security.
-
Were not going to remove it yet. Unless you want to. See HERE (http://www.spywaredata.com/spyware/malware/fppsys.exe.php).
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.
Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
- Under Main: Select Files to Delete choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- Click Exit on the Main menu to close the program.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.
----------
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open.
- main.txt <- this one will be maximized
- extra.txt <- this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.
.
----------
The Deckards logs will be huge so you will need to attach them. It's a quick scan, less than 5 minutes.
-
Alrighty-O, here you go.......
[recovering disk space -- attachment deleted by admin]
-
Do you know what these are?
C:\ijji
C:\Program Files\MAIET
C:\Documents and Settings\User\.zenmap
C:\Program Files\WinPcap
-
C:\ijji-Gunz online
C:\Program Files\MAIET-Gunz online
C:\Documents and Settings\User\.zenmaphttp://nmap.org/zenmap/
C:\Program Files\WinPcap-Remote Packet Capture Demon
-
We will do the settings when we get done with cleanup. Just be sure to remind me if I forget...
Look here for information on C:\Program Files\WinPcap and tell me if this is something you installed. http://www.winpcap.org/
And here for C:\Documents and Settings\User\.zenmap http://nmap.org/zenmap/
Let me know if they should stay or go.
-
Yea, as you can see I figured out what those two thingsa are-I did install them but I do not need them at all....
Should I remove them with add/remove programs?
-
You can go in and manually delete these folders. They aren't hurting anything but some people like to keep the clutter out.
C:\Documents and Settings\User\.zenmap
C:\Program Files\WinPcap
C:\Program Files\Nmap
---------
Found another Trojan to deal with.
Go to Start > Run and type notepad.exe then click OK
Copy the text in the Code box below and paste it into Notepad.
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
In Notepad go to File > Save as...
Next to File name: type fixme.reg Use the dropdown box next to Save as type: and select All files. Save it to the desktop.
There should now be a file on the Desktop that looks like this (http://i154.photobucket.com/albums/s258/evilfantasy69/reg.jpg)
Double-click fixme.reg it and allow it to merge with the Registry.
You may not see anything happen but give it a few seconds or so to finish.
Now delete the fixme.reg file from the desktop.
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
Download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.
- Double-click on JavaRa.exe to start the program.
- Click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up.
- Delete the JavaRa .zip .exe and .html files from the Desktop
.
Follow this link to download and install Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp)
----------
This will clean up the mess from DSS and delete itself.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it)
1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
- When finished exit out of OTMoveIt2
----------
Delete temporary files
Go to:
- Start
- Run
- type: CLEANMGR.EXE
- Press Enter.
When prompted select the C: drive and click OK.
Check the boxes for:- Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
.
Click OK or Enter
----------
Set a New Restore Point to prevent possible reinfection from an old one and false positives.
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
----------
Let me know how everything went, I'll post back with something on the settings. You want see through Icons? Or text....you might need to explain better.
-
So far everything is going fine, just busy installing java and running cleanup manager. My question was to make the icon text transperant, because right now it is white and doesnt go with the background. BTW thanks so much for all the help so far.
-
Right click on the Desktop and choose Properties. Then click the Appearance tab. You can change the way the desktop looks in there. Don't do too much at once, you can easily make things worse and then forget how to change it back.
----------
Once you are done with those steps it would be a good idea to run a Kaspersky scan. It won't remove anything but if there are any nasties left over it will find them and we can get it taken care of.
Run the Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)
Copy and paste the Kaspersky Online Scanner Report in your next reply.
-
Apparently I need java installed, so im busy installing it with the link it gave me at the moment.....
Alright, nevermind. Its not even working. I re-installed java, but it still says I need java 1.5 or later to use the scanner?!?!?!
-
http://java.sun.com/javase/downloads/index.jsp
-
http://java.sun.com/javase/downloads/index.jsp
Ok I'll try your link. I'll let you know....
-
Be sure to install Java Runtime Environment (JRE) 6 Update 7 - 5th one down the list.
-
ll I did, but it didnt work, so now im trying the 10 beta one. Should I be?
-
Where is the download coming from?
-
Be sure to install Java Runtime Environment (JRE) 6 Update 7 - 5th one down the list.
Sorry, I've ben doing the wrong one. I'll do the right one this time lol....
-
Be sure to install Java Runtime Environment (JRE) 6 Update 7 - 5th one down the list.
Sorry, I've ben doing the wrong one. I'll do the right one this time lol....
OMFG, I installed the correct one, and it still says that I need java 1.5 or later......Maybe use another scanner?
-
The Kaspersky site is saying that? You are using Internet Explorer?
-
I am using mozilla firefox, yes kaspersky site is saying that...
-
Launch IE and see if it accepts that.
-
I tried, doesnt work.
System requirements
Your computer must meet the following minimum requirements:
30 MB available on the disk
Microsoft Windows 2000 Professional SP4, Microsoft Windows XP SP2 32 bit and 64 bit or Microsoft Windows Vista 32 bit and 64 bit: Microsoft Internet Explorer 6 and 7, Opera 9 and Firefox 2
Ubuntu 7.10: Firefox 2
Sun Java SE Runtime Environment (JRE): in Microsoft Windows Vista, minimum version 1.6.0; in other operating systems, minimum version 1.5.0
Java and JavaScript enabled in the Web browser
I'm on Windows XP BTW.
-
Try this one. IE only.
Scan with Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm)- Once you are on the Panda site click the Scan your PC now button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Select the appropriate Yes or No to receiving marketing information
- Click the Free Online Scan button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report in your next reply.
-
Alright, it didnt work in IE but its working with mozilla.
"This process can take more than an hour, depending on the amount of information stored on your computer".
Its taking a while lol, but I'll post it when it's done thanks alot again.
-
And, When we are done here, I am planning to browse through add/remove programs and delete MANY programs that I do not use. When I am completely done everything and I am satisfied that my pc is restored well. Can I make another system restore and delete the old one again?
-
Yep, make sure everything is running OK for a few hours and then delete them.
The scan will take atleast an hour, maybe more. But it is an excellent scanner and will tell the tale if we got everything already or not.
-
Ok thanks, will let you know when its done:):):):)
-
No problem, I should be around for a while... I think I'm going to put something new on my MP3 (http://smiley.onegreatguy.net/beavisnbutthead.gif)
-
20% complete and 97 files are apparently infected.:(
-
Uh oh.... Be sure to keep the log!
-
Ok, the scan finished and this is what I got to. The attatchment1.
I clicked the little notepad button and it gave me the second attatchment. I'm not sure if its right, but just let me know....
PS-where did you get your sig?
[recovering disk space -- attachment deleted by admin]
-
Not too bad. It reported your Keylogger which is why I purposely ran a scan that would not delete what it found.
----------
Also found are a bunch of RECYCLER files in the E:\ drive. The recycler files are the hidden system storage area of the Recycle bin. These are stored by Windows until deemed useless then they will drop off.
They can be deleted manually (although it isn't necessary) by going to Start > Run > type CMD and click OK.
In the window type
E:
Press enter
Then type
attrib -R -A -S -H /S /D RECYCLERPress enter
----------
Also found were a bunch of Cookies in your Firefox profile.
1. In Firefox go to Tools > Clear Private Data > make sure Cookies and Cache are checked, either select or de-select any others you choose.
----------
Now for the actual trojans/virus.
Download
OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe)
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
- Double-click OTMoveIt2.exe to run it.
- Copy the lines in the codebox below.
[/list][kill explorer]
C:\Documents and Settings\User\My Documents\My Music\!1Asongs!1A\celabrat good times.zip
C:\Documents and Settings\User\Desktop\CE\VE5 1032\cakepub3.exe
EmptyTemp
[start explorer]- Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) and paste it in your next reply.
- Close OTMoveIt2
.
Post the OTMoveIt2 log in the next reply.
-
I did everything you said, but OTMoveIt2 froze and I cant copy anything??? ??? ???
-
Nevermind, it eventually unfroze and said to reboot but I said no. Heres what I got:
Explorer killed successfully
C:\Documents and Settings\User\My Documents\My Music\!1Asongs!1A\celabrat good times.zip moved successfully.
C:\Documents and Settings\User\Desktop\CE\VE5 1032\cakepub3.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\ee366d2b2e4ede8287de879e85a0dcc2PSK_PLUGINS_2 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\Perflib_Perfdata_f60.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF8402.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFB995.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_zRPq6WfSUPrnCdu scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_mox5dUUfCSadLgD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_uWv7OvkZCZYjfpf scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ea4.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07282008_200928
-
OK you will need to reboot to finish the deletions.
-
Ok, I will reboot, but ill check back a bit later because I will be a bit busy ok. Sorry....
-
OK, I have rebooted. Should I do anything to make sure that they are gone? Iwant to thank you for now because I will be back to check probably only tomorrow. Thank you for everything. We can coninue tomorrow....
-
No problem, were on the final steps now. Your PC appears clean of malware. I think setting a new Restore Point now will be fine, then some new software to help keep you safe and not take up any resources.
1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
- When finished exit out of OTMoveIt2
.
----------
This is a good time to clear your infected system restore points and establish a new clean restore point:
- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and click Next.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Next to System Restore click Clean up...
This will remove all restore points except the new one you just created.
---------- Everything mentioned below is freeware.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
----------
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
----------
Download, install and run CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim)
Note: Use the Winapp2.ini (http://forum.piriform.com/index.php?showtopic=1110) to add additional programs to CCleaner. <- This is a MUST have!!!
Click on the Options icon at the left side of the window, then click on Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
Use the Registry feature to optimize your Registry. Be sure to create a backup when prompted!
Run the registry cleaner two or three times, or until it stops finding entries.
----------
It would probably be a good idea to run a good free Defragment (http://www.piriform.com/2007/9/17/defraggler) tool now.
Let me know if you have any questions.
See you tomorrow.....
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
Use only trusted security software like the programs listed on this page. Trusted security tools & resources (http://evilspages.blogspot.com/2008/07/trusted-security-tools-resources.html)
-
Thanks again for all you help, but I got a few questions...
I downloaded winpatrol and spyware blaster. I also downloaded ccleaner slim and ran the program although i didn't understand what you meant by winapp2.ini....
I took your advice and downloaded the defragment tool. And overnight, I defragmented the C drive. What does defragmenting do? And should I defragment all drives including my 250GB external hard drive?
I will first get rid of all programs and software that I don't need, then I will download software inspector and create a new restore point. Is that fine?
And you said something about settings that I should remind you?
And yesterday, youtube was not working for me. There were no images being displayed and the website had no format. But it seems to be fine now.
What do you think about me trying this just to see: http://www.misec.net/trojansimulator/
Also, I just remembered, When we did all that scanning and stuff, I had my external hard drive turned off. But most of the time, it is turned on. So I am scanning my hard drive with mcafee just incase. (I wanted to scan with superantispyware or malwarebytes software, but I couldn't find any options to scan only my external hard drive...
-
If the winapp2.ini is confusing then you can leave it alone and not bother with it. this link (http://forum.piriform.com/index.php?showtopic=1110) has more information about it.
should I defragment all drives including my 250GB external hard drive?
Yes, it will optimize it and will be more responsive.
I will first get rid of all programs and software that I don't need, then I will download software inspector and create a new restore point. Is that fine?
That would be the best way.
What do you think about me trying this just to see: http://www.misec.net/trojansimulator/
It's an excellent test file to see if your antivirus is working.
And you said something about settings that I should remind you?
Right click on the Desktop and choose Properties. Then click the Appearance tab. You can change the way the desktop looks in there. Don't do too much at once, you can easily make things worse and then forget how to change it back.
-
Ok, thanks. And waht about scanning my external drive??
-
It wouldn't hurt. If you share any files from the drive that was infected with it then there is a chance something could have gotten transferred over.
-
It wouldn't hurt. If you share any files from the drive that was infected with it then there is a chance something could have gotten transferred over.
Ok, I'll give it a scan some time. Thanks for all your help. It seems someone else has the same problem I did lol. ::) ::)
-
BTWE, I was busy removing programs with add/remove programs, and now its completely frozen!! I cant exit at all, not with task manager or anything. Do you have a solution...?
If it's locked up then the only thing to do is manually shut down with the power button.
Check out Revo Uninstaller http://www.revouninstaller.com/
Revo completely uninstalls programs, much more efficiently then the software uninstaller does.
Here is a guide I made for using Revo >>click here<< (http://www.techsupportteam.org/forum/tutorials/774-revo-uninstaller-quick-guide.html)
You can also use Revo to terminate unresponsive programs. >>guide<<
(http://www.techsupportteam.org/forum/tutorials/1200-use-revo-uninstaller-terminate-unresponsive-processes.html)Ok, I'll give it a scan some time. Thanks for all your help. It seems someone else has the same problem I did lol.
Yes they seem to come in waves. When a new nasty is introduced to the web or a new file begins to be emailed or whatever we always see a handful of the same problem. Since everyone has a different setup on their computer the fix is always different. Sometimes easy, sometimes NOT!
Safe surfing......(http://smiley.onegreatguy.net/waves.gif)
-
K, thanks, luckily I didnt have to reboot. it unfroze eventually. Thanks for everything.........................And I found Unlocker assistant to help me delete unresponsive files thanks.......
-
I have ALO of programs to uninstall so I would rather use the regular uninstaller. Revo takes to long I think...
-
BTWE, I was busy removing programs with add/remove programs, and now its completely frozen!! I cant exit at all, not with task manager or anything. Do you have a solution...?
If it's locked up then the only thing to do is manually shut down with the power button.
Check out Revo Uninstaller http://www.revouninstaller.com/
Revo completely uninstalls programs, much more efficiently then the software uninstaller does.
Here is a guide I made for using Revo >>click here<< (http://www.techsupportteam.org/forum/tutorials/774-revo-uninstaller-quick-guide.html)
You can also use Revo to terminate unresponsive programs. >>guide<<
(http://www.techsupportteam.org/forum/tutorials/1200-use-revo-uninstaller-terminate-unresponsive-processes.html)Ok, I'll give it a scan some time. Thanks for all your help. It seems someone else has the same problem I did lol.
Yes they seem to come in waves. When a new nasty is introduced to the web or a new file begins to be emailed or whatever we always see a handful of the same problem. Since everyone has a different setup on their computer the fix is always different. Sometimes easy, sometimes NOT!
Safe surfing......(http://smiley.onegreatguy.net/waves.gif)
Since you seem to know alot of useful, helpful programs- do you have any other programs that you think will protect me against future attacks and viruses? Also, my mcafee expired and keeps bugging me taht it needs to be renewed. What are my options?
-
If your AV is outdated then you haven't been getting the new definition updates for any new virus that's out there. Without installing a current AV you will likely get infected again very soon. The below are free and very reliable. I use and advise Avast! but the choice is yours. Some AV's simply work better on one computer then they will another.
Free antivirus
1) Avast! Home Free Edition (http://www.avast.com/eng/download-avast-home.html)
2) AVG Free Edition (http://free.avg.com/)
3) Avira AntiVir Personal (http://www.free-av.com/)
4) Comodo Antivirus (http://antivirus.comodo.com/download.html)
4) PC Tools AntiVirus Free Edition (http://www.pctools.com/free-antivirus/)
Free firewalls
1) Comodo (http://www.personalfirewall.comodo.com/)
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) PC Tools Firewall Plus (http://www.pctools.com/firewall/)
-
Ok, I will try avast, but how can I uninstall Mcafee?? And which is the most reliable firewall to use? Also, at the moment, I have winpatrol running, plus superanti-spyware. Should I uninstall any of these if I download a diffirent AV? Or is it good to have those as well?? Becasue super anti virus doesnt really protect me much does it?? Or maybe I could just set it so that anti-spyware doesnt autostart on start-yup?? help?? Avast is a demo??
-
Uninstall McAfee SecurityCenter in add/remove programs. The run the McAfee Consumer Products Removal tool (MCPR.exe) (http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033)
The best firewall that I am aware of would be either PC Tools Firewall Plus or Comodo. They are all good though.
-
Thanks:
Also, at the moment, I have winpatrol running, plus superanti-spyware. Should I uninstall any of these if I download a diffirent AV? Or is it good to have those as well?? Becasue super anti virus doesnt really protect me much does it?? Or maybe I could just set it so that anti-spyware doesnt autostart on start-yup?? help?? Avast is a demo??
-
Superantispyware, the free edition does not have real time protection so yes set it to not run at start up. WinPatrol will work along side anything so it's fine.
Avast! is free for life, after you get it installed you will need to enter the free license key. If you can't figure out how to get the key go here (http://www.avast.com/eng/home-registration.php#register-form) and get it. The key is good for 14 months and then you will have to get another free key. Why they want you to re-enter a key every 14 months is beyond me, but it is an exceptional AV so it's worth the small hastle.
-
Ok, thanks. So avast has real-time protection?? Why does windows sucurity control thing y not detect it?? Itr says I have no AV installed. For now I set it to "I'll monitor it myself".
-
After you get Avast installed and restart the computer it should integrate into the Security Center. Did you restart yet?
-
No, I didn't. I will soon though, because I have many restart requests denied already, so I will soon. How long does it take for activation code to be sent?
-
Should be fairly quick, within 5 minutes or so. Restarting should set it straight with the Security Center.
-
Alright, thanks, I will restart, in a bit-but does avast open at startup and stay on??
-
Even if I exit or does it have to be minimized?? And where are settings/prefernces on avast?
-
A
nd is peer gaurdian a good program to have? (I download movies sometimes)
-
Avast starts with the PC. Right click the icon in the Task Bar after you restart and choose On-Access Protection Control for the settings. Choose Start avast! Antivirus to run a scan.
There are also skins you can download to change the way avast looks. http://www.avast.com/eng/skins.html
Peer Guardian is OK for blocking IP's and thats all.
-
OK huge problem. I restarted my pc (whixh took 5 tries). and only th bottom bar loads. nothing else does. And I can topen anything. I am on my moms laptop now. Bt What s wrong with the pc??? ??? ???
-
Can you Right click on the bottom bar and choose Task Manager?
-
Ok , now I am on the pc in safe mode. I cannot click task manager or anything when I reboot "normally". I am having troubles. I cant click or open anything when it boots. only the bottom bar is loaded and when I move the mouse it moves, but that is it. Should I system restore?
-
Yes System Restore to before you started uninstalling everything.
-
Ok , I restored to now, and it booted normally except that firefox if f***ed up??!?!!? I have no idea what is wrong with it. What should I do? How can I install that Avast! and that firewall AND remove those unwanted programs without causing my computer to mess up?
-
Nevermind, I restarted firefox and it's fine but what about the other stuff? What should I proceed to do?
-
Why uninstall avast and the firewall?
What all programs did you uninstall?
-
No, how can I INSTALL avast and firewall, and uninstall the many cluttering programs without messing up my pc?? The programs are alot of random ones such as potray, mcafee or course, camera software, and many other random stuff...
-
Why uninstall avast and the firewall?
What all programs did you uninstall?
I didnt uninstall it. I only made a restore point before I installed them...
-
All you have to do is reinstall avast and use the same key to activate it. Reinstall the firewall as well.
This time when installing everything restart when prompted to. Do everything one thing at a time.
-
Ok, thanks you. BTW I have sent an application to malware university, how long does it take to recieve a reply?
-
Usually a week or more. It's best to just wait it out as they do new entries all at once so it may take longer then expected.
-
Ok thanks...
-
Ok, this is getting really frustrating:
I carefully installed avast on the restored pc, and when prompted to restart; I did. And the same thing happened, except now nothing loads except the background. So I am on in safe mode again. I know you have been helping me aloooot already, but please if you don't mid, leave some suggestions as to what I can do and I will check it out in the morning since I need to get some sleep.
Thanks you soo much for helping me- I hope we can get this sorted out... :-[ :-[ :-\ :-\ ??? ???
-
Like I said before, some AV's work better on some PC's then others. You might need to try another one.
-
Ok, I'm busy trying PC tools AV. Does it have real-time protection? Is it a good AV? Will it protect me against malware and trojans?
-
When I try install it it says that I already have spyware doctor installed, and I should upgrade to a spyware doctor AV instead of DLing a standalone AV from pc tools. What is better?
-
Wait, if I gtet antivir, doesnt it have a firewall installed already?
-
Alright, I'm giving Avira a try. BTW is comodo a free firewall? Because it looks like its only a trial version..
-
Ok I've installed AntiVir, it seems to be the best for me so far. I've done a scan and this is the log. Apparently there was two trojans... But they were quarantined......thanks. And I've also installed comodo firewall.
[recovering disk space -- attachment deleted by admin]
-
I scanned again with malwarebytes malware thing and this is what I got:
Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2
11:51:10 AM 30/07/2008
mbam-log-7-30-2008 (11-51-10).txt
Scan type: Quick Scan
Objects scanned: 40744
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
That was the quick scan. I am now startign a complete scan. Will post log in a bit...........
-
Also, antivir keeps popping up saying I have trojans and stuff, so I move to quarantine. But Idk why it keeps popping up......
-
Post a fresh HJT log.
-
Alright, I've attatched a fresh HJT log and an events log from antivir.
[recovering disk space -- attachment deleted by admin]
-
The events log looks like this
Exported events:
ഀഀ
30/07/2008 12:50 [Guard] Malware found
嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀䄀ⴀ䄀㌀䐀ⴀ 䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀紀尀刀倀㐀 尀䄀 㔀㈀ 㜀⸀攀砀攀⸀ഀഀ
Action performed: Move file to quarantine
ഀഀ
30/07/2008 12:49 [Guard] Malware found
嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀䄀ⴀ䄀㌀䐀ⴀ 䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀紀尀䘀椀昀漀攀搀尀䄀 㐀㔀 ⸀搀氀氀⸀ഀഀ
Action performed: Move file to quarantine
ഀഀ
30/07/2008 12:49 [Guard] Malware found
嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀䄀ⴀ䄀㌀䐀ⴀ 䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀紀尀䘀椀昀漀攀搀尀䄀 㐀㐀㤀㤀⸀搀氀氀⸀ഀഀ
Action performed: Move file to quarantine
ഀഀ
30/07/2008 12:49 [Guard] Malware found
嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䄀最攀渀琀⸀㈀㐀㠀㠀㌀㈀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System V
-
Thats wierd?!?!? Well, here's waht it looks like to me...
Exported events:
30/07/2008 12:50 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe.
Action performed: Move file to quarantine
30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014500.dll.
Action performed: Move file to quarantine
30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014499.dll.
Action performed: Move file to quarantine
30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/Agent.2488320 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014497.EXE.
Action performed: Move file to quarantine
30/07/2008 12:21 [Guard] Malware found
Virus or unwanted program 'TR/Agent.2488320 [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
1032\VE5_Alter_1032.EXE.
Action performed: Move file to quarantine
30/07/2008 12:20 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
1032\systemcallsignal.exe.
Action performed: Move file to quarantine
30/07/2008 10:45 [Guard] Malware found
Virus or unwanted program 'EXP/CVE-2006-4534 [exploit]'
detected in file 'C:\Documents and Settings\User\My Documents\~WRD2525.tmp.
Action performed: Move file to quarantine
30/07/2008 10:18 [Guard] Malware found
Virus or unwanted program 'TR/Hook.Q [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\DxWND\dxwnd.dll.
Action performed: Move file to quarantine
30/07/2008 10:03 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.SecondTh.HA [trojan]'
detected in file 'E:\WINDOWS\system32\lwr_bbi6008.exe.
Action performed: Move file to quarantine
30/07/2008 9:31 [Guard] Malware found
Virus or unwanted program 'TR/Hook.Q [trojan]'
detected in file 'H:\Program Files\Maplestory\dxwnd.dll.
Action performed: Move file to quarantine
30/07/2008 9:31 [Guard] Malware found
Virus or unwanted program 'TR/Agent.5599232.Y [trojan]'
detected in file 'H:\Program Files\Maplestory\dagonMS-2.exe.
Action performed: Move file to quarantine
30/07/2008 9:29 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015356.exe.
Action performed: Move file to quarantine
30/07/2008 9:28 [Guard] Malware found
Virus or unwanted program 'TR/Mapler.AW [trojan]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001526.exe.
Action performed: Move file to quarantine
30/07/2008 9:28 [Guard] Malware found
Virus or unwanted program 'DR/PSW.Mapler.AK.4 [dropper]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001522.exe.
Action performed: Move file to quarantine
30/07/2008 9:27 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'H:\Downloads\c-setup.exe.
Action performed: Move file to quarantine
30/07/2008 9:25 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file
'C:\RECYCLER\S-1-5-21-1445563323-3637782785-1872043566-1004\Dc38.exe.
Action performed: Move file to quarantine
30/07/2008 9:25 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014495.exe.
Action performed: Move file to quarantine
30/07/2008 8:28 [Guard] Service started
Service started.
Version of service: 8.0.1.26
Version of Engine: 8.1.1.12
Version of VDF: 7.0.5.193
30/07/2008 8:27 [Scheduler] Service started
The service was started.
Version of service 8.0.0.16
30/07/2008 8:26 [Guard] Service stopped
Service stopped.
30/07/2008 8:25 [Scheduler] Service stopped
The service was stopped.
30/07/2008 8:13 [Scanner] Scan
Scan ended [The scan has been done completely.].
Number of files: 5193
Number of folders: 225
Number of malware: 2
Number of errors: 0
30/07/2008 8:09 [Scanner] Malware found
The file 'C:\WINDOWS\system32\hombho.dll'
contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
Action(s) taken:
The file was moved to '48fd84a2.qua'!
30/07/2008 8:09 [Scanner] Malware found
The file 'C:\WINDOWS\system32\domie.dll'
contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
Action(s) taken:
The file was moved to '48fd8497.qua'!
30/07/2008 8:03 [Updater] Update successfully completed
Update of Avira AntiVir Personal - Free Antivirus performed via server
http://dl9.freeav.net.
The update was completed successfully on 7/30/2008 8:03.
30/07/2008 8:03 [Guard] Reload engine.
The Engine was reloaded.
Engine Version: 8.01.01.12
VDF Version: 7.00.05.193
30/07/2008 8:01 [Scheduler] Job started
The job "Immediate Update"
was started successfully.
30/07/2008 8:01 [Guard] Service started
Service started.
Version of service: 8.0.1.26
Version of Engine: 8.1.1.6
Version of VDF: 7.0.5.23
30/07/2008 8:01 [Scheduler] Service started
The service was started.
Version of service 8.0.0.16
-
Everything was moved to quarantine right?
If so then everything is OK.
-
Yes, it supposedly was, so should I just keep quarantining if they pop up again?? BTW, Thank you so much for all your help. I'll just complete mbam scan, thenpost log. All I have to do after hthat is defrag my external hard drive, then create my final restore point. Any final things I should do?
-
Sounds like you have everything covered. Just be careful online and watch what you download.
-
Ok, thanks
-
Alright, heres the mbam log looks alright to me:
Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2
3:13:02 PM 30/07/2008
mbam-log-7-30-2008 (15-13-02).txt
Scan type: Full Scan (C:\|E:\|F:\|H:\|)
Objects scanned: 205633
Time elapsed: 2 hour(s), 32 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Downloads\psp_video_express.exe (Adware.Agent) -> Quarantined and deleted successfully.
-
Now that you have a good antivirus in place that is up to date you should be in good shape.
-
Alright, thanks for all you help-you helped me a thousand times more than the guy who I payed 180 dollars to fix my computer last time!! ;) ;) ;) ;) ;)
-Thanks a million! 8) 8) 8) 8) 8)
-
No problem. (http://www.freesmileys.org/smileys/happy008.gif) (http://www.freesmileys.org)