Computer Hope

Software => Computer viruses and spyware => Topic started by: RiesMartini on July 05, 2008, 10:52:34 AM

Title: Bad codec install?
Post by: RiesMartini on July 05, 2008, 10:52:34 AM

Hey there. A day or so ago, I was surfing the internet, when I came to a page that asked me to install a file to view a movie. I, not thinking, installed it. Usually I'm very good about avoiding that sort of thing, but I guess I was tired. In result, I earned my first virus (or something) that visually did something to my laptop.

I'm trying hard to remember what it did, exactly, but a lot happened, and even more of it was brief. My background changed itself to a blue screen with a yellow box that said something along the lines of, "Warning! There is Spyware on your computer. Install an antivirus program immediately." Or something. I'd post a screenshot, but after following the Read this before requesting malware removal help forum, it went away. Let's see... My computer slowed down immensely, it would occasionally show the Blue Screen of Death, and the error would always be something different and weird. I can't remember any of them, but they all seemed like something that wouldn't even be on the computer. Every now and then, the blue screen would cause my computer to reboot, and when it loaded back up, I would get a pop-up error saying something about a script error, and M-Dos would run through something quickly (said it was a system32 file?), and I would usually get a BSoD after that too.

I really can't remember anything else. Like I said, everything that happened was quick, so I didn't get much time to ponder or write it all down. I know that all this has caused Firefox to quit working, and for awhile, IE would close itself down after loading the homepage. I was able to get Firefox to work once or twice (I don't know how) but now it just shows a Close Firefox error that says Firefox is already running. Task Manager claims that it is not.

I had run a couple other programs before following "Read this before requesting malware removal help." Spybot and a-squared a couple times. Both found different things. Spybot found zlob.downloader.vcd, but everytime I'd reboot, it'd find it again. A-squared usually found small adware programs that it claimed weren't dangerous.

Other than that, I followed "Read this before requesting malware removal help" to a T, but neither Super Anti-Spyware or MalwareBytes found anything. I'm not sure if I still have the virus, or if it was removed by Spybot or a-squared, and the remaining problems (Firefox still won't boot, computer is very slow, occasional freezes) are just left-overs.

If anything, I would like help getting Firefox to work. It's my main browser, and I feel weird using IE. Besides, one of the times Firefox -did- open, I noticed that my bookmarks had been deleted and I would like to work on getting those back as soon as possible.

And now, the HijackThis log. Thanks for any help you can give me.

[recovering disk space -- attachment deleted by admin]

Title: Re: Bad codec install?
Post by: evilfantasy on July 05, 2008, 11:02:17 AM

Open Hijackthis and select Do a system scan only then place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all windows except for Hijackthis then click Fix checked.

Exit Hijackthis and run CCleaner.

----------

Download Combofix by sUBs from one of the below links.

• Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
  
• Link #2 (http://subs.geekstogo.com/ComboFix.exe)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  
  • Click  this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this  Combofix tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log

Title: Re: Bad codec install?
Post by: RiesMartini on July 05, 2008, 11:37:37 AM

I hope I did that right.. The tutorial said to download the Windows Recovery thing, but Combofix didn't start installing it (like it said it would) until after it'd been running for a few minutes. But I think it all came out to the same result.

[recovering disk space -- attachment deleted by admin]

Title: Re: Bad codec install?
Post by: evilfantasy on July 05, 2008, 11:58:34 AM

Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click:Delete Files
When prompted, check:Delete all offline content
You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
Click OK

Then, go to Start > Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:

• Temporary Files
  
• Temporary Internet Files
  
• RecycleBin

Agree to the prompt to perform the action...

----------

Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now then reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
  
• Finally copy and paste the contents of the results file Report.txt in your next reply.

.
----------

Let me know how things are now.

Title: Re: Bad codec install?
Post by: RiesMartini on July 05, 2008, 01:26:22 PM

Hm.. Everything seems to be okay now. I was able to open Firefox, which makes me very happy. I don't see anything wrong now..

[recovering disk space -- attachment deleted by admin]

Title: Re: Bad codec install?
Post by: evilfantasy on July 05, 2008, 01:35:16 PM

Looks good.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

Download OTMoveIt2 by OldTimer  OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide  (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

If you are running any Microsoft Office version go to the Office Update (http://office.microsoft.com/search/redir.aspx?assetid=ES790020331033&CTT=96&Origin=CL100570421033) site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
 Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Another thing I would suggest installing SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
*If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.

Title: Re: Bad codec install?
Post by: RiesMartini on July 05, 2008, 02:10:24 PM

Thank you very much. You were a lot of help. I'll remember to come back here next time I screw something up. =P Thanks

Title: Re: Bad codec install?
Post by: evilfantasy on July 05, 2008, 02:12:02 PM

No problem.

Safe surfing.....(http://digilander.libero.it/le.faccine/faccinea/sport/00002042.gif)