Computer Hope
Software => Computer viruses and spyware => Topic started by: Google on July 30, 2008, 07:06:03 PM
-
My friend has now had a virus on his computer for two days called Windows anti-virus 2009. I am going to try fix it myself with this guide:
http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009
But i might need some assistance. Would this guide help me do you think?
-
Just posting this for my self:
Malwarebytes' Anti-Malware (MBAM)
Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link (.exe)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.
* The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.
* Copy and Paste the contents of the report in your reply.
* Exit MBAM.
.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
HijackThis
Please run HijackThis only after the above steps have been completed
Download and rename HijackThis.exe (HJT)
* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
* Upon install, HijackThis should open for you.
* Close HijackThis and rename it.
* Go to C:\Program Files\Trend Micro\HijackThis.exe
* Right click on HijackThis.exe and select Rename.
* Type in sniper.exe and press Enter.
* Right-click on sniper.exe and select Send To > Desktop (create shortcut)
.
* From the desktop open HijackThis.
* If using Windows Vista, Right-click and Run As Administrator.
* Click on the Do a system scan and save a log file button
* HijackThis will scan and then a log will open in notepad.
* Copy and Paste the entire contents of the log in your post.
.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
.
Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.
Some more self-serve links:
http://www.free-av.com/
http://www.personalfirewall.comodo.com/
-
Why don't you just post the MBAM log here and then post a HijackThis log. There are often times other bits of malware that need to be taken care of in addition to what is readily seen.
-
Self-Service Dept in full swing. :D
-
Self-Service Dept in full swing. :D
(http://bestsmileys.com/computer1/13.gif)
-
Self-Service Dept in full swing. :D
Lol, sure EF, I will do that tomorrow when I get the PC.
Thanks ;) ;)
-
MBAM just updated to a new version (1.24) so be sure to update and run a new scan.
-
Alrighty-O, thanks for the tip ;D
-
Um..Is it really necessary to have comodo firewall installed on my friends computer if I install avira anti-vir. Because He is VERY bad with computers. He has NO IDEA what to do or how to use it- and alot of alerts and requests show up with comodo. Which is good for me, but not for him...
-
If he doesn't do anything like eBay, pay-pal or online banking then it would be OK.
-
If he doesn't do anything like eBay, pay-pal or online banking then it would be OK.
He's too dumb to even know what that is so yea...
-
Ahh, geez, he actually does sometimes buy stuff online....I didn't even know. And I think that he has shaw AV. Is that any good? Should I uninstall it and install avira instead?? And also, can they use threatfire as a firewall?? And not have comodo? Or would it be better to have both? BTW. Does training mode on comodo help show less messages??
-
Ok, I have completed mbam scan and HJT here are the logs. Please help as soon as possible, because I don't have much time (wrk).
[recovering disk space -- attachment deleted by admin]
-
I'm guessing to remove these but I need to be sure:
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\Program Files\Common Files\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XPAntivirus\XPAntivirus.exe
O4 - HKCU\..\Run: [10181281926292389167514053783761] C:\Program Files\XP Antivirus\xpa.exe
-
Ok, I'm going to remove them because I need to hurry...
-
Ok, I'm going to remove them because I need to hurry...
Nevermind. None of them are there, so I'm presuming the virus is destroyed...
-
Log looks fine.
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
If you are running any Microsoft Office version go to the Office Update (http://office.microsoft.com/search/redir.aspx?assetid=ES790020331033&CTT=96&Origin=CL100570421033) site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
----------
Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.
Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
Use only trusted security software like the programs listed on this page. Trusted security tools & resources (http://evilspages.blogspot.com/2008/07/trusted-security-tools-resources.html)
-
Thanks, I am back at my own pc, but-luckily I did most of those things already. So thanks alot for your help!!
-
No problem ;D
-
Hmmmm...I came here because, from the title, I thought that Evil needed help; obviously not!
-
lol
-
Ba -doom - pishhh (http://www.shroomery.org/forums/images/graemlins/rimshot.gif)
(http://bestsmileys.com/evil/12.gif)
-
Yeah, well, I was a bit concerned with the "sorta." :)