Computer Hope
Software => Computer viruses and spyware => Topic started by: naters0913 on March 14, 2009, 01:09:08 PM
-
Hi, I am having problems with my computer. Just recently, it has been acting very weird (running slower and there are alot of error messages coming up about internet explorer.) If you could, will you please help me?
~ Thanks ~
Nathan
[attachment deleted by admin]
-
Download random's system information tool (RSIT) (http://images.malwareremoval.com/random/RSIT.exe) by random/random from and save it to your Desktop.
- Double click on RSIT.exe to run.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open.
- log.txt <will be maximized and info.txt <will be minimized
- Please post the contents of both logs in the next reply.
-
evilfantasy,
I just tried to download RSIT.exe and it triggered an EXECvariant.C Trojan on my AV program......thought you should know.
-
It's not a trojan. Just allow it to run.
-
ok here it is...
[attachment deleted by admin]
-
You posted both of the same logs. I need the one called log.txt
-
Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version.
Mozilla Firefox 3.0.7
You can update it by clicking Help > Check for updates... at the top of the Firefox browser.
----------
You need to run the AVG installer >>Click Here<< (http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11009475).
Once you start the installation you will have the option to Install or Uninstall AVG. Choose to Uninstall.
----------
After that restart the computer and then post a new RSIT scan log. It will only create one this time.
-
ok sorry about not putting that other log
[attachment deleted by admin]
-
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware (http://en.wikipedia.org/wiki/Foistware) instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More information: - ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
- Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
- Viewpoint Experience Technology
.
----------
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
- O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
- O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
.
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Delete the fixme.reg from the Desktop.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
when I ran combofix, there was are error messages that come up saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
-
I see the parental controls. Do you not have administrator rights on your account?
-
I do have administrative rights
-
Did you put ComboFix directly on the desktop?
Try this.
Rename ComboFix, right click on it and name it Combo-Fix. Try running it now.
-
i saw the problem... it was Comodo and even when you close it, it still keeps on running i guess..
so i uninstalled it..
here is the log (finally)
[attachment deleted by admin]
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
File::
C:\32788R22FWJFW.7.tmp
C:\32788R22FWJFW.6.tmp
C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Please reinstall your antivirus now.
Also let me know how the computer is now?
-
ok my computer is actually running pretty fast now! thanks!
I have a few questions though.
What antivirus would you recommend because I really don't like Comodo.
Thanks!
[attachment deleted by admin]
-
It looks like you have AVG installed now? Is that working OK?
-
well...i got rid of that and now i have zonealarm firewall and I have avast! home edition. Those are working pretty good but thanks for everything!
-
Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.