Computer Hope

Software => Computer viruses and spyware => Topic started by: wetwolf on February 15, 2010, 11:07:11 PM

Title: Handed neighbor's laptop with a plea of help
Post by: wetwolf on February 15, 2010, 11:07:11 PM

She thinks she got something while in MySpace... the laptop has been saying she has been infected and forces her to either a antivirus site or a porn site.  I have kept it off the internet and got through all the scans.

I have read the instructions and the logs are attached in one file.

Thanks in advance for all the help.

wetwolf

[Saving space, attachment deleted by admin]

Title: Re: Handed neighbor's laptop with a plea of help
Post by: evilfantasy on February 17, 2010, 09:57:31 AM

1. Close all open Web browsers.
2. From the Start menu in Windows select Control Panel.
3. Select Add or Remove  Programs.
4. Uninstall any of the following programs associated with Ask.com: (the names may be slightly different)

- Ask.com
- Ask Bar
- Ask Desktop Search
- Ask Search
- Ask Toolbar
- Ask Jeeves

5. Click Change/Remove for each  and uninstall all found.

----------

Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

• O15 - Trusted Zone: http://*.trymedia.com (HKLM)
• O18 - Filter hijack: text/html - {b7be8c3e-021c-4480-8db5-55c857833ee2} - C:\WINDOWS\system32\msiebbar.dll

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Title: Re: Handed neighbor's laptop with a plea of help
Post by: wetwolf on February 17, 2010, 10:33:37 PM

Many thanks!  My neighbor says thanks too! 

Seems to be back to normal.

wetwolf

Title: Re: Handed neighbor's laptop with a plea of help
Post by: evilfantasy on February 18, 2010, 11:23:08 AM

Without the logs I request we can't be sure...

Title: Re: Handed neighbor's laptop with a plea of help
Post by: wetwolf on February 18, 2010, 08:02:08 PM

sorry, I did not see the request.  I will have them run HJT and report back.