TechSpot

AIM virus help please

By Chelsie
Jun 15, 2006
  1. A friend of mine was on my computer and got a link on my AIM name from a buddy on my list saying "Hey, is it okay if I post this picture of us on facebook?" she clicked it and thus, infected my AIM with a virus.
    It sends this link to everyone else on my buddy list and wont let me IM anyone. Basically, it just goes haywire.
    Now, I've run AVG virus scan and it hasnt found anything yet my AIM is still going haywire and though I've un-installed it and re-installed it it still does the same thing. Basically, I'm stuck because I have no idea how to get rid of this virus and I'm afraid, even though I can find no evidence of anything, that its done other things to mess up my computer.
    Any help would be much appreciated.
     
  2. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Or not. I guess AIM fix didnt do anything because it began going haywire again. Someone, please, help.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your version of HJT is out of date. The current version is 1.99.1.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log as an attachment into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  4. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Alright. Did everything I was supposed to, now heres the fresh HJT log. Anything else I need to remove or fix, would be much appreciated if told me. Otherwise, if alls clear, please let me know. Thank you very much
     
  5. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Also, my McAfee firewall apprently isnt started. When I try to hit "start firewall" this is the message I get "McAfee Firewall encountered an error attempting to start the Firewall service. The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."

    Any help with that, would also be appreciated lol
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    BroadJump\Client Foundation

    Run HJT and have HJT fix the following(if there).

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and directories(if there).

    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    Other than the above, your HJT log is clean.

    Regards Howard :)
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    As far as your McAfee problem is concerned. The best advice I can give you is to completely uninstall it, because it`s crap.

    Get the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.

    Once you`ve downloaded those programmes, disconnect from the net and uninstall McAfee. Once McAfee is completely uninstalled, reboot your computer.

    Install the Zonealarm firewall, followed by AVG and reboot your computer. Reconnect to the net and run the AVG updates.

    Regards Howard :)
     
  8. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Alright, did it all. Everything seems to be running perfectly fine, clean and everything.

    The only other issue I'm having is with my McAfee Firewall. I get that message everytime I try to click start McAfee firewall because apparently its been disabled.
    Awhile back I got a MSN virus much like this and it did the same thing though I was able to re-start my firewall, I just dont remember how.
    If anyone could help me with that part of it, it would be much appreciated because then I'm completely done and clean. So, help with the restarting of my McAfee firewall would be much, much appreciated.
    And thank you for helping with everything else.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    See my post above lol.

    Regards Howard :)
     
  10. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Hah sorry. I'm tired and not reading real well.
    Thanks for all your help =]

    EDIT
    Also, I've already got AVG, just not the zonealarm though I've been prompted to get it before so I suppose I will now. Thank you much =]
     
  11. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Alright. Fresh HJT log attatched. I downloaded zone alarm and now I'm going to bed lol.

    Take a look at the fresh HJT log and tell me how it looks.
    Thank you very, very, very much.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is clean.

    Regards Howard :)
     
  13. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Thank you lol, I wouldnt have been able to do that without your help. Some of it yes, but not all of it.

    Anyways, I just have a quick question. I heard that zone-alarm wasnt compatiable with windows, or atleast, that it didnt use to be. I was just wondering if that had changed because with my McAfee gone, I've nothing to protect my computer except my windows firewall and if I need to get something else rather than zone-alarm then I can, but I just need to know if its compatiable so that I know that it WORKS and I dont need to worry about getting un-wanted viruses and the like.
    Thanks much.

    Also, I've heard from a few people that version 5.5 of zone-alarm is better than the recent version. I've also heard that it doesnt work and all this other stuff so I guess I just need my doubts and such cleared up lol.

    Zonealarm doesnt seem to detect my AVG anti-virus as an anti-virus system working on my computer, though it is. I'm not sure if that means that the anti-virus system isnt working or what, but it doesnt detect it.

    I keep adding things to this post but I'm trying to clear up all the questions and such I have in this one post lol, so please bear with me.
    Also, for internet connection, Zonealarm doesnt slow it down or anything like the such, does it?

    Alright, thats all the questions I have lol. Now I am ALL done.

    Anyways, any answers or advice to those ^ questions would be much appreciated. Thank you =]
     
  14. russ

    russ TS Rookie Posts: 39

    Zonealarm is a firewall, like windows firewall but better, and AVG is your new antivirus taking the place of your old McAfee antivirus. Another free firewall that works better with my ISP is Sygate(instead of Zonealarm).
     
  15. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104


    That didnt really answer any of my questions, but thanks Russ.
    I'd be much appreciated if Howard could answer them, that'd be good. =]
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It is true that Zonealarm can cause problems on some systems/configurations.

    However, on the vast majority of systems it`s absolutely fine. In any case it`s a hell of a lot better than the Windows firewall, which is fairly crap to be honest.

    It is deffinitely compatible with Windows XP. I use it myself.

    Give it a try and see how you get on.

    As an alternative, you could try the free kerio firewall from HERE.

    Regards Howard :)
     
  17. IBN

    IBN TS Maniac Posts: 487

    What Anti virus software do you use Howard if u dont mind me asking.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I use AVG free and I`ve never had a single virus. However, I am very careful in my surfing habits.

    Regards Howard :)
     
  19. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Alright, thank you much. Its been working perfectly fine for me, no issues what so ever. I was just worried that it would mess with my AVG updates because of the fact that it doesnt...that it doesnt list AVG under anti-virus protection and the such but as long as that isnt the case, then everythings going well.
    Thank you very much for all your help.
    =]
     
  20. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Malware attack?! WTF, HELP.

    Alright. I know I'm getting annoying with all this posting, I'm even annoying myself.
    But, the fact remains that I decided to scan my computer before I went to bed with Ewido to check for Malware. Now, I scanned it two days ago when the virus hit me and it found only 9 objects. But tonight it found 109 infected ones and I dont know why. So, I'm going to run ad-aware and spybot but in the meanwhile, I've attatched my HJT log along with the Ewido log.
    I dont know whats going on, if it has something to do with my firewall or what but I'd be much appreciated if someone could tell me and help me out. Because it theres something I need to fix....well...I'd like to know what. Because I DONT want this malware issue going on. So someone, please help.
    Last post lol, I can ALMOST promise.
    Ran both Spy-bot and Ad-aware. Ad-aware found one thing (normal) and Spy-bot found 19, not normal. But I took care of both.
    Also, whenever I try to run SmartKiller the CoolWebSearch remover I get a pop-up that says SmartKiller was not found on my system.
    So...SOMEONE HELP. :(
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s no need to worry. Your HJT log is clean.

    Why Ewido found so many tracking cookies I don`t know. I suggest you start thinking about what websites you visit and what you click on.

    Regards Howard :)
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one.

    Regards Howard :)
     
  23. tomrca

    tomrca TS Rookie Posts: 1,000

    i am not an expert on hjt's but see if you can find out what this is.

    O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe (file missing)

    it possible that ewido has shown minor tracking cookies that has accumalated in that session or day.
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well spotted tomrca. I obviously missed that one. However, is does say file missing, which normally means it isn`t active anymore.

    Chelsie.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    relocater.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\relocater.exe

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  25. Chelsie

    Chelsie TS Rookie Topic Starter Posts: 104

    Alright, did. Thank you both very much. I dont know what was up with the Malware attatck but I scanned again today and it didnt find much. So thank you both very much. I'm very much obliged lol. =]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...