TechSpot

another virus

By DulaxTwo7
May 8, 2006
  1. I get pop-ups telling me that my laptop has been infected and that I need Antimalware software to clean and protect my system, and even providing links through which I can “download approved software” … when I open Explorer, about:blank appears as the address, and eventually turns into which offers and promotes “recommended anti-spyware software”
    Then a popup appears with my homepage saying"
    MICROSOFT INTERNET EXPLORER
    Warning!
    W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.

    Amongst other information, on said pop-up alleged “technical details” states: 1. Creates files in %Windir%\directory. By default this is C:\Windows; 2. Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run; 3. Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.

    It then gives me “Recommendations”: Click “OK” to download officially approved security software.
    Other pop-ups come up randomly, but basically with similar approaches and information. "

    What ever i have is causing some programs to close out of no where and is really annoying. I ran hijackthis and this is what came out.

    --Verobose HJT log removed.--
     
  2. Spike

    Spike TS Evangelist Posts: 2,168

    Firstly, Welcome to TechSpot :wave: :wave:

    I've taken the usual step ( I was feeling nice) of correcting your post by replacing it with A .txt attachement of your HJT log.

    Please follow the sticky thread entitled Before posting your HijackThis log, please read this., paying attention to the note that says that HJT should be in it's own directory (eg, c:\hjt\hjt.exe), not on your desktop. This is for your own benefit should you find that you need to restore a backup from HJT (unlikely, but it happens).

    I would also recommend that you uninstall Symantecs Norton from your machine - actually, I couldn't recommend it more strongly, and many of us here will say the same.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    dcomcfg.exe
    bittorrent.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d.umn.edu

    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD021.tmp

    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe

    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://cpower.collegepro.com/control/ScriptX.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbeta/qsp2ie06011811.cab


    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\hpD021.tmp

    Reboot into normal mode and turn system restore back on.

    Regards Howard :wave: :wave:

    BTW. Thanks Spike.
     
  4. DulaxTwo7

    DulaxTwo7 TS Rookie Topic Starter Posts: 36

    Thanks Howard. That got rid of one of the ad/spy ware problems. but i think there is more. I have a icon on the task bar of a green guy in a wheel chair that frequently has pop up come near him saying that my computer is infected
    Critical system error.
    THis icon brings me to http://www.spyfalcon.com/?aff=264. I will run HJT again. and show you the results. thanks for all the help
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and follow the instructions. These are specific to removing Spyfalcon.

    Then post a fresh HJT log.

    Regards Howard :)
     
  6. DulaxTwo7

    DulaxTwo7 TS Rookie Topic Starter Posts: 36

    I think every thing is going well. It appears that the ad ware is gone, here is the latest HJT log.

    For some reason I can't put this on as an attachment. so here is the log

    -verbose hjt removed -
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m glad to say, your HJT log is now clean.

    Regards Howard :)
     
  8. DulaxTwo7

    DulaxTwo7 TS Rookie Topic Starter Posts: 36

    Yeah!!!!!!!!!!!!!!!!
     
  9. DulaxTwo7

    DulaxTwo7 TS Rookie Topic Starter Posts: 36

    any ideas on a better anti virus, anti spy ware, fire wall to get????
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes. Download the free AVG antivirus programme from HERE.

    Then, download the free Zonealarm firewall from HERE

    Disconnect from the net and uninstall your Symantec/Norton crapware from add remove programmes in your control panel. Note: You maye need to uninstall in several bits, rebooting your system inbetween.

    Once you`ve got rid of Symantec, install Zonealarm, followed by AVG. Reboot your system and reconnect to the net. Run the AVG updates.

    You may notice your system might run faster as well.

    Regards Howard :)
     
  11. Spike

    Spike TS Evangelist Posts: 2,168

    And if you're REALLY interested in getting more secure, you might like to consider the contents of the "securing windows" thread, http://www.techspot.com/vb/topic31474.html :)

    If you're not a big Zone Alarm fan, the other option is Sunbelt Kerio Personal Firewall, HERE

    Nice to see someone so enthusiastic about the help they get here. :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...