TechSpot

Followed the 8-step viruses/spyware/malware process

By techdummy415
Jan 2, 2009
  1. Hello,

    Thanks for the 8-step instructions to get my viruses (or whatever they are called) removed. I found this website because I have two major problems running on my computer and are as follows.

    Google/Yahoo search results get redirected: I have had this problem for about 6 weeks now and do not know how to fix it. I did the 8 step process as you recommended but still have this problem.

    False positive with System Security virus: This program seems to have been removed after using the recommended antispyware scans. I thought it would be still important to let you know that I had this at one time.

    As requested, I have attached the 3 logs. Please let me know what I need to remove, and how I can remove these infected files. Thanks for all your help.

    Techdummy415
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    The logs paint this as a "handled" case. However, you cite that the browser is still being redirected.

    Please run ComboFix & HJT. ComboFix cleans & provides diagnostic information that is used to find enabling infection that remain or just residue. As with most scans, the repeat scan looks for any infection that is now unmasked or a clean run. Always assess if symptoms remain.

    Supporting information
     
  3. techdummy415

    techdummy415 TS Rookie Topic Starter

    It Worked!!

    Hello,

    Thanks for the advice. I ran the last program and it deleted an additional 3 files on my computer. I thought I would never get this fixed. ALso, my computer seems to be running as good as when I first bought it a few years ago. I've attached the logs to this reply.

    Cheers
     
  4. adweston

    adweston Banned Posts: 242

    It's still there.. Well, at least the folder is:

    c:\documents and settings\All Users\Application Data\327481232

    Check to make sure it's empty, then delete the folder.

    System Security is one of those brutal infections that Combofix doesn't deal with adequately yet. I just ran into that one two days ago.

    EDIT: After you delete that folder, run CCleaner (both the file cleanup and the registry cleaner)
     
  5. techdummy415

    techdummy415 TS Rookie Topic Starter

    Thanks for the info. I was just going to post another reply stating that my browser just got hijacked again. I'll follow your steps and report back.

    Stupid question, how do I get to c:\documents and settings\All Users\Application Data\327481232? When I hit the start button then to go "my computer" I double click the "local c drive" and then "documents and settings". Finally I click "all users" but after that there does not appear to be an option for "application data". I must be doing something wrong. Thanks.
     
  6. adweston

    adweston Banned Posts: 242

    In My Computer:

    Go to Tools > Folder Options

    Click the View tab

    Check "Show hidden files and folders:

    Uncheck "Hide extensions for known file types"

    Uncheck "Hide protected operating system files" Click ok in the pop up prompt

    Click ok.

    Then go back to that folder and try it.
     
  7. techdummy415

    techdummy415 TS Rookie Topic Starter

    Ok so I found the 327481232 folder and found 3 files located under that folder. I deleted the three files under that folder and then deleted the folder itself. I ran CCleaner (both the file cleanup and registry cleaner). After all this, I restarted my computer.

    Unfortunately my google search results were still getting redirected so I decided to rerun combofix as my problem was temporarily fixed after I ran it the first time. I finally ran hijack this to get an updated log. I have posted both the combofix and hijack log to this post.

    My google search results are not getting redirected as of yet. I'm kind of skeptical as this was only temporarily fixed the first time. Let me know if you see anything else suspicious in my computer. Thanks!!!
     
  8. adweston

    adweston Banned Posts: 242

    I don't see anything else in those logs, but run this just to be certain.

    And for God's sake.. When you're finished delete some of that crap. You're computer will barely run with all that jazz in there. Kill Mcafee (do NOT use the uninstaller. Use the McAscrap Removal Tool), Spybot, WinPatrol, Superantispyware and Malwarebytes. You can reinstall the last two if you need them again.

    It's pretty obvious what the first three are worth. Malwarebytes will start screwing with your cookies, interupting things like Java games, etc (Prime example is Pogo).

    One other thing I find amusing. You use Firefox. How often do we hear the Firecrap fanboys raving about how Firefox protects them from infections? I guess we can link them to your logs..... ;)
     
  9. techdummy415

    techdummy415 TS Rookie Topic Starter

    So i don't know if this is just a coincidence but I was trying to download the One Republic CD online (I think it was emp3.com) when my Mcafee suddenly warned me that they detected a trojan (the end of the file was called dll I think). Shortly after, the following problems occured on my comp.

    1. Windows Automatic Update not turned on message: That message was on the bottom right of my computer and I clicked the balloon to try to fix it. When I get the option to turn on automatic updates, windows tells me that I cannot and have to do this through my control panel. When I go to control panel, it tells me that the automatic updates are already turned on.

    2. The time on the bottom right turned to military time.

    3. My shortcut icons on the bottom left (to the right of the start button) are now missing.

    4. My computer goes REALLY slow.

    I decided to redo the 8 step process after installing Avira (and deleting Mcafee). Avira found a malware during the scan (file called AcrA3BB.tmp). Avira moved that file to 49d32812.qua. Don't know what that means but I'm sure you do. When running MALB and Super, they both found a bunch of infected files, more than before.

    When I restarted the computer after the final step, my computer still had a warning stating that automatic updates was not turned on. Only this time, I was able to turn it on after clicking on the balloon.

    THe only symptons that persist are 2 and 3 from above. Also, I have attached my logs to make sure there is nothing lingering. Was this recent attacked due to the last virus I caught or was this completely as separate issue and I have just been unlucky recently?

    Thanks for all your help.
     
  10. techdummy415

    techdummy415 TS Rookie Topic Starter

    My Avira just found another trojan called the softomat trojan. Don't know what that is but I guess Avira is working. The file name is called a1063069.dll. Is my computer toast?

    Help!!! Please see the post above which is the most recent issue I've been having. Thanks.
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed

    So far, so good ;)
     
  12. techdummy415

    techdummy415 TS Rookie Topic Starter

    Still having problems

    Help someone! I am still having virus problems in my computer. I just recently had one today and ran the 8 step virus twice (until the programs stopped detecting a problem). Keep in mind, I did the same 8 step last week more times than I want to remember.

    Although nothing was detected the second time through I do notice that I now have the YOOG SEARCH virus that I cannot remove. I don't know what else to do.

    I've attached the most recent logs to this post. THank you.
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please rescan with HJT and tick the following entries
    Before selecting Fix all, close any\all Internet browsers
    Before restarting download Combofix
    Lots of info on its use here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Direct download here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
     
  14. techdummy415

    techdummy415 TS Rookie Topic Starter

    Thanks,

    So I followed your steps as closely as possible. I still have the yoog search in my toolbar. Of note, when I initially restarted in safe mode, I could not locate the combo fix file as I saved it on my desktop (sorry, I thought the desktop is the same as c drive). So I had to restart in normal mode and move to the c drive. I then restarted and when I opened combo fix, a warning stating that my antivirus is running came up.

    I tried to disable my av, however I don't think it was actually running because when I opened up the av program, it said that it was disabled. Also, when combofix was running I noticed that the program stated that it could not locate some temporary folder. The message was too quick for me to note down.

    I don't know if this is important for you but I figured it couldn't hurt to tell you everything since I think my computer is still infected. Thanks!!!
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Reset your browser settings:

    Internet Explorer: http://www.techspot.com/vb/post682762-2.html

    Firefox:

    http://kb.mozillazine.org/Resetting_preferences
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...