Got a virus on facebook

By Darci
Dec 6, 2009
Topic Status:
Not open for further replies.
  1. I got a message from someone on Facebook asking about a pic I sent them, but it was actually a nasty virus. The next thing I knew, all of my facebook friends were getting messages from me, but I didn;t send them. All of the messages had links. Later that day, facebook shut down my page and told me to set up a new password.

    I followed the directiions shown for prelim malware removal, but was unable to run Malwarebytes until after I ran the Super Anti spyware.

    I will post all logs

    Thank you in advance for your assistance.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Welcome to TechSpot, Darci. My apology for the delay. I checked your logs and you have a badly infected system.

    Did you realize you have this programs running?
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe


    I ask because this is for remote support, when the support techs actually remotely go into your system to help. Cleaning your system is going to take quite a bit, so IO wanted to point this out to you since it i already running.

    Take a look at their site and see if you want to go that route:
    http://www.gotoassist.com/en_US/entry.tmpl

    IF you do not, let me know and we'll give it a try. You should change all of your passwords and monitor any online financial transactions.
  3. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    I would appreciate any help u can give me
    I didn;t know go2assit was on my computer, and i;m not sure when it was d/l
    I removed it via control panel

    Please let me know what to do next

    Thanks
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Darci, I'm going to ask kritius to have a look at your logs. He is the best malware helper of all times! I want to be sure all the infections are addressed properly.

    Hang tight okay?
  5. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Thanks

    Sounds good to me
    Thanks
  6. kritius

    kritius TechSpot Guru Posts: 2,087

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  7. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    combo fix log

    here is my combo fix log

    Attached Files:

  8. kritius

    kritius TechSpot Guru Posts: 2,087

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  9. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    here is the new combo fix log
    thanks
  10. kritius

    kritius TechSpot Guru Posts: 2,087

    How are things running?

    Update MBAM and run a quick scan, post the log back here for me.
  11. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    mbam log

    Actually, I havent used this computer much since it got infected. So, I cant really say how its running except it is allowing me to do any of the d/l and scans you are requesting. In the beginning, it was so infected that it wouldnt allow me to d/l anything that might help me clean it such as anti virus and malware removal programs. So we are making progress!!

    Here is the nwe mbam log.

    Thank you!!
  12. kritius

    kritius TechSpot Guru Posts: 2,087

    DDS by sUBs
    Please download DDS by sUBs from HERE or HERE and save it to your Desktop.

    Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    • Double click on dds to run it.
    • When done, DDS.txt will open.
    • You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
    • When done, Attach.txt will open.
    • Please zip and attach the contents of DDS.txt and Attach.txt in your next reply.
  13. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    DDS logs

    hopefully I did this right :) Let me know

    Thanks
     
  14. kritius

    kritius TechSpot Guru Posts: 2,087

    Please do an online scan with Kaspersky WebScanner

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  15. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Kaspersky failed

    I have tried to run the kaspersky scan 3 times. Even rebooting the computer in between each attempt. I keep getting the same windows interent explorer error message: "Update has failed. The program could not be started. Please close the window of kaspersky online scanner 7.0 and start the program again from teh web site of kaspersky lab.

    Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted internet connection. Please make sure the Internet connection is established [ERROR: Scanning could not be started [0x80004005]]
  16. kritius

    kritius TechSpot Guru Posts: 2,087

    Try this,

    Please download AVP Tool by Kaspersky.

    • Save it to your desktop.
    • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder. Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box. There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.

    • [*] System Memory
      [*] Startup Objects
      [*] Disk Boot Sectors.
      [*] My Computer.
      [*] Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

    • Click on Scan at the top right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then choose the delete option when prompted.
    • After that is done click on the reports button at the bottom and save it as Kas to the desktop
    • Post only the detected Virus\malware in the report, it will be at the very top under Detected

    Note: This tool will self uninstall when you close it so please remember to save the log before closing it.
  17. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Kaspersky

    I have tried twice to d/l this setup file. Both times, it appears to be downloading, and even puts an icon on the desktop. I rebooted into safe mode to run the setup file, but it didn't appear on the desktop in safe mode, so I went back to a normal boot up and saw it there. I tried to open the setup file in normal mode, but it said the file was corrupt. I will try to download the file again tonight and let you know.

    Thanks
  18. Texaus

    Texaus Newcomer, in training Posts: 53


    Hi Darci,
    I am not a malware helper here, just here for help like you. But, I think I can help w/ this: When you log in to Safemode, you are logging in under the administrator profile, not your usual profile, so you are not seeing the same desktop icons as you do in normal mode.

    Here's what to do: Once safe mode has loaded, rightclick Stat Button > explore > documents and settings > your user profile > desktop > .exe file you are looking for.


    Hope this helps and I didn't step on anyone's toes. All the help here is much appreciated.
  19. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Thanks for the tip on how to find the file in safe mode.

    I tried opening the file in safe mode, and I got an error message: "The setup files are corrupted. Please obtain a new copy of the program"

    Thanks
  20. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Kaspersky

    I was able to run Kaspersky today. I realized I forgot to disable antivirus before d/l the file on my prior attempts. Now that I did that, the file worked fine, except it wouldnt let me customize the security level.

    Hopefully I have captured the log ok.


    Let me know

    Thanks!!
  21. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    Are there any TechSpot gurus that can see this post and take a look at my log? Haven't heard from anyone in over a week. Thanks =)
  22. kritius

    kritius TechSpot Guru Posts: 2,087

    Sorry,

    Thought I had replied to this. The log was ok.

    Are you still experiencing problems?
  23. Darci

    Darci Newcomer, in training Topic Starter Posts: 27

    No Problem, Kritius. I thought maybe you were just caught up in all the Holiday craziness.

    Funny thing is, I haven't used the mini laptop since I ran that scan and posted the log. I was waiting to make sure everything was ok. I will use it and report back if any problems. THANK YOU SO MUCH for all your help!

    Darci
  24. kritius

    kritius TechSpot Guru Posts: 2,087

    Use it for a few days and then post back with how it is.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.