Got a virus on facebook

Status
Not open for further replies.

Darci

Posts: 27   +0
I got a message from someone on Facebook asking about a pic I sent them, but it was actually a nasty virus. The next thing I knew, all of my facebook friends were getting messages from me, but I didn;t send them. All of the messages had links. Later that day, facebook shut down my page and told me to set up a new password.

I followed the directiions shown for prelim malware removal, but was unable to run Malwarebytes until after I ran the Super Anti spyware.

I will post all logs

Thank you in advance for your assistance.
 

Attachments

  • hijackthis.log
    8 KB · Views: 6
  • mbam-log-2009-12-06 (21-54-04).txt
    2.7 KB · Views: 10
  • SUPERAntiSpyware Scan Log - 12-06-2009 - 21-18-23.log
    6.9 KB · Views: 6
Welcome to TechSpot, Darci. My apology for the delay. I checked your logs and you have a badly infected system.

Did you realize you have this programs running?
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe


I ask because this is for remote support, when the support techs actually remotely go into your system to help. Cleaning your system is going to take quite a bit, so IO wanted to point this out to you since it i already running.

Take a look at their site and see if you want to go that route:
http://www.gotoassist.com/en_US/entry.tmpl

IF you do not, let me know and we'll give it a try. You should change all of your passwords and monitor any online financial transactions.
 
I would appreciate any help u can give me
I didn;t know go2assit was on my computer, and i;m not sure when it was d/l
I removed it via control panel

Please let me know what to do next

Thanks
 
Darci, I'm going to ask kritius to have a look at your logs. He is the best malware helper of all times! I want to be sure all the infections are addressed properly.

Hang tight okay?
 
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


[CENTER]
RC1.png
[/CENTER]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\zllictbl.dat
c:\windows\fs1235.dat

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
mbam log

Actually, I havent used this computer much since it got infected. So, I cant really say how its running except it is allowing me to do any of the d/l and scans you are requesting. In the beginning, it was so infected that it wouldnt allow me to d/l anything that might help me clean it such as anti virus and malware removal programs. So we are making progress!!

Here is the nwe mbam log.

Thank you!!
 
DDS by sUBs
Please download DDS by sUBs from HERE or HERE and save it to your Desktop.

Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

  • Double click on dds to run it.
  • When done, DDS.txt will open.
  • You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
  • When done, Attach.txt will open.
  • Please zip and attach the contents of DDS.txt and Attach.txt in your next reply.
 
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
Kaspersky failed

I have tried to run the kaspersky scan 3 times. Even rebooting the computer in between each attempt. I keep getting the same windows interent explorer error message: "Update has failed. The program could not be started. Please close the window of kaspersky online scanner 7.0 and start the program again from teh web site of kaspersky lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted internet connection. Please make sure the Internet connection is established [ERROR: Scanning could not be started [0x80004005]]
 
Try this,

Please download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • [*] System Memory
    [*] Startup Objects
    [*] Disk Boot Sectors.
    [*] My Computer.
    [*] Also any other drives (Removable that you may have)

After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

  • Click on Scan at the top right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it as Kas to the desktop
  • Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.
 
Kaspersky

I have tried twice to d/l this setup file. Both times, it appears to be downloading, and even puts an icon on the desktop. I rebooted into safe mode to run the setup file, but it didn't appear on the desktop in safe mode, so I went back to a normal boot up and saw it there. I tried to open the setup file in normal mode, but it said the file was corrupt. I will try to download the file again tonight and let you know.

Thanks
 
I have tried twice to d/l this setup file. Both times, it appears to be downloading, and even puts an icon on the desktop. I rebooted into safe mode to run the setup file, but it didn't appear on the desktop in safe mode, so I went back to a normal boot up and saw it there. I tried to open the setup file in normal mode, but it said the file was corrupt. I will try to download the file again tonight and let you know.

Thanks


Hi Darci,
I am not a malware helper here, just here for help like you. But, I think I can help w/ this: When you log in to Safemode, you are logging in under the administrator profile, not your usual profile, so you are not seeing the same desktop icons as you do in normal mode.

Here's what to do: Once safe mode has loaded, rightclick Stat Button > explore > documents and settings > your user profile > desktop > .exe file you are looking for.


Hope this helps and I didn't step on anyone's toes. All the help here is much appreciated.
 
Thanks for the tip on how to find the file in safe mode.

I tried opening the file in safe mode, and I got an error message: "The setup files are corrupted. Please obtain a new copy of the program"

Thanks
 
Kaspersky

I was able to run Kaspersky today. I realized I forgot to disable antivirus before d/l the file on my prior attempts. Now that I did that, the file worked fine, except it wouldnt let me customize the security level.

Hopefully I have captured the log ok.


Let me know

Thanks!!
 
Are there any TechSpot gurus that can see this post and take a look at my log? Haven't heard from anyone in over a week. Thanks =)
 
Sorry,

Thought I had replied to this. The log was ok.

Are you still experiencing problems?
 
No Problem, Kritius. I thought maybe you were just caught up in all the Holiday craziness.

Funny thing is, I haven't used the mini laptop since I ran that scan and posted the log. I was waiting to make sure everything was ok. I will use it and report back if any problems. THANK YOU SO MUCH for all your help!

Darci
 
Status
Not open for further replies.
Back