TechSpot

Having Major Issues: Need Urgent Help

By timwest16
Jul 9, 2007
Topic Status:
Not open for further replies.
  1. Hi,

    I have no idea how, but when i turned on my computer this afternoon i was presented by a litte red button in the task bar with a notification saying:

    Security warning: your computer may be infected with harmful or unwanted software!

    I literally have no idea what to do. My computer is running intolerably slow, and a system restore does not seem to have helped.

    I use windows defender and norton systemworks 2003 (although definitions have now run out)

    Please somone help me soon.

    Thank you
  2. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Hello timwest16 and welcome to TechSpot.

    Your system is probably infected with malware.

    Very Important: Malware infections can lead to identity theft, loss of funds from bank accounts, misuse of credit card information, etc since they can send sensitive information from your computer to their creators. Please read this thread before deciding what course of action to take regarding your infection.

    If, after reading the above thread, you decide to clean your system, do the following.

    Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of timwest16 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  3. BlackScarlet

    BlackScarlet TS Enthusiast Posts: 114

    Yes, that is malware. The best thing to do in all situations is if something is warning you of spyware, and it isnt a program you installed, or if something is offering you an URGENT and FREE scan then say eff you to it. Do you have anything such as Spybot S&D, AVG Antispyware 7.5, or CounterSpy? These are all good programs, as well as OutPost Firewall, which keeps a tight eye on the things coming and going from your network,
    Counterspy in addiction to scanning also monitors execution of potentially harmful programs, and spybot also monitors changes in the registry.

    After you install one or more of these programs (spybot can be used with any other scanning software, but using more than one antivirus at a time could cause conflicts) get all updates, then restart your pc in safe mode, and do a huge scan. Make sure you disconnect your internet while you do this, because some malware can contact its server to say 'hey, im being deleted, replace me'.

    Let me know how that goes. =)


    ~BlackScarletLove~
  4. timwest16

    timwest16 TS Rookie Topic Starter Posts: 20

    Logs

    Hi i did as instructed by kitty500cat.

    Attached are Combofix and HJT logs (also attached SmitFraudFix log), however whilst AVG Antispyware did find issues i deleted them all, but it did not give me the option to save the report.

    I have run all of the scans now, and these are the most recent logs.

    Spybot, AVG Antispyware, Ad-Aware, AVG 7.5 are all now giving me clean scans. However each program found something originally and I have deleted all of the different trojans etc.

    Combofix as you can see from logs, found something and has Quarantined them on my C: Drive. Should i just delete the whole folder it has created?

    After studying my HJT logs, can you tell me if there is anything left to do? Also how will i know if there are more trojans and malware on my system, now that i am getting clean scans?

    Look forward to hearing from you soon, thanks alot.

    (p.s. Black Scarlet i never clicked on the icon, i instantly knew it was an issue, cause i have seen it on other peoples computers, i was just very confused how i had got it. Cause i am usually very careful. I have also replaced my out of date norton systemworks with avg antivirus)
  5. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Well done with following the instructions. However it appears your system still has some nasties residing in it.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Please run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O3 - Toolbar: (no name) - {59980AB3-5590-4C02-A1E6-B1B70132B471} - (no file)
      O3 - Toolbar: (no name) - {210CE244-F474-4D6A-A293-9E8BE93C750B} - (no file)
      O3 - Toolbar: (no name) - {961FAA30-58A9-4A96-A33A-B66841AED84E} - (no file)

      O4 - Global Startup: Digital Line Detect.lnk = ?
      O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
      O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
      O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab

      O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
      O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

      O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
      O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\system\intralaunch.CAB

      Close HJT.

    2. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      [​IMG]

      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    3. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of timwest16 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. timwest16

    timwest16 TS Rookie Topic Starter Posts: 20

    Here you go (new logs)

    Here is the new ComboFix logs and HJT logs. Look forward to hearing from you and thanks
  7. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    I notice you have KService installed. Do you ever use this app?

    All your logs look clean, except perhaps KService. Please post one more HJT log, but from normal mode.

    Also, are you still getting popups?

    Regards :)

    This thread is for the use of timwest16 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  8. timwest16

    timwest16 TS Rookie Topic Starter Posts: 20

    Umm KService, i think it is used with a program called Sky Anytime.

    Also have a couple of questions/answers for you:

    1. What did that script do for combofix?

    2. Is my system definately clean?

    3. In relation to your question about popups, i never got any popups so to speak. The first thing i had happen was music/movie soundtracks etc playing in the background with no visible program playing. Then when i ended teh processes i thought were doing it, i restarted. When computer started teh red icon appeared. however after a few mins i decided to do a system restor to the day before. when it computer reloaded, it hadnt fully loaded, explorer froze, but i started teh exploere service again and registered here. When i then restarted my computer i found that the icon had dissapeared. However i did find all those trojans etc. using the new software i had downloaded. But i have had no popups since original ones.

    Thank you
  9. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Have HJT fix this inactive entry yet:

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

    Other than that, your system is clean.

    As for your ComboFix question, ComboFix scans your system and deletes all malware found. Its logfile contains all the malware it has deleted, as well as all the files created on your computer since a certain date. That way we should be able to see recently created malware.

    The script for ComboFix told it to delete certain nasty files which momok saw in your log.

    Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

    Turn off system restore (XP/ME only). See how HERE
    This will remove all the malware hiding in your system restore points.

    After that turn system restore back on.
    This will create a new, clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article. This can help to prevent future infections.

    Should you have further virus/spyware problems, please post in this thread.

    Regards :)

    This thread is for the use of timwest16 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  10. timwest16

    timwest16 TS Rookie Topic Starter Posts: 20

    Almost done

    Attached the final HJT log. Is it clean now?

    Sorry i had a couple more questions lol.

    1. Should i turn on my live monitoring on windows defender and AVG antispyware now?

    2. Should i delete the folder QooBox that was created by Combofix, it has the quarantined files in it etc?
  11. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    You should probably turn on the live monitoring on Windows Defender. You should do it on AVG Anti-Spyware too, if you can; but the live monitoring will probably disable itself after the trial period expires.

    You should keep the QooBox folder for at least two weeks, just in case something legitimate was actually deleted that you'll need to restore. After that, if nothing turns up, you can probably delete it. The files, however, can no longer harm your computer.

    Regards :)
     
  12. timwest16

    timwest16 TS Rookie Topic Starter Posts: 20

    So will the AVG Spyware program still work after trial period? Can i ask what setup you use? i.e. the full works firewall, spyware etc.

    Is there anything else you would recommend i do? Or am i completely free?
  13. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    AVG Anti-Spyware can still run in the free version after the trial period expires. I think the only thing that could stop working is the active shield (live monitoring). But that shouldn't matter if you use the list of recommended programs below:

    Either AVG or avast! free antivirus (but not both at the same time, as this can cause conflicts)

    Either ZoneAlarm or Sunbelt firewall (again, only one at a time)

    Spybot - Search & Destroy

    Ad-aware SE Personal

    AVG Antispyware

    SpywareBlaster

    CCleaner

    Regards :)

    This thread is for the use of timwest16 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.