TechSpot

HELP somthings wrong with my browser and an annoyong Balloon Pop-up

By jhae
Dec 5, 2006
  1. theres this program that suddenly poofed out after i installed a program
    i think it's a malware... it's a VIRUS-BURSTERS 6.3
    den theres this annoying POP-UP ballon and a FLASHING ICON on my taskbar looks like a yellow warning sign and a minebomb look to it... says CRITICAL SYSTEM ERROR.. but when you press it it opens a link going to virusbusters website...


    HERES my HJT LOG..




    in ADDITION
    noton found a trojan Bursky -"unrepaired"
    while AVG FOUND a trojan horse donloader on the admistrators folder...

    plus

    spybot S&D results...
    Avenue A, Inc.--- FIXED
    Smitfraud-C.--- FIXED
    Smitfraud-C.Toolbar888---FIXED
    Yazzle-- FIXED

    then when i open a new browser this shows up??? so WIERD...
    [​IMG]


    THANKS IN ADVANCE hope someone could help me...

    Hjt Log... Tt__tt..
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You`re running two antivirus programmes, this is not recommended and can cause conflicts. Uninstall one of them ASAP.

    Your system is infected with a variety of nasties.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jhae

    jhae TS Rookie Topic Starter Posts: 26

    OMG YOU KICK *** dude!!

    hehe i was scanning ALL DAY LONG omg.. like i started 2:00 afternoon and ended up like 11:00 late evening omg doing like different steps.. gawd that is crazy waiting..

    howard:hotbounce OMG you did it.. MY GOD!! hehe my pc just felt so VIRGINY..
    so fast and smooth..
    I CAN NEVER SAY THANK YOU ENOUGH.. my goodnes.. I HAIL YOU!! hehe..
    thnx.. hehe i thought i will never get way of it unless i crash the pc..

    hmm here are my results... both AVG logs and HJT logs..
    hopes it's clean enough ehhe *crosses fingers*
    GOSH The assistance in this forum is so fast.... this ROCKS!!
    THANKS THIS IS REALLY A BIG BIG HELP.. hehe
    WOW this is GENIUS stuff's THX man..!!!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with the following infected programmes(if there).

    BearShare
    Zango
    Safety Bar

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    BearShareZangoInstaller.exe
    saveinstwm.exe
    Remover.exe
    PowerReg Scheduler V3.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)

    O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i

    O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"

    O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\AHEM\Desktop\RUN\vundofix.exe"

    O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\AlienGUIse\WBInstall32.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    PowerReg Scheduler V3.exe<Search your system for this file and delete all instances found.

    C:\Program Files\BearShare<Delete the entire folder.
    C:\Documents and Settings\Rye\Start Menu\Programs\WhenU<Delete the entire folder.
    C:\temp\Remover.exe

    Delete all files in AVG Antispyware quarantine.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jhae

    jhae TS Rookie Topic Starter Posts: 26

    Here We Go..

    just deleted BEARSHARE, ZANGO.. and the other .exe file..
    wahhhhhh this is weird coz i cannot find ZANGO in the
    add and remove progams.. yet i just locate in the C: and deleted the .dll file in folder...


    here are my HJT and AVGlogs..
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\Program Files\Zango\zangohook.dll

    Once your system has rebooted, delete the following folder.

    C:\Program Files\Zango

    Delete the Killbox backups. Run the Ccleaner programme as per these instructions HERE.

    Run a fresh AVG Antispyware scan and post the log.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jhae

    jhae TS Rookie Topic Starter Posts: 26

    Omg mr. HOWARD.. hehe THANK YOU VERY MUCH for the BIGGEST HELP in my PC..
    THANKSSSS!!! weeeeeeeeeeeeee...

    just a question if i see a baloon saying low virtual memmory--> ish that a virus
    coz i have a 6gb left in my hardrive.. hehe nothing related.. weeh..
    last question my brother is insisting to install bearshare again grr(for all the time i have been cleaning lolzz).. but as you say it has this tracking cookies and spywares.. what do you recomend to do? and any suggested spyware removal exept AVG?? thanks... PLUS do i have to installl FIREWALL PROGAMS?? coz i have already a firewall in my connection??
    wahh lastest question.. my DATE on the pC rollbacks to MAY 29 2002 everytime i reboot when i plug a external hardrive...


    HERES my AVG LOG.. weeeeeeeeeee ^__^

    omg guys ur so fast at replying.. hehe so WISE of you.. this FORUM rocks!!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is now clean.

    I don`t recommend you to reinstall Bearshare. You`ll only end up with your system virused again.

    In addition to AVG Antispyware, I recommend the following.

    Spybot search & destroy/Ad-Aware se personal/Spyware Blaster.

    I`ve just been looking through your HJt log and it seems you`re running more than one antivirus programme. this is not recommended, will slow your system down and can cause conflicts.

    You should uninstall one of them from add remove programmes in your control panel. personally, I recommend you get rid of Norton and keep AVG, but it`s up to you.

    If you have any further virus/spyware problems, please post in this thread.


    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. jhae

    jhae TS Rookie Topic Starter Posts: 26

    THANK YOU FOR THE RECOMEDATIONS MR HOWARD..

    hmm ehhe I HAVE PROBLEMS UNINSTALLING norton antivirus 2006?
    becoz when i open ADD and remove progams.. its not there but the 2003 version and the live update of norton?
    do you have some tips in uninstalling NORTON?? THANK YOU!! wahh!!
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    For your uninstallation of Norton problems, take a look at this thread HERE.

    I forgot to add in my last post, as regards your low virtual memory problem, I suggest you open a new thread in our Windows OS forum.

    Regards Howard :)

    This thread is for the use of jhae only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...