TechSpot

Malware alarm infection

By larryiam
Jun 4, 2008
  1. help every time i open internet explorer malware alarm starts popping up and i can't close it. My automatic updates are disabled to. Blind Dragon Was Rite Still Infected!! Help please!!
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    post fresh hijackthis log
     
  3. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok here is the hijack this log. man i really appreciate all of your help!!! so so much!!
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    This is your clock problem as well.

    Well you have a vundo variant on there, this is the main infection so we need to get that off first. I also see some spyware and even though I don't see CWS anymore you should still run CWShredder to be sure.

    Vundofix by Atribune
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please attach the C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    --------------------------------------------------------------------------------
    CWShredder
    Download CWShredder [http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe]here[/URL] to its own folder.

    Update CWShredder

    * Open CWShredder and click I AGREE
    * Click Check For Update
    * Close CWShredder

    Boot into Safe Mode:
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

    --------------------------------------------------------------

    Run a fresh Hijackthis and attach here with the vundofix.txt
     
  5. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    vundo said done searching for files no files were found
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Alright then MBAM should pick up. Hopefully you can update it.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
     
  7. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    i am going to leave the malware program running and my computer.....ive gotta get some sleep i will post my results in the morning asap!! is that ok?
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    same, will check the logs tomorrow. then we can go from there
     
  9. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok i ran the mbam scan and here is the txt file you have requested
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I think it did, all successfully removed


    Are all popups gone?
    Can you run automatic updates?
     
  11. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    Thanks for your time!! i can turn automatic updated on with no error message! and i don't have that pop up in internet explorer! so successful!
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Blind Dragon's the best :)

    You might want to unistall MalwareBytes
    And update all your stuff (Antivirus and Windows Updates)

    But that's it, happy surfing
     
  13. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok i will! thank you and happy surfing to you to!! :D
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    wait a sec. can you scan with hijackthis one more time, it doesn't take long. Then we need to do a few more things to make sure it doesn't come back
     
  15. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok give me a sec will post asap
     
  16. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok here is the hijack this report. oh and do i keep mbam or uninstall it?
     
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Remove bad HijackThis entries
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    -------------------------------------------------------------

    Click Start, point to Settings, and then click Control Panel.
    In Control Panel, double-click Add or Remove Programs.
    In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.

    ---------------------------------------------------------------

    OTCleanit! by Oldtimer
    • Download OTCleanIt
    • Click the CleanUp! button.
      • It will go thorugh the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    -----------------------------------------------------------------

    Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    clear system restore points

    • This is a good time to clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.

    -------------------------------------------------------------------------------

    Additional recommendations:

    1)Check for updates to your Mcafee products


    2)Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
     
  18. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok just did all of the instructions you have listed respected blind dragon! do i uninstall mbam??
     
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    MBAM is up to you, it is quickly becoming one of the best anti-spyware products out there, and it free to use, free to update. It doesn't use any system resources when Idle, only when you scan with it. Either way its your call
     
  20. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    ok ill keep it because you recommended it to me. Thank you sir for and your time and devotion to my problems!! so greatly appreciated!!! :grinthumb
     
  21. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Just glad it works. I forgot to ask you - are you able to sync your clock now
     
  22. larryiam

    larryiam TS Rookie Topic Starter Posts: 476

    sadly no. but i can live with that. i can't live with malware and its gone now! i guess its from a update in service pack 2 because when i had to recover my computer from a virus it erased all the updated and sp2 and the clock synchronization worked. i installed all the updates back and sp2 now it won't and hasn't for quit sometime. but oh well. im happy computer works! Oh and by the way blind dragon THANK YOU SO MUCH FOR YOUR HELP!! :grinthumb
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...