TechSpot

Malware alarm

By plasma dragon00
Dec 2, 2007
Topic Status:
Not open for further replies.
  1. well, seems we got blasted with this virus, and asked if we wanted to download the malwarealarm product. norton blocked it though, but then redected it and supposedly fixed it in a scan. ill do a full norton scan, as well as adaware/spyboy sd.

    heres the hjt log, please if you can review it and tell me if theres anything wrong with it.

    thanks,

    ~plasma
  2. Jase123

    Jase123 Banned Posts: 1,122

    Hi plasma dragon00 Welcome to Techspot![​IMG]

    My name is Jason, on these forums I am known as Jase123. I will be helping you with your current problem.

    HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

    Please make an Uninstall List using HiJackThis.


    To access the Uninstall Manager you would do the following:

    • 1. Start HijackThis
      2. Click on the Config button
      3. Click on the Misc Tools button
      4. Click on the Open Uninstall Manager button.
      5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

    As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

    Lastly, please keep these points in mind:
    • If you have questions, please DON'T hesitate to ask!
    • The instructions I give are specific to your current problem and should not be used on other systems.
    • Please post your replies only to this topic, and please DO NOT start a new thread.
    • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

    I am reviewing your log now, and will be back with you shortly. Thank you for your patience.
  3. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    thanks for the help jace, and heres the uninstall list:

    Ad-Aware 2007
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.2
    Andrea VoiceCenter
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    Bejeweled 2 Deluxe
    Bejeweled 2 Deluxe
    Bejeweled 2 Deluxe 1.0
    ccCommon
    CCleaner (remove only)
    CCScore
    Chuzzle Deluxe
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar
    Conexant D850 56K V.9x DFVc Modem
    Coupon Printer for Windows
    Coupon Printer for Windows
    Creative MediaSource
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell Support Center
    DellSupport
    Desktop Doctor
    Digital Content Portal
    Digital Line Detect
    ELIcon
    EPSON CX5800F Guide
    EPSON Printer Software
    EPSON Scan
    EPSON Web-To-Page
    ESPNMotion
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    essvcpt
    Garmin WebUpdater
    Garmin WebUpdater
    GemMaster Mystic
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Updater
    Hidden Expedition Titanic
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    HLPPDOCK
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Worm Protection
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment, SE v1.4.2_03
    kgcbase
    Kodak EasyShare software
    KSU
    Learn2 Player (Uninstall Only)
    LiveUpdate 3.0 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    MCU
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Modem Helper
    Mozilla Firefox (2.0.0.8)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    NAVShortcut
    Nero Suite
    NetWaiting
    Norton AntiVirus 2006
    Norton AntiVirus 2006 (Symantec Corporation)
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Protection Center
    Norton WMI Update
    Notifier
    OfotoXMI
    OTtBP
    OTtBPSDK
    Otto
    Polar Bowler
    Qualxserve Service Agreement
    QuickTime
    RealPlayer
    Rhapsody
    Rhapsody Player Engine
    Search Assist
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB943460)
    SFR
    SFR2
    Shanghai II
    SHASTA
    SKIN0001
    SKINXSDK
    Sonic Activation Module
    Sonic Advanced Decoder
    Sonic Encoders
    Sonic Update Manager
    Sound Blaster Audigy ADVANCED MB
    Sound Blaster Audigy ADVANCED MB Product Registration
    SPBBC
    Spybot - Search & Destroy
    staticcr
    Symantec
    Symantec KB-DocID:2003093015493306
    Symantec Technical Support Web Controls
    TurboTax Home & Business 2006
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    TurboTax Premier 2005
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    USB MassStorage CardReader
    VPRINTOL
    WebCyberCoach 3.2 Dell
    WexTech AnswerWorks
    Windows Communication Foundation
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890927
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    WIRELESS
    Xbox 360 Controller for Windows
    ZoneAlarm
    Zuma Deluxe
    _______________________________________________
    ~plasma
  4. Jase123

    Jase123 Banned Posts: 1,122

    Put a check beside all of the items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    * Close all open windows and browsers/email, etc...
    * Click on the "Fix Checked" button
    * When completed, close the application.

    Everything looks clean in your HJT log.

    Now, in the interests of making sure your system is truly clean, please do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Jason :)
  5. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    here they are. the bmp file enclosed is the error i recieved before i got the virus, just so you know what box im talking about. the bottom part of it is the web page it opened. sorry its bad detail, but i had to save it as a 16 color bitmap for it to be the right size. the web pageopened points to
    Code:
    http://scanner2.malware...
    combofix, avg as, and hjt logs.

    thanks,

    ~plasma
  6. Jase123

    Jase123 Banned Posts: 1,122

    I am reviewing your logs now - I will be back soon - thanks for your patient.

    Regards Jason :)
  7. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    and thank you for helping me lol :)
  8. Jase123

    Jase123 Banned Posts: 1,122

    Follow my instructions below:

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Re-post a fresh Hijackthislog after.

    Regards Jason :)
  9. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    here you go, and thanks.

    ~plasma
  10. Jase123

    Jase123 Banned Posts: 1,122

    Hi plasma dragon00,

    your log looks clean. Lets run some other scanners.

    Please copy the fix to Notepad/Word, or print it, because you won't always have internet access!


    Step 1: Disable Teatimer
    Please disable Teatimer as it may interfere with the fix.
    First:

    * Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    * Choose Exit Spybot S&D Resident

    Second:


    * Open Spybot S&D
    * Click Mode, check Advanced Mode
    * Go To Left Panel, Click Tools, then also in left panel, click Resident
    * If your firewall raises a question, say OK
    * Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    * Use File, Exit to terminate Spybot
    * Reboot your machine for the changes to take effect.

    Step 2: Update Adobe Reader

    Please make sure Adobe Reader is up-to-date. I'm not sure whether your version has the latest update, but it can't hurt to check.

    Step 3: Update Java


    Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    * Download the latest version of Java Runtime Environment (JRE) 6 .
    * Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
    * Click the "Download" button to the right.
    * Check the box that says: "Accept License Agreement".
    * The page will refresh.
    * Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    * Close any programs you may have running - especially your web browser.
    * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    * Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each Java versions.
    * Reboot your computer once all Java components are removed.
    * Then from your desktop double-click on the download to install the newest version.

    Step 4: Run CCleaner
    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

    * Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
    * Then select the items you wish to clean up.

    o In the Windows Tab:

    + Clean all entries in the Internet Explorer section except Cookies
    + Clean all the entries in the Windows Explorer section
    + Clean all entries in the System section
    + Clean all entries in the Advanced section
    + Clean any others that you choose

    o In the Applications Tab:

    + Clean all except cookies in the Firefox/Mozilla section if you use it
    + Clean all in the Opera section if you use it
    + Clean Sun Java in the Internet Section
    + Clean any others that you choose


    * Click the Run Cleaner button.
    * A pop up box will appear advising this process will permanently delete files from your system.
    * Click OK and it will scan and clean your system.
    * Click exit when done.
    * If it asks you to reboot at the end, click NO

    NOTE: CCleaner should be run with the above settings for each User Account!


    Step 5: Run Kaspersky Online Scan

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:


    Extended (if available otherwise Standard)


    o Scan Options:


    Scan Archives Scan Mail Bases

    * Click OK
    * Now under select a target to scan:

    Select My Computer

    * The program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.

    o Now click on the Save as Text button:

    * Save the file to your desktop.

    Step 7: Post logs

    # Fresh HijackThis log
    # ComboFix log

    And tell me how your computer is running - any problems ect.

    Regards Jason :)
  11. Jase123

    Jase123 Banned Posts: 1,122

     
  12. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    well, my parents are just going to wait for their norton subscription to expire, and then theyre either going to buy a new norton product or use one of these free ones. they get the norton AV when they buy their tax software every year ;)

    also, we use zone alarm on this computer, and i use iton mine too because i like the produce :)

    here are the logs, i saved a kaspersky log somewhere but cant seem to find it. it showed up clean though, but a bunch of objects showed up as "locked". if i find the log ill post it.

    heres hjt and combofix though

    ~plasma
  13. Jase123

    Jase123 Banned Posts: 1,122

    Word of advice - don't renew your Norton subscription.

    Both logs clean. Hows your system running now? Any problems?

    Regards Jason :)
  14. plasma dragon00

    plasma dragon00 TS Rookie Topic Starter Posts: 192

    lol we never have renewed them, with the old versions we would just reinstall them and that would give us a new subscription. with this one, though, it actually tracks it probably from their site. even if its uninstalled. system seems to be running fine.

    thanks for the help jason :) :)

    ~plasma
  15. Jase123

    Jase123 Banned Posts: 1,122

    Good!

    First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

    Next, let's clean your restore points and set a new one:

    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    2. Restart your computer.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check Turn off System Restore.
    Click Apply, and then click OK.

    System Restore will now be active again. It will have also created a new clean restore point.

    Now that you are clean, to help protect your computer in the future I recommend that you get the following program(s):


    * AVG Antispyware

    You should also have a good firewall. Here are 3 free ones available for personal use:



    * Kerio Personal Firewall
    * Comodo
    * Zone Alarm

    And a good antivirus (these are also free for personal use):


    * AVG Anti-Virus
    * Avast Home Edition

    It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    Regards Jason :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.