Mem problem seems to be caused by virus

By aribas
Jan 1, 2010
  1. my pc is a win xp sp3 with 1,256 MB RAM. only 256 MB is reckon by win although bios shows full ram. i've followed the 8 steps removal procedure (see annexs). Pass netsweeper before and after the procedure and still reports virus.
    could anyone please help me?

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, aribas. Looks like the language of the day is not English! I'll do what I can. There will be problems though:

    I see this in the HijackThis log:
    Command: C:\Arquivos de programas\gbplugin.exe
    Description: Added by the TSPY_BANKER.ZEG spyware.
    It causes incorrect identification of the "gbiehuni.dll" file - a component of G-Buster Browser Defense (see ) used by users of some Internet Banking Services in Brazil. It is a Trojan named PWS-Bamber.dll

    This Trojan targets several banks, so I advise you to immediately change all of your passwords and monitor any online financial transactions.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Save the Combofix download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)


    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Follow with this online scan.
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Attach the Combofix report and Eset log to your next reply.

    Please do this also. It will cut down on the ads and tracking Cookies.

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    The reset need to be done on all accounts.
  3. aribas

    aribas TS Rookie Topic Starter

    ESET file

    i ve runned combo-fix and it generate a type of folder shortcut. i cannot upload it.
    what can i do. the eset file is attached.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you do this?
    Save the Combofix setup to your desktop. you did NOT do this, uninstall current Combofix, then install again, following the naming instruction and save to the desktop. To RUN you will then double click on the setup. Log instructions are given.

    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Then go back to Reply 2, and follow the download for Combofix. I've added the line "save to your desktop".

    Attach new Report to next reply.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      C:\Arquivos de programas\zlsSetup_70_483_000_en.exe	
      C:\Arquivos de programas\MSN Messenger\winkspackb.exe	
      C:\Arquivos de programas\TVUPlayer\TVUPlayer_1.5.12_20060210\TVUPlayer_1.5.12_20060209.exe	
      C:\Arquivos de programas\Zone Labs\zlsSetup_70_470_000_en.exe	
      C:\Documents and Settings\All Users\Documentos\carolina\actingsilly.exe	
      [start explorer]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Where did you download ZoneAlarm from? Eset is showing malware in the installer. I checked the ZA forum and apparently the other online scan, Kaspersky is also picking it up as malware. It might be a False Positive.

    Please rescan with Eset after the removal. Include both Combifix report and new Eset log in next reply.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...