Networm-1 virus@fp - Please help

[Phocks]

Good Morning All,

I recenlty had a Networm-1,virus@fp virus which I remove (well I belive so) using a program called SmtFraudFix.

Since the virus my internet connection has been running much slower - to the point I dont even want to go online anymore.

How do I check for the damage the virus has done to my system?

And how do I fix it?

Please bear in mind I am confident with computers but wont understand the Tech Lingo.

Regards

Phocks

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

***Reformatting Help***

Thanks for the prompt reply.

I have used my computer for internet banking but did not login at all while I had the virus - I was very careful not to do that.

Do I still need to reformat the computer I will a clean surfice.

If I do need to reformat how do I do it?

Thanks for your help.

Regards

Phocks

 

[howard_hopkinso]

Since you use your computer for online banking etc, I suggest you disconnect from the net and reformat immediately. Then, once done, you should contact your bank etc and tell them your computer has been compromised.

You need to do the following.

Diconnect from the net and don`t reconnect, until you have your firewall software installed.

1 Restart your computer and go to setup usually by pressing the F2 or delete key.

2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

3 Put the Windows xp disk into your cd drive.

4 Now save your settings and exit setup.

5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

7 You will be prompted to repair an installation press the escape key.

8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

11 Once the format is complete setup will continue.

Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

Install your firewall software and reconnect to the net. Install whatever drivers you need, then run Windows updates.

Finally, install whatever programmes/software you want.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

Thanks for all your help.

I had one quick question - all the downloads from Viruses/Spyware/Malware, preliminary removal instructions - do I keep these on my system once the problem is solved? Or do I delete?

Regards

Hello,

I have completed up to step 11 of the process.

The results of Panda Antirootkit programme come back with 'no unknown rootkits'.

Also I unable to install ComboFix.exe - it keeps saying that some files are corrupted and unable to install.

Should I skip and continue on to the next step?

Regards

Phocks

 

[howard_hopkinso]

I already advised you to reformat your system, in response to your post #3.

I do not believe you have any other option, since you use your computer for online banking etc.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

Sorry I should have explained my choice to go with the clean.

I had a chat to my wife after posting and she said she has not used online banking from this computer - and I only ever do it at work.

I just assumed she had used it.

I am an amature so would not go against the advice of someone who knows what they are talking about.

So will you help me finish this? I believe I am almost finished.

Phocks

 

[howard_hopkinso]

In that case, please do the following.

Delete all versions of Combofix from your system and try redownloading it again. If that doesn`t help, then skip it for now and continue with the rest of the instructions.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

Hello Howard

I am still stuck at the same point.

Firstly - I deleted ComboFix and reinstalled but keeps coming up with thje same problem saying some files are corrupted - I have tried downloading from differant locations with the same result.

Secondly - in safe mode my antivirus wont work - I downloaded McAfee after I realised I had Networm.

Do I need a new antivirus? Or is there something I can do.

Cheers

Phocks

 

[howard_hopkinso]

Skip Combofix for now and continue with the rest of the instructions.

You can run the Virus scan from normal mode if you want.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

HJT & AVGAS logs attached

Hello,

I have completed the steps outlined with below exceptions:

1) have not completed ComboFix as I cant seem to download
2) Completed Antivirus & Antispyware scans in normal mode.

I have attached the HJT and AVG Scan logs.

Please let me know your thoughts.

Again thanks for all your help.

Regards

Phocks

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

bm.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinSpyControl\bm.exe" dm=http://winspycontrol.com; ad=http://winspycontrol.com

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install3.5/installer.exe

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl85bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Common Files\WinSpyControl

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as a Combofix log if you can.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

HJT Log

Hello Howard,

Instructions followed and HJT log attached.

Having the same issues with Combofix - saying installation file corupted.

How does it all look? Am I clean?

Cheers mate.

Phocks

 

[howard_hopkinso]

Your HJT log is clean.

However, without seeing a Combofix log I can`t say with any certainty whether your system is clean or not.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

Thanks agaian mate.

Any suggestions on how I can get myself a ComboFix Log??

Cheers

 

[howard_hopkinso]

I don`t know why you`re having problems with Combofix.

Boot into safe mode with networking and see if you can download and run Combofix.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Phocks]

Hey mate.

Am working on the ComboFix issues now.

Just quickly - all the downloads have slowed my comp rediculously - is it ok to delete them?

Are there any I should keen on there for safety?

Cheers

 

[howard_hopkinso]

Yes you can delete all the tools we have used during clean up.

I recommend you keep SS&D and Ad-Aware as well as Ccleaner.

I hope to see your Combofix log soon.

Regards Howard

This thread is for the use of Phocks only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.