Some horrible nasty virus/trojans/malware etc.

Status
Not open for further replies.
E

eldacheese

Posts: 53   +0
No clue what happened but on Saturday my computer started freaking out and getting a pop up down on the icon tray with an exlimation mark in a yellow triangle and I'd get alerts like security alert:spyware found etc. sometimes it says somethign a little different about trojans and such. on my desktop was an icon that said somethign like IE internet securities and then something esle under it cant remember now its gone. And there was like some spyware thing cant remember but its not popping up anymore or as much. I've completed all the steps and here are my logs. I hope this isnt too bad and I can get rid of it without much trouble.
 

Attachments

  • mbam-log-2008-11-16 (18-58-42).txt
    2.9 KB · Views: 11
  • SUPERAntiSpyware Scan Log - 11-16-2008 - 20-42-27.log
    3.5 KB · Views: 8
The Power of the TechSpot 8 Steps procedure.

If you notice the logs reported many found and deleted. We need to scan again with both to see if the first scan exposed any that mbam or sas could not see on the first run. Post these new logs

Once both come up clean then post another HJT log last after above.

Mike
 
Ok I just redid it all it took a while. (the MBAM took like 3h 40 min)

everythign is running faster right now. BUt I'm still getting the little exclimation mark and yellow triangle it says (I'm typing this exactly as it is even with typos)
"System Alert: Malware threats your computer might be infected with a backdoor Trojan that allows the remote attacker to perform various malicious actions.
Click this baloon to download malware removal software."


also when I open IE all I get is a blank page then at the top it says about blank page or somethign like that.
and when I open firefox NOTHING loads at all.
 

Attachments

  • hijackthis.log
    12.3 KB · Views: 5
Run HJT Scan only Select and delete these

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

All clean good job.

Mike
 
ok done. do i need to attach files anymore?
i'm still getting that yellow triangle with the exclimation mark and the little bubble that pops up saying security alert spyware found.
 
Mbam log is clean.

SAS shows many Tracking Cookies. Remove these Tracking Coockies=Screen shot wil help.Cllick on any one SS to see ta and buttons.
http://superantispyware.en.softonic.com/images
When you have finished, please
Reset the Cookies:
Reset Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

The people who have recommended other programs can handle an and removals.
 
ok maybe i'm dumb.. but when i ran SAS it still showed those even after i did th quarantine do i need to go in and hit remove for each one? I dont want to mess anythign up.
 
heres one of the other security alerts get it says.
"Security Alert: NetWorm-i.Virus@fp
Type: Virus/Network Worm
Damage Level : High
Description: Virus that infects executable files.
Advice: Delte/quarantine immediately.
Protection: Click this baloon to download certified Antivirus software."


it wants me to download ulitmate antivirus 2008 too
 
Please describe the difficulty you're having updating MBAM.
From log: Database version: 1306
Currently available > 1400

HJT tick / fix
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
Click to expand...

MBAM version used may explain some of these residual effects

[edit]
I often use this to clean up loose ends. MBAM does the bulk of the work. This one goes after hard-to-get infections. The side-benefit is clean-up of loose ends. Mike or another specialist can evaluate these results if indicated MBAM did not properly handle the infection.
Combofix instructions courtesy of Blind Dragon
[/edit]
 
when i ran SAS it still showed those even after i did th quarantine
Click to expand...

Did you follow the tabs shown in the image to remove the tracking Cookies?
Did you reset the Cookies?

The 'Worm' message you're getting is FROM rogue malware. Please do not click on anything to 'remove'.

For removal:
Download and run this: RogueRemover: http://www.majorgeeks.com/RogueRemover_d5360.html
Attach a log from it!
RogueRemover FREE is an application that can remove rogue antispyware, antivirus, and hard drive cleaning applications with ease. Rogue applications provide false information about the safety of your computer as well as, give erroneous scan results or put their own malware on your computer. It is free and
has the ability to completely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters, as well as a number of other rogue applications.
Click to expand...
 
ok bobbye i'm downloading it now and will run scan after it installs


rf6647 when i run the update it takes a while and then gives me an error message. So thats as upto date as it lets me get.
and did you want me to do soemthign to the HJT? Sorry I know i'm a pain in the but(t)!
 
ok just finished the scan.. it says it couldnt do it all with the free version?

it wont allow me to attach the log because its too big... its (475KB, limit is 200KB)
 
Let's stay with Bobbye's lead. The tool found something,

On the icon for the log file that's too big, try to compress it; then see what the size becomes, post it if comes under the size limit.

Action to compress is a right click on the file icon > send to > compress (zipped) folder
 
Ok.. here it is..
it said there were THOUSANDS of things.... this is not good and it just started happening on Saturday.
 

Attachments

  • Scan.zip
    51.6 KB · Views: 5
Okay, first thing you need to realize about scans: everything you see isn't malware!

What is the program that is in the zipped scanning log because the program isn't named. I can't see anything being removed just that it appears to be a scan of your entire hard drive. Just from a glance at "processes running" Half of those need to be stopped- they are valid but don't need to be running in the background unless you are actively using them.

I see what looks like name you gave to pictures and a lot of other stuff we don't need.
 
sorry thats the registry mechanic one that i was told to download and run the pc tools one? that rougue remover.

and how do i get some thigns from stop running in the background

all i had opened was IE and i htink my messenger may have been on.
 
There are many ways to control your startup applications in order to pursue this problem. Each way has its own limitations.

Choices:
1) Safe Mode with networking - some tools demand normal mode

2) Normal mode with changes via msconfig - limit internet activity to sites for resolving this problem. Stay away from casual browsing. Your added Internet security applications do not load (there are exceptions; too much to cover here)

How to:
Start > run > type: msconfig > {{choices to be made}} > exit > restart the computer > tick off the advisory message > use the tools (objective of this)

{{choices to be made}}

a) diagnostic startup > most basic level of functioning

b) selective startup > untick 'load startup item'
 
sorry thats the registry mechanic one that i was told to download and run the pc tools one
Click to expand...

Don't know who told you to download Registry Mechanic- it wasn't me.
 
will smitfraud do anything.. i know last time i had a virus and was here (over a year ago) it said to use smitfraud but i dont remember how to do it really.
 
Ah-ha. I witnessed your confusion.

The offer to download Registry Mechanic sits on your computer while the link to the requested program spins for a while. Eventually (without popup blocker enabled) you finally are offered the dialog box to run/save..

Popup blocker can be turned off temporarily or just for the D/L by click at the top of the browser (depending on toolbars & such)

Hope this helps
 
when i tried to check it for updates it said,
"an Error occured in function UpdateExists (2)
Could Not create a handle to update the file. Please Report this Error to the RogueRemover Team"

so i ran the scan without the update and it claims its clean. that rogue remover didnt detect any items... but i still have the little warning thing.
 
Status
Not open for further replies.

Similar threads

Alster37
Need some ideas - intermittent GPU detection / boot device failure
Replies
0
Views
1K
Alster37
Alster37
Shawn Knight
PlayStation Classic hands-on opinions: a faithful reproduction that's missing some key...
Replies
8
Views
2K
Kytetiger
K
DjKraid
Steam: How to spot scams and how to avoid them
Replies
0
Views
18K
DjKraid
DjKraid

Latest posts

Back