TechSpot

Some horrible nasty virus/trojans/malware etc.

By eldacheese
Nov 17, 2008
  1. no clue what happened but on Saturday my computer started freaking out and getting a pop up down on the icon tray with an exlimation mark in a yellow triangle and I'd get alerts like security alert:spyware found etc. sometimes it says somethign a little different about trojans and such. on my desktop was an icon that said somethign like IE internet securities and then something esle under it cant remember now its gone. And there was like some spyware thing cant remember but its not popping up anymore or as much. I've completed all the steps and here are my logs. i hope this isnt too bad and I can get rid of it without much trouble.
     

    Attached Files:

  2. mflynn

    mflynn TS Rookie Posts: 2,655

    The Power of the TechSpot 8 Steps procedure.

    If you notice the logs reported many found and deleted. We need to scan again with both to see if the first scan exposed any that mbam or sas could not see on the first run. Post these new logs

    Once both come up clean then post another HJT log last after above.

    Mike
     
  3. rf6647

    rf6647 TS Maniac Posts: 829

    MBAM is stale. Update tools.
     
  4. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok I just redid it all it took a while. (the MBAM took like 3h 40 min)

    everythign is running faster right now. BUt i'm still getting the little exclimation mark and yellow triangle it says (i'm typing this exactly as it is even with typos)
    "System Alert: Malware threats your computer might be infected with a backdoor Trojan that allows the remote attacker to perform various malicious actions.
    Click this baloon to download malware removal software."


    also when I open IE all i get is a blank page then at the top it says about blank page or somethign like that.
    and when I open firefox NOTHING loads at all.
     

    Attached Files:

  5. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    can someone tell me if i attatched the right things?
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Run HJT Scan only Select and delete these

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

    All clean good job.

    Mike
     
  7. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok done. do i need to attach files anymore?
    i'm still getting that yellow triangle with the exclimation mark and the little bubble that pops up saying security alert spyware found.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Mbam log is clean.

    SAS shows many Tracking Cookies. Remove these Tracking Coockies=Screen shot wil help.Cllick on any one SS to see ta and buttons.
    http://superantispyware.en.softonic.com/images
    When you have finished, please
    Reset the Cookies:
    Reset Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    The people who have recommended other programs can handle an and removals.
     
  9. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok maybe i'm dumb.. but when i ran SAS it still showed those even after i did th quarantine do i need to go in and hit remove for each one? I dont want to mess anythign up.
     
  10. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    heres one of the other security alerts get it says.
    "Security Alert: NetWorm-i.Virus@fp
    Type: Virus/Network Worm
    Damage Level : High
    Description: Virus that infects executable files.
    Advice: Delte/quarantine immediately.
    Protection: Click this baloon to download certified Antivirus software."


    it wants me to download ulitmate antivirus 2008 too
     
  11. rf6647

    rf6647 TS Maniac Posts: 829

    Please describe the difficulty you're having updating MBAM.
    From log: Database version: 1306
    Currently available > 1400

    HJT tick / fix
    MBAM version used may explain some of these residual effects

    [edit]
    I often use this to clean up loose ends. MBAM does the bulk of the work. This one goes after hard-to-get infections. The side-benefit is clean-up of loose ends. Mike or another specialist can evaluate these results if indicated MBAM did not properly handle the infection.
    Combofix instructions courtesy of Blind Dragon
    [/edit]
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you follow the tabs shown in the image to remove the tracking Cookies?
    Did you reset the Cookies?

    The 'Worm' message you're getting is FROM rogue malware. Please do not click on anything to 'remove'.

    For removal:
    Download and run this: RogueRemover: http://www.majorgeeks.com/RogueRemover_d5360.html
    Attach a log from it!

     
  13. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok bobbye i'm downloading it now and will run scan after it installs


    rf6647 when i run the update it takes a while and then gives me an error message. So thats as upto date as it lets me get.
    and did you want me to do soemthign to the HJT? Sorry I know i'm a pain in the but(t)!
     
  14. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok just finished the scan.. it says it couldnt do it all with the free version?

    it wont allow me to attach the log because its too big... its (475KB, limit is 200KB)
     
  15. rf6647

    rf6647 TS Maniac Posts: 829

    Let's stay with Bobbye's lead. The tool found something,

    On the icon for the log file that's too big, try to compress it; then see what the size becomes, post it if comes under the size limit.

    Action to compress is a right click on the file icon > send to > compress (zipped) folder
     
  16. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok.. here it is..
    it said there were THOUSANDS of things.... this is not good and it just started happening on Saturday.
     

    Attached Files:

  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, first thing you need to realize about scans: everything you see isn't malware!

    What is the program that is in the zipped scanning log because the program isn't named. I can't see anything being removed just that it appears to be a scan of your entire hard drive. Just from a glance at "processes running" Half of those need to be stopped- they are valid but don't need to be running in the background unless you are actively using them.

    I see what looks like name you gave to pictures and a lot of other stuff we don't need.
     
  18. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    sorry thats the registry mechanic one that i was told to download and run the pc tools one? that rougue remover.

    and how do i get some thigns from stop running in the background

    all i had opened was IE and i htink my messenger may have been on.
     
  19. rf6647

    rf6647 TS Maniac Posts: 829

    There are many ways to control your startup applications in order to pursue this problem. Each way has its own limitations.

    Choices:
    1) Safe Mode with networking - some tools demand normal mode

    2) Normal mode with changes via msconfig - limit internet activity to sites for resolving this problem. Stay away from casual browsing. Your added Internet security applications do not load (there are exceptions; too much to cover here)

    How to:
    Start > run > type: msconfig > {{choices to be made}} > exit > restart the computer > tick off the advisory message > use the tools (objective of this)

    {{choices to be made}}

    a) diagnostic startup > most basic level of functioning

    b) selective startup > untick 'load startup item'
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Don't know who told you to download Registry Mechanic- it wasn't me.
     
  21. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok did option 2 with selective start up.. i got the system config thing when i restarted basically saying i had turned it off.



    and bobbye its what downloaded on the link in your last post this one Download and run this: RogueRemover: http://www.majorgeeks.com/RogueRemover_d5360.html
     
  22. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    will smitfraud do anything.. i know last time i had a virus and was here (over a year ago) it said to use smitfraud but i dont remember how to do it really.
     
  23. rf6647

    rf6647 TS Maniac Posts: 829

    Ah-ha. I witnessed your confusion.

    The offer to download Registry Mechanic sits on your computer while the link to the requested program spins for a while. Eventually (without popup blocker enabled) you finally are offered the dialog box to run/save..

    Popup blocker can be turned off temporarily or just for the D/L by click at the top of the browser (depending on toolbars & such)

    Hope this helps
     
  24. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    ok thanks.. so i can delete the registry mechanics then i'll install and upload the new log sorry about that...
     
  25. eldacheese

    eldacheese TS Rookie Topic Starter Posts: 53

    when i tried to check it for updates it said,
    "an Error occured in function UpdateExists (2)
    Could Not create a handle to update the file. Please Report this Error to the RogueRemover Team"

    so i ran the scan without the update and it claims its clean. that rogue remover didnt detect any items... but i still have the little warning thing.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...