TechSpot

Virus Alert - Error Cleaner, Privacy Protector

By amat071
Nov 19, 2008
  1. i have a problem with my laptop. my first evidence was that the wallpaper changed to a message about a virus alert. i have been a computer user and hobby programmer since the apple ii days so i recognized this right away as a problem. i soon realized that i had shortcuts on my desktop for error cleaner, privacy protector, and spyware & malware protection also. i recognized these from a friend's description from a problem he had a year ago. i then noticed that where my traybar clock should indicate am or pm the text virus alert! was present. i didn't realize that text could even be changed. i also started getting fake dialog boxes popping up warning me of a virus threat and wanting me to install the recommended software to fix it. i knew better than that so i closed those using alt-f4 as much as i could. i also had internet explorer windows popping up and trying to load pages from a risking looking url. i turned off my wireless adapter's antenna so i wouldn't be on the internet. apparently the virus had started working on broadcasting before i noticed this because a little later my isp called to let me know i had a virus and that he had shutdown my connection temporarily. i told him i knew and that i had disconnected the offending machine from the internet already. he wished me luck and told me he would turn my connection back on so i could use another computer to troubleshoot the problem. i downloaded avg 8.0 and ran it twice. the first time it found a couple of files and and number of registry entries it didn't like. at this time i didn't realize that i was going to be asking for your help so i didn't record what the names of the items found were. if you know that avg creates a log and where it might be i can certainly forward it. the second time avg ran it didn't find anything it labeled a threat. this didn't seem to have any affect on getting rid of the virus.

    i then googled on the error cleaner, privacy protector, spyware & malware protection and found a thread recommending the use of sdfix.exe. i downloaded it and followed its intructions. when it told me to open a command prompt, i discovered that many of my start menu items had disappeared including run and command prompt. when i opened run dialog by typing windows key-r and typed cmd.exe enter the command prompt opened containing a message that my administrator had disabled my command prompt. as i am my administrator i knew this was another trick of the virus. after a little research i found that sdfix.exe had a registry script to fix this. i ran it and then my command line started to work. i resumed with the instructions from sdfix and after and hour or so thought i had the problem fixed. twenty minutes or so after that i discovered that the virus was back with all symptoms except for the wallpaper change.

    i just remembered that there is a white x in a red circle flashing in my tray bar about half the time. it pops up a ballon every so often telling me i have a virus and asking me to accept its help getting rid of it.

    i have read some of the thread in this forum and already done the 8 step and it seem working for me given that all the issue has gone but for precaution i attach my logs here
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi amat071

    Good job!

    Because of the quantity of and high risk issues found and reported by both MBAM and SAS they need to be ran again until they are clean or find something they can not clean, Post log for each run.

    No need for another HJT until all are clean then post it last.

    The first run likely exposed what the first run never even saw! This second run will likely find more and 2 runs usually get sthem all. We will see when we get the logs

    Mike
     
  3. amat071

    amat071 TS Rookie Topic Starter

    thanks for the suggestion,here im thinking that all problem has been solve ehehhe..i will runs them again and post the log later...is its ok to run both MBAM and SAS simultaneously???is it gonna effect the result of the scan?
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    No not a good idea!

    They may clash and if they didn't they would slow each other down anyway.

    You may be clean but I doubt it, we will see? Better safe than sorry!

    Don't feel bad about thinking you are finished. You may be surprised to learn that a lot of Malware warriors that do what I am doing now think the same as you.

    OK get me the logs from these runs also!

    Mike
     
  5. amat071

    amat071 TS Rookie Topic Starter

    alredy done running MBAM and SAS. i ran both twice, the 1st run i do it

    simultaneously and just as you said it slow each othr down.hehehe.i didnt read ur

    recent post until now..the second i did separately..here are the logs..
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Good morning amat071

    HJT Scan only Select and remove (pertain to System Mechanic but are dead entries)

    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

    In your first mbam log a low risk entry was found in System restore files, the 2nd run got that.

    Same for 1st run SAS but by finding something else different even in System Volume Information (System Restore) indicates to me that there is something else going on..

    To that end do the below:

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    Mike
     
  7. amat071

    amat071 TS Rookie Topic Starter

    good evening Mike

    wow~~you really are good at these thing..juz by looking at the log u know smthing is

    wrong..i didn't understand a thing what those log all about..ehehhehe...i will run combofix

    and post the log later..thanks for the early warning..


    amat
     
  8. amat071

    amat071 TS Rookie Topic Starter

    already done with combofix..didnt take that much time compare to mbam and

    sas..here i attch the log..
     
  9. mflynn

    mflynn TS Rookie Posts: 2,655

    OK because it found so much and nasty stuff.

    Run Combofix again. After you get me the other logs.

    Mike

    EDIT: amat you might like to see what is happening by reading this (I don't have to write it all for you)
    http://www.techspot.com/vb/post686624-17.html
     
  10. amat071

    amat071 TS Rookie Topic Starter

    ok i ran combofix 3 time,but only got one log to attch, its rewrite the file after each run and i didn't know that...heheh..waiting for the next step..
     
  11. mflynn

    mflynn TS Rookie Posts: 2,655

    Its OK but I need to see them it helps. So post the logs as you do them from now on.

    OK do this:

    It takes a little longer than ComboFix but much less time than the other scans.

    Download SD Fix to Desktop among other things Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-clickto RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Copy and paste the Report.txt file to your next post.

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...