Spread the love! TechSpot Tech Gift Shortlist 2017

Badly infected xp pro machine

By breezy · 16 replies
Nov 28, 2008
  1. Infected with lots of stuff:

    I ran SpyBot, and it stopped several times and gave me this message and a yellow triangle with exclamation mark: 'There were problems in the include file C:\Program Files\Program Files\Spybot-Search_Destroy\Includes\TrojansC.sbi See 'Includes errors.log' for details.' There was only one button to click and it said 'OK' and Spybot wouldn't continue on until I clicked OK. It did this 4 times. On of the files was named Malware.sbi - the next one was MalwareC.sbi - then trojans.sbi and trojansC.sbi. But when it finished running, it threw up the message: "Congratulations! No immediate threats were found." But when everything was closed down, there was a new file on my desktop entitled, 'delself.bat'

    Well, I updated my Avast AV this morning - ran it- and, yes, I have a ton of malware! What showed up are the following:

    > trojan - Win32: Newdotnet [trj]
    > repeated
    > adware - Win32: Agent-AWB [adw]
    > virus/worm - Win32: Lightly-E [Cryp]
    > repeated
    > trojan - Win32:Agent-QNI [trj]
    > virus - Win32: Lightly-E [cryp]
    > trojan - Win32: Newdotnet [trj]
    > repeated
    > repeated
    > adware - Win32:Agent-AWB
    > adware - Win32:Adware-gen [adw]

    When Avast finally quit, it listed what it had done, and it only seemed able to put one item in the chest.
    It read: [embedded_R#25aa8] infection: Win32:Newdotnet [trj] file was
    successfully moved to chest. But then the next line said:

    [embedded_l#08138] infection: Win32:Newdotnet [trj] error occurred during
    moving file to chest. The system cannot find the file specified.

    So I am suspecious that the malware was actually removed. Then there was a long list of others that read the same way. I am assuming the 'repeated' ones were NOT removed either. I looked in Sytstem32 and could not find braviax.exe ... As I was told it usually hangs out with that 'delself.bat' file.

    > What I would like to do: Run the steps in your 8 step program and post the logs here. Am I in the right place to do this? Thanks! This is my first post.
  2. anshuman

    anshuman TS Rookie

    First of all download a more known anti virus software like norton or kaspersky.
    if you see that the same viruses are on your computer thenit might be a problem because sometimes these other anti virus soft
    wares do the exact opposite of what they're supposed to do, anyways if these viruses keep coming back then
    you are better off formatting your hard drive because viruses like these leave traces and
    it's hard to get rid of them
    that's what i had to do when my laptop got infected,
    and if you decide to do this, you might have a hard time finding all the drivers once xp is installed
    again, so good luck!
  3. mopar man

    mopar man TechSpot Ambassador Posts: 1,379

    Ok, anshuman, Norton is absolutely not recommended in any case. AVAST! is a well known Anti-Virus, being used in Techspots 8-Step Viruses/Spyware/Malware Preliminary Removal Instructions.

    You asked if you are in the right place, and you are actually not. This is the Introductions section, meant for you to... well, introduce yourself!

    This isn't unusual, and a mod will move your topic for you, most likely.

    HERE is the link to the area you should have posted in, for future reference.

    Now, as for your problem, I suggest doing as you said you wanted and following those steps very carefully. The people on here are very educated on this matter and will be able to help you.

    Oh, and by the way, Welcome to Techspot!

    If you have any problems that you may feel better to get 1 on 1 help with, feel free to PM me!
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Brezzy

    Follow mopar man's advice and do the 8 Steps no short cuts or skipping steps.

    But DO NOT uninstall or install a Virus scanner (or any other program) until you are clean.

    Before you scan with SuperAntiSpyWare do the below:

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

  5. breezy

    breezy TS Rookie Topic Starter

    Thank you to Kimsland for moving me to the right forum. And thank you to the other replies. I will be working on the logs and submit them shortly. Do i click on the 'manage attachments' button on this reply page? thanks. brez
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes :)

    The "Attachments" button looks like this --> [​IMG] (found in the reply Window)
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Glad you made it over Breezy. I'll try to help you as much as I can. Go through the steps, even though they might seems a bit overwhelming at first. We can't do much til we see the logs.

    Here's some help on attaching the logs:
  8. cjthavinit

    cjthavinit TS Rookie

    i had the same prblem with avast the anti virus i used was a squared combined with avg free im now using avg full version ive not had a problem in two years hope this helps

    but u must uninstall the a squared b4 getting avg because of a conflict this is y a squared will not get rid of all of the threats but avg will get rid of the rest i found out the only way to get rid of the threats was to use an anti-virus that operates in boot up
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I suggest you 'newbies' give this person a change to run the programs and post the logs before you start giving advice!
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Let me know if you need me Bobbye ;)
  11. breezy

    breezy TS Rookie Topic Starter

    Hello - well, im back. have 3 logs to post. hope i do it right! thanks for all the concern. breezy ps Wow! I think that uploading thing went alright. thanks again.
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    Great Job Breezy

    Do this to begin finishing up.

    D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
    No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

    Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.


    Reboot then the below.
    Run CCleaner both Temps and Registry run twice or more until clean.

    Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
    Close all Apps and Browsers

    Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

    If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

    Enter the OTScanit folder and run OTScanit.exe.

    In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

    Top Left click Run Scan.

    The scan can take some time so allow it time.

    Then finished a log will open, save log, attach contents back to here.

    Update Spybot and run including Immunization.

    Then give us a status of how things are working and what is left.

  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Breezy, the Mbam log is clean! That's a surprise!

    SAS shows Tracking Cookies. Open the program and check to remove. Click on lower left image here to see where to check for removal:

    Reset Cookies:
    Update Java:
    You have 2 online scanners running in the background. You can stop then and uninstall:
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    But there is no malware showing. I want Blind Dragon to take you through ComboFix and any other program he thinks might ferret out any unseen malware. You can go ahead and run the program:

    Please download ComboFix.: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    (screen shots to help)
    Attach the log when through. Blind Dragon will check it for you.
    BD, I'm concerned about the clean logs with the amount of malware that was present. Please assist with any other programs you think are needed. Thanks.

    EDIT: Mike, I'd like BD to finish this one up.
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    Sure no problem.

  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    No problem - the only other thing I want to see:

    Navigate to C:\Program Files\TrendMicro\HijackThis

    Right click on HijackThis.exe and select rename

    rename it to breezy.exe

    Attach a new hijackthis scanned like this with the combofix log
  16. breezy

    breezy TS Rookie Topic Starter

    Sorry, but I do not want to download any more malware removal programs. Since running the last 3, I have had some more glitches show up. Cannot copy and paste addresses in home page bar, cannot use links in email - gives me 'page cannot be displayed' window-cannot save graphics from my emails. I had an awful time getting back to my post so I could post this! I am on dialup and when I go to disconnect, it shows I am disconnected, but when you pick up the phone, the modem is still online. I sincerely appreciate all your help, but since my logs seemed clean, I think I will just do a 'restore' now. If problems show up again, then I will do a 'recovery.' Frankly, ComboFix scares the bejeebers out of me, and from what I read on it, I just don't think it will cooperate well on a dialup machine. I have less than 3 G personal files and have them all backed up, so it seems a lot simplier to just do a 'Recovery.' thank you for everything.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    If you do a System Restore now, you will undo everything that has been done- including the finding and removing of the malware the antivirus program found. Since you don't know when the malware got on the system, you cannot know when to restore to.
    Malware gets into the restore points. Because they are protected files, the cleaning programs don't remove it from there. When a cleaning is completed, the old restore points are dropped and a new clean one is set.

    However, if you don't want to continue, you may want to run one more short program to remove the cleaning tools:
    Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) Click the CleanUp! button.
    It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...