Malware alarm

[plasma dragon00]

well, seems we got blasted with this virus, and asked if we wanted to download the malwarealarm product. norton blocked it though, but then redected it and supposedly fixed it in a scan. ill do a full norton scan, as well as adaware/spyboy sd.

heres the hjt log, please if you can review it and tell me if theres anything wrong with it.

thanks,

~plasma

 

[Jase123]

Hi plasma dragon00 Welcome to Techspot!

My name is Jason, on these forums I am known as Jase123. I will be helping you with your current problem.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.

To access the Uninstall Manager you would do the following:

• 
  1. Start HijackThis
  2. Click on the Config button
  3. Click on the Misc Tools button
  4. Click on the Open Uninstall Manager button.
  5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:

• If you have questions, please DON'T hesitate to ask!
• The instructions I give are specific to your current problem and should not be used on other systems.
• Please post your replies only to this topic, and please DO NOT start a new thread.
• Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

 

[plasma dragon00]

thanks for the help jace, and heres the uninstall list:

Ad-Aware 2007
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Andrea VoiceCenter
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.0
ccCommon
CCleaner (remove only)
CCScore
Chuzzle Deluxe
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Coupon Printer for Windows
Creative MediaSource
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center
DellSupport
Desktop Doctor
Digital Content Portal
Digital Line Detect
ELIcon
EPSON CX5800F Guide
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Garmin WebUpdater
Garmin WebUpdater
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hidden Expedition Titanic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
kgcbase
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Mozilla Firefox (2.0.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NAVShortcut
Nero Suite
NetWaiting
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Otto
Polar Bowler
Qualxserve Service Agreement
QuickTime
RealPlayer
Rhapsody
Rhapsody Player Engine
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SFR
SFR2
Shanghai II
SHASTA
SKIN0001
SKINXSDK
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPBBC
Spybot - Search & Destroy
staticcr
Symantec
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
TurboTax Home & Business 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB MassStorage CardReader
VPRINTOL
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WIRELESS
Xbox 360 Controller for Windows
ZoneAlarm
Zuma Deluxe
_______________________________________________
~plasma

 

[Jase123]

Put a check beside all of the items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

* Close all open windows and browsers/email, etc...
* Click on the "Fix Checked" button
* When completed, close the application.

Everything looks clean in your HJT log.

Now, in the interests of making sure your system is truly clean, please do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Jason

 

[plasma dragon00]

here they are. the bmp file enclosed is the error i recieved before i got the virus, just so you know what box im talking about. the bottom part of it is the web page it opened. sorry its bad detail, but i had to save it as a 16 color bitmap for it to be the right size. the web pageopened points to

http://scanner2.malware...

combofix, avg as, and hjt logs.

thanks,

~plasma

 

[Jase123]

I am reviewing your logs now - I will be back soon - thanks for your patient.

Regards Jason

 

[plasma dragon00]

and thank you for helping me lol

 

[Jase123]

Follow my instructions below:

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Re-post a fresh Hijackthislog after.

Regards Jason

 

[plasma dragon00]

here you go, and thanks.

~plasma

 

[Jase123]

Hi plasma dragon00,

your log looks clean. Lets run some other scanners.

Please copy the fix to Notepad/Word, or print it, because you won't always have internet access!

Step 1: Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
First:

* Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
* Choose Exit Spybot S&D Resident

Second:


* Open Spybot S&D
* Click Mode, check Advanced Mode
* Go To Left Panel, Click Tools, then also in left panel, click Resident
* If your firewall raises a question, say OK
* Uncheck the box labeled Resident Tea-Timer and OK any prompts.
* Use File, Exit to terminate Spybot
* Reboot your machine for the changes to take effect.

Step 2: Update Adobe Reader
Please make sure Adobe Reader is up-to-date. I'm not sure whether your version has the latest update, but it can't hurt to check.

Step 3: Update Java

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

* Download the latest version of Java Runtime Environment (JRE) 6 .
* Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on the download to install the newest version.

Step 4: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

* Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
* Then select the items you wish to clean up.

o In the Windows Tab:

+ Clean all entries in the Internet Explorer section except Cookies
+ Clean all the entries in the Windows Explorer section
+ Clean all entries in the System section
+ Clean all entries in the Advanced section
+ Clean any others that you choose

o In the Applications Tab:

+ Clean all except cookies in the Firefox/Mozilla section if you use it
+ Clean all in the Opera section if you use it
+ Clean Sun Java in the Internet Section
+ Clean any others that you choose


* Click the Run Cleaner button.
* A pop up box will appear advising this process will permanently delete files from your system.
* Click OK and it will scan and clean your system.
* Click exit when done.
* If it asks you to reboot at the end, click NO

NOTE: CCleaner should be run with the above settings for each User Account!


Step 5: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:


Extended (if available otherwise Standard)


o Scan Options:


Scan Archives Scan Mail Bases

* Click OK
* Now under select a target to scan:

Select My Computer

* The program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.

o Now click on the Save as Text button:

* Save the file to your desktop.

Step 7: Post logs

# Fresh HijackThis log
# ComboFix log

And tell me how your computer is running - any problems ect.

Regards Jason

 

[Jase123]

May I also add - you have "Norton Anti virus" installed - this seems to cause more problems than it solves.

I recommend you remove it using this Norton Removal Tool

Then I suggest you get one of the following Antivirus programs:

* avast! 4 Home Edition

* AVG Antivirus 7.5

Followed by one of the free firewall programmes:

* Zone Alarm

* Outpost

Regards Jason

 

[plasma dragon00]

well, my parents are just going to wait for their norton subscription to expire, and then theyre either going to buy a new norton product or use one of these free ones. they get the norton AV when they buy their tax software every year

also, we use zone alarm on this computer, and i use iton mine too because i like the produce

here are the logs, i saved a kaspersky log somewhere but cant seem to find it. it showed up clean though, but a bunch of objects showed up as "locked". if i find the log ill post it.

heres hjt and combofix though

~plasma

 

[Jase123]

Word of advice - don't renew your Norton subscription.

Both logs clean. Hows your system running now? Any problems?

Regards Jason

 

[plasma dragon00]

lol we never have renewed them, with the old versions we would just reinstall them and that would give us a new subscription. with this one, though, it actually tracks it probably from their site. even if its uninstalled. system seems to be running fine.

thanks for the help jason

~plasma

 

[Jase123]

Good!

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again. It will have also created a new clean restore point.

Now that you are clean, to help protect your computer in the future I recommend that you get the following program(s):


* AVG Antispyware

You should also have a good firewall. Here are 3 free ones available for personal use:



* Kerio Personal Firewall
* Comodo
* Zone Alarm

And a good antivirus (these are also free for personal use):


* AVG Anti-Virus
* Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

Regards Jason