Hi guys,
First time here, I found loads of sites but decided to join up here – I’m interested in this stuff and want to learn more to help out where I can, so took an extra bit of time to find a community I’d like to return the favour too.
Anyway, cut to the chase. I have a friends laptop here that is infected with what I think is a version of the Worm.Win32.Netbooster Giving the popup “Attention, [User]! Some dangerous torjan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download antispyware software. (Recommended). This is not the exact message – As I’m now unable to see the message. It was almost identical to this but I’m 99% sure that this infect gave the the message “attention, [user] some dangerous viruses are detected in your system…” I also see a Yes no dialog rather than a Ok cancel dialog. Click either yes or no would redirect to a porn site.
Firstly I want to state that this computer is now offline, I’m not happy with dirty machines connecting to my network. I’m using latest versions of software mentioned with downloaded updates / definitions via a usb stick.
His viruses software is Mcafee security centre – and completes the scan with no infections. (this is out of date, with the latest update on the 3rd, I haven’t found a manual update file) (I’d rather install AVG, but 2 AV’s at once don’t usually get along, and I don’t want to uninstall his McAfee as its whats he’s used to and I don’t have an install disk)
Spybot S&D with the latest includes picked up a few random infections which it removed successfully, but didn’t find or fix this mentioned issue. This runs a clean scan.
CCleaner also found various things that it cleaned up and didn’t fix the above issue. This runs a clean scan.
FixIEDef.exe ran fixed something, but failed to fix this issue, this now runs a clean scan.
Finally Malwarebytes scanned and fixed a couple of objects – this has now kind of fixed the problem – I’m now left with a completely empty popup box (no text) that now no longer forwards to the website, but its super annoying and I need to finish this clean up to remove this popup box.
Thanks guys my HJT log is below
pastebin.com/f406b7821
Its not allowing me to post my HJT log due to 'linkss or images requiring 5 post count', please excuse the above...
First time here, I found loads of sites but decided to join up here – I’m interested in this stuff and want to learn more to help out where I can, so took an extra bit of time to find a community I’d like to return the favour too.
Anyway, cut to the chase. I have a friends laptop here that is infected with what I think is a version of the Worm.Win32.Netbooster Giving the popup “Attention, [User]! Some dangerous torjan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download antispyware software. (Recommended). This is not the exact message – As I’m now unable to see the message. It was almost identical to this but I’m 99% sure that this infect gave the the message “attention, [user] some dangerous viruses are detected in your system…” I also see a Yes no dialog rather than a Ok cancel dialog. Click either yes or no would redirect to a porn site.
Firstly I want to state that this computer is now offline, I’m not happy with dirty machines connecting to my network. I’m using latest versions of software mentioned with downloaded updates / definitions via a usb stick.
His viruses software is Mcafee security centre – and completes the scan with no infections. (this is out of date, with the latest update on the 3rd, I haven’t found a manual update file) (I’d rather install AVG, but 2 AV’s at once don’t usually get along, and I don’t want to uninstall his McAfee as its whats he’s used to and I don’t have an install disk)
Spybot S&D with the latest includes picked up a few random infections which it removed successfully, but didn’t find or fix this mentioned issue. This runs a clean scan.
CCleaner also found various things that it cleaned up and didn’t fix the above issue. This runs a clean scan.
FixIEDef.exe ran fixed something, but failed to fix this issue, this now runs a clean scan.
Finally Malwarebytes scanned and fixed a couple of objects – this has now kind of fixed the problem – I’m now left with a completely empty popup box (no text) that now no longer forwards to the website, but its super annoying and I need to finish this clean up to remove this popup box.
Thanks guys my HJT log is below
pastebin.com/f406b7821
Its not allowing me to post my HJT log due to 'linkss or images requiring 5 post count', please excuse the above...