 Help With Privacy Protector Virus |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 May 9 2008, 05:14 PM
Post
#1
|
|
|
Member  Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726  |
Mike This post has been edited by Orange Blossom: May 9 2008, 06:08 PM
Reason for edit: Moved to more appropriate forum. ~ OB
|
 |
 
|
|
May 9 2008, 06:21 PM
Post
#2
|
|
 Visiting Alien Group: Members Posts: 3,942 Joined: 20-May 07 From: millenium falcon Member No.: 131,963 |
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. IMPORTANT: Do NOT run any other options until you are asked to do so! **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. -------------------- |
|
|
|
|
May 9 2008, 06:24 PM
Post
#3
|
|
|
Visiting Alien Group: Members Posts: 3,942 Joined: 20-May 07 From: millenium falcon Member No.: 131,963 |
we will also need to get atf cleaner, the manual updates for SAS and download malwarebytes anitmalware and it's updates
there may be another one or two also, wait to burn another cd do you have a usb drive, we need to get logs back from the infected machine, we will disinfect/immunizhe drive first tho This post has been edited by DaChew: May 9 2008, 06:25 PM -------------------- |
|
|
|
|
May 9 2008, 08:34 PM
Post
#4
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
hi Chewy, thanks for the info. I was following a procedure to remove this that was posted on majorgeek.com. It had me Install Superantispyware, Spybot, Malwarebytes anti-malware, combofix, and MG Tools. I couldn't use the internet before, and the virus wouldn't let me install Superantispyware. So I used Malwarebytes, and it found and removed some stuff, but the internet still wasn't working. I then used Smitfraud, option 2, and it got the internet going again, and I was able to install Superantispyware. So I was able to go through the list I mentioned. I have logs for Superantispyware, Combofix and MGtools, which I could post.
|
|
|
|
|
May 9 2008, 08:37 PM
Post
#5
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 7,016 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Post the MBAM and SAS logs,please.
-------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
May 9 2008, 08:39 PM
Post
#6
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
here is the SAS report
Generated 05/09/2008 at 09:06 PM Application Version : 4.0.1154 Core Rules Database Version : 3456 Trace Rules Database Version: 1448 Scan type : Quick Scan Total Scan Time : 00:04:29 Memory items scanned : 536 Memory threats detected : 0 Registry items scanned : 444 Registry threats detected : 4 File items scanned : 4210 File threats detected : 5 Adware.MyWebSearch HKU\PE_C_JACKSON\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} HKU\PE_C_KARLA\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} Adware.Tracking Cookie C:\Documents and Settings\Joe\Cookies\joe@adnetserver[1].txt C:\Documents and Settings\Joe\Cookies\joe@sale.antispywaremaster[2].txt C:\Documents and Settings\Joe\Cookies\joe@advancedcleaner[1].txt C:\Documents and Settings\Joe\Cookies\joe@secure.advancedcleaner[1].txt C:\Documents and Settings\Joe\Cookies\joe@antispywaremaster[1].txt Browser Hijacker.Internet Explorer Settings Hijack HKU\PE_C_KARLA\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ] Adware.Zango/ShoppingReport HKU\PE_C_JACKSON\Software\ShoppingReport |
|
|
|
|
May 9 2008, 08:40 PM
Post
#7
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
here is the mbam report, though it said it found nothing
Malwarebytes' Anti-Malware 1.12 Database version: 722 Scan type: Quick Scan Objects scanned: 36839 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
May 9 2008, 08:44 PM
Post
#8
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 7,016 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
I forgot to ask did you run the Cleaning (part 2) of SmitfraudFix from safe Mode?
-------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
May 9 2008, 08:46 PM
Post
#9
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
yes I did, but before I ran SAS, mbam, Spybot, Combofix and MGtools.
|
|
|
|
|
May 9 2008, 08:50 PM
Post
#10
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 7,016 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
You still have the Privacy Protector Icon in the system tray or a warning from it on your desktop?/
This post has been edited by boopme: May 9 2008, 08:58 PM -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
May 9 2008, 08:53 PM
Post
#11
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
also, let me add that the computer seems almost back to normal, but there are these windows ".dll" and "checkdsk" missing file messages that keep popping up occasionally. That biohazard screen is gone, and I think there is still a browser hijack attached to internet explorer.
|
|
|
|
|
May 9 2008, 08:56 PM
Post
#12
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
um, there is no viruprotect icon, there's actually no icons on the desktop that look suspicious. There's only one in the add/remove programs area that looks suspicious and it is "freeze.com" toolbar. I can't remove it because every time I click the button to change/remove it it does nothing
|
|
|
|
|
May 9 2008, 09:08 PM
Post
#13
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
I just went through the other 2 user desktops and everything appears normal, just getting those .rundll warnings
|
|
|
|
|
May 9 2008, 09:23 PM
Post
#14
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 7,016 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
This dll message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan.
To resolve this, download Autoruns, search for the related entry and then delete it. Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.) Open the folder and double-click on autoruns.exe to launch it. Please be patient as it scans and populates the entries. When done scanning, it will say Ready at the bottom. Scroll through the list and look for a startup entry related to the file(s) in the error message. Right-click on the entry and choose delete. Reboot your computer and see if the startup error returns. -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
May 9 2008, 09:34 PM
Post
#15
|
|
|
Member Group: Members Posts: 35 Joined: 20-December 07 Member No.: 177,726 |
ok, I installed and ran it, looking through the list right now. It is very long on the tab "everything," which tab is it under?
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th July 2008 - 09:26 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.