 Sowar Browser, Moderator Split by boopme |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Oct 23 2008, 05:06 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 7 Joined: 23-October 08 Member No.: 249,346  |
i did what you said and this is the copy of the LOG content that i copied. What do i do next? Please help me. Thank you so much in advance. Have a nice day. Pinklady1123 Malwarebytes' Anti-Malware 1.30 Database version: 1310 Windows 5.1.2600 Service Pack 3 10/24/2008 4:49:08 AM mbam-log-2008-10-24 (04-49-08).txt Scan type: Quick Scan Objects scanned: 75304 Time elapsed: 51 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
 |
 
|
|
Oct 25 2008, 04:02 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 2,316 Joined: 13-December 06 From: The Netherlands Member No.: 100,987 |
Hi Pinklady,
I PM'd a mod to split the topic, because you came with your problem in an other one's topic.  - Do a full scan with MBAM, and post the new logfile in your next reply. -------------------- Regards,
Black_Bird |
|
|
|
|
Oct 25 2008, 08:30 AM
Post
#3
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 18,898 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
How to Remove sowar.vbs Virus
CAUTION: These steps involve making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. To fix the "Long Live Sowar" message in the title bar, see How to Change the Internet Explorer Window Title (be sure to read the section on backing up your registry first) or you can try using ieclear.bat by IE MVP Hans Le Roy which will reset the title to Windows default. Then download Flash_Disinfector.exe by sUBs and save it to your desktop.
When done, check for and remove any Startup RUN values by downloading and using Autoruns. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2010  Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
Nov 7 2008, 07:49 PM
Post
#4
|
|
|
New Member Group: Members Posts: 7 Joined: 23-October 08 Member No.: 249,346 |
Hi superbird and quietman7. Thank you so much for your help. I appreciate you helping out a newbie like me. I read the instructions on another topic here (the same one as what quietman7 quoted on his reply). The Sowar Browser Title changed back to Windows Internet Explorer. Now, whenever the computer starts up, a WINDOWS SCRIPT HOST appears with this message "Can not Find Script File "C:\WINDOWS\Sowar.Vbs" What does it mean? What can I do to remove it? Superbird, I am currently performing FULL SCAN as you suggested, I will post the logfile afterwards (i hope it's not too late). Thanks in advance to both of you. =]
pinklady |
|
|
|
|
Nov 8 2008, 02:52 AM
Post
#5
|
|
|
New Member Group: Members Posts: 12 Joined: 23-August 08 Member No.: 232,496 |
all you have to do is to download the autorun and run it...
and then CTRL+F and type the sowar.vbs on the dialog box... and it will show you the RAWOS.VBS with the check on the box.... right click on that file and choose delete... http://technet.microsoft.com/en-au/sysinte...s/bb963902.aspx (autorun download) i hope this one will help you... coz i just figured out and it work with my pc... |
|
|
|
|
Nov 8 2008, 05:39 AM
Post
#6
|
|
|
Forum Addict Group: HJT Team Posts: 2,316 Joined: 13-December 06 From: The Netherlands Member No.: 100,987 |
Hi Pinklady,
Do a new full scan with MBAM. Post the new logfile.
-------------------- Regards,
Black_Bird |
|
|
|
|
Nov 14 2008, 06:17 AM
Post
#7
|
|
|
New Member Group: Members Posts: 7 Joined: 23-October 08 Member No.: 249,346 |
Hi Xzibit13, i will do as you suggest. I hope it works. Thank you for taking the time to help me.
Hi Superbird. Here is the new logfile. Thanks. Malwarebytes' Anti-Malware 1.30 Database version: 1310 Windows 5.1.2600 Service Pack 3 11/8/2008 12:52:52 PM mbam-log-2008-11-08 (12-52-51).txt Scan type: Full Scan (C:\|) Objects scanned: 122753 Time elapsed: 4 hour(s), 28 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Nov 14 2008, 06:35 AM
Post
#8
|
|
|
Forum Addict Group: HJT Team Posts: 2,316 Joined: 13-December 06 From: The Netherlands Member No.: 100,987 |
Hi,
Seems you are clean now. Quietman, what do you think? -------------------- Regards,
Black_Bird |
|
|
|
|
Nov 14 2008, 08:45 AM
Post
#9
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 18,898 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
How is your computer running now? Any more reports/signs of infection or the "Long Live Sowar" message in IE's title bar?
-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2010 Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
Nov 15 2008, 07:04 PM
Post
#10
|
|
|
New Member Group: Members Posts: 7 Joined: 23-October 08 Member No.: 249,346 |
My computer is Sowar Free now! Thank You for being patient with me, Superbird, Quietman and Xzibit!
I appreciate all your help. More power to all of you. =] Pinklady |
|
|
|
|
Nov 16 2008, 04:42 AM
Post
#11
|
|
|
Forum Addict Group: HJT Team Posts: 2,316 Joined: 13-December 06 From: The Netherlands Member No.: 100,987 |
Hi,
Nice to hear that. Please do this: 1. Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
2. Go to the Windows update site and download and install all available updates, so your computer is prtected against malware. 3. Read this page To prevent yourself against re-infection. You can delete all used tools and programs. -------------------- Regards,
Black_Bird |
|
|
|
|
Nov 16 2008, 07:39 AM
Post
#12
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 18,898 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
More tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe". • "How did I get infected?, With steps so it does not happen again!". • "Hardening Windows Security - Part 1 & Part 2". • "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser". • "Use Task Manager to close pop-up messages to safely exit malware attacks" • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2010 Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
Nov 19 2008, 06:35 AM
Post
#13
|
|
|
Member Group: Members Posts: 31 Joined: 19-November 08 Member No.: 258,312 |
hi i got infected by sowar.vbs and i used Malwarebytes' Anti-Malware 1.30 to try to fix the task bar problem but it didnt detect any malware after i deleted during the first scan but it still cant open the taskbar. this is the result of the second scan. help? thanks in advance
Malwarebytes' Anti-Malware 1.30 Database version: 1411 Windows 5.1.2600 Service Pack 3 11/19/2008 7:05:22 PM mbam-log-2008-11-19 (19-05-22).txt Scan type: Quick Scan Objects scanned: 23058 Time elapsed: 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Nov 19 2008, 07:14 AM
Post
#14
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 18,898 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Welcome to BC raindrops
If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette. Thanks for your cooperation. The BC Staff -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2010 Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
|
|
|
Nov 20 2008, 01:40 AM
Post
#15
|
|
|
Member Group: Members Posts: 31 Joined: 19-November 08 Member No.: 258,312 |
QUOTE(quietman7 @ Nov 19 2008, 08:14 PM)  Welcome to BC raindrops If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette. Thanks for your cooperation. The BC Staff hi! sorry bout that! thanks for the welcome! |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 11:31 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.