Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Radio Played By Itself!


  • Please log in to reply
8 replies to this topic

#1 aaaaa

aaaaa

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 19 July 2007 - 11:23 PM

Hi,

I left my computer on when i went to lunch and when i came back, my computer was playing radio!! And no program was opened........I i guess i've been infected with a virus?

I did a scan with norton antivirus and i found a 3 infected files which 2 of them i deleted.

however, there's this one:

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Adclicker
File: C:\WINDOWS\svchost.exe
Location: C:\WINDOWS
Computer: HARLOK
User: Harlok Jai
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Fri Jul 20 14:21:39 2007

I can't do anything about that one, i can't delete it cause it says its still in use. What should I do? I have ran spybot and that has found nothing too.

Thank you very much

BC AdBot (Login to Remove)

 


m

#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:32 AM

Posted 20 July 2007 - 12:17 AM

Hi, i am bill, and I will try to help with your issue. Lets try this first, Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If this does not work, please follow the Instructions in the Preparation Guide Before posting a Hijack This Log.

Edited by oldf@rt, 20 July 2007 - 12:17 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 aaaaa

aaaaa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 20 July 2007 - 10:10 AM

Did you want me to post that text file after i scanned my computer? There were 30 defected items, however, none of them were the one i specified before.

However, it seems like norton is not picking up the previosly infected file...

Thanks

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:32 AM

Posted 20 July 2007 - 12:26 PM

Yes, what sas has found is important! post the log.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 aaaaa

aaaaa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 20 July 2007 - 09:45 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2007 at 00:38 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:44:37

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 5183
Registry threats detected : 0
File items scanned : 67162
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@adbrite[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[3].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ad.adserverplus[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@stat.dealtime[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@serving-sys[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ad.firstadsolution[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[4].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@adopt.euroclick[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[6].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@www.claxonmedia[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@overture[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ads.adbrite[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@partygaming.122.2o7[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@kanoodle[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@67.15.239[5].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@4.adbrite[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@st1.eyestats[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@adsrevenue[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@semdirector.112.2o7[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ad.bannerconnect[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@partypoker[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@bs.serving-sys[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ads.realtechnetwork[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@ad.globalinteractive[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@vhost.oddcast[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@cgi-bin[1].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@adinterax[2].txt
C:\Documents and Settings\Harlok Jai\Cookies\harlok jai@adinterax[3].txt


THanks!!!

However, it does not seem to have the filecan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Adclicker
File: C:\WINDOWS\svchost.exe
Location: C:\WINDOWS
Computer: HARLOK
User: Harlok Jai
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sat Jul 21 12:42:33 2007

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:32 AM

Posted 20 July 2007 - 09:53 PM

Your machine looks pretty clean, Bitdefender should be able to kill the trojan, Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Edited by oldf@rt, 20 July 2007 - 09:54 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 aaaaa

aaaaa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 21 July 2007 - 03:48 PM

Hi,

Before I could finish my scan, my internet explorer said "error" and asked me whether to report it so I ha dto shut my internet explorer.

However, since I did it overnight, when i saw it int he morning, there were like 3 script errors! some of it saying no memory etc etc.

then it says the file svchost.exe (the file infected before) has a problem and must be closed.

but then norton antivirus picked up the same virus on antoher file.

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Adclicker
File: C:\Program Files\update.exe
Location: Quarantine
Computer: HARLOK
User: Harlok Jai
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Sun Jul 22 02:26:29 2007

What shoudl I do!!!!

Thanks

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:32 AM

Posted 21 July 2007 - 03:52 PM

Follow instructions in the Preparation Guidefor posting a Hijack this log, just read and follow the instructions starting at step 9.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 aaaaa

aaaaa
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 23 July 2007 - 07:33 AM

I've posted my hijack log onto the "Hijackthis log and analysis" page.


Thanks!

Edited by aaaaa, 23 July 2007 - 07:37 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users