Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusprotectpro


  • Please log in to reply
8 replies to this topic

#1 s■yder

s■yder

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 02 August 2007 - 06:03 PM

hello all.

i currently had VirusProtectPro 3.5 on my computer. i ran my AVG (virus software), spybot (spyware) and ad aware SE (adware). my spybot found the files that was needed to get rid of the program off my computer.

just to make sure i did the manule checking (going through and finding each of the individual programs) i could not find any of the .dll files, so i figured i was ok to reboot so i did just that.

VirusProtectPro is no longer on my computer. but i keep getting a question mark icon with a X flashing through it, and everynow and then it displays tthat my computer is filled with spyware ..... etc. it says please click here to fix this problem. so when i click on it, it brings me to the VirusProtectPro website and it tries to get me to download it again.

please help me in fixing this problem. thank you for your time.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:57 AM

Posted 02 August 2007 - 06:09 PM

Download, install and run Rogue Remover Free.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 s■yder

s■yder
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 02 August 2007 - 06:37 PM

hello me again.

oldF@rt. it didn't work i still have the ballon there giveing me those warnings about it. the program it's self is not on my computer.

any more recomendations?

edit: im using windows XP if that makes any difference?

Edited by s■yder, 02 August 2007 - 06:40 PM.


#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:57 AM

Posted 02 August 2007 - 06:54 PM

Try super antispyware free

follow this carefully Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 s■yder

s■yder
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 02 August 2007 - 08:43 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2007 at 09:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3277
Trace Rules Database Version: 1288

Scan type : Complete Scan
Total Scan Time : 01:12:52

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 4158
Registry threats detected : 121
File items scanned : 46489
File threats detected : 55

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}#xxx
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Classes\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\Implemented Categories
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\InprocServer32
HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKU\S-1-5-21-527237240-1532298954-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{DF4E7A0C-E233-4906-B4C1-A404356541FF}

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}\InProcServer32
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EEUYDC.DLL

Adware.MovieLand/MediaPipe
HKLM\Software\MediaPipe
HKLM\Software\MediaPipe\Prefs
HKLM\Software\MediaPipe\Prefs#version
HKLM\Software\MediaPipe\Prefs#ItBill
HKLM\Software\MediaPipe\Prefs#ProductFamily
HKLM\Software\MediaPipe\Prefs#Country
HKLM\Software\MediaPipe\Prefs#Provider
HKLM\Software\MediaPipe\Prefs#TRAFFIC_COUNTRY
HKLM\Software\MediaPipe\Prefs#TRAFFIC_PROGRAM
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SOURCE
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SUBSOURCE
HKLM\Software\MediaPipe\Prefs#JOIN_FORM_ID
HKLM\Software\MediaPipe\Prefs#modem
HKLM\Software\MediaPipe\Prefs#GUID
HKLM\Software\MediaPipe\Prefs#Filename
HKLM\Software\MediaPipe\Prefs\ItBill
HKLM\Software\MediaPipe\Prefs\ItBill#Provider
C:\Program Files\MediaPipe\Agent.dll
C:\Program Files\MediaPipe\api.exe
C:\Program Files\MediaPipe\insdl.dll
C:\Program Files\MediaPipe\install.log
C:\Program Files\MediaPipe\ItBill_terms.txt
C:\Program Files\MediaPipe\MediaPipe.ini
C:\Program Files\MediaPipe\p2pinst.exe
C:\Program Files\MediaPipe\p2pl.exe
C:\Program Files\MediaPipe\register.dll
C:\Program Files\MediaPipe
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\MPDL.EXE
C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE

Malware.VirusProtectPro
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}\1.0
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}\1.0\0
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}\1.0\0\win32
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}\1.0\FLAGS
HKCR\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}\1.0\HELPDIR
HKCR\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}
HKCR\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}\ProxyStubClsid
HKCR\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}\ProxyStubClsid32
HKCR\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}\TypeLib
HKCR\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}\TypeLib#Version
HKCR\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}
HKCR\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}\ProxyStubClsid
HKCR\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}\ProxyStubClsid32
HKCR\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}\TypeLib
HKCR\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}\TypeLib#Version
HKCR\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}
HKCR\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}\ProxyStubClsid
HKCR\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}\ProxyStubClsid32
HKCR\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}\TypeLib
HKCR\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}\TypeLib#Version
HKCR\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}
HKCR\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}\ProxyStubClsid
HKCR\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}\ProxyStubClsid32
HKCR\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}\TypeLib
HKCR\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}\TypeLib#Version
HKCR\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}
HKCR\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}\ProxyStubClsid
HKCR\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}\ProxyStubClsid32
HKCR\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}\TypeLib
HKCR\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}\TypeLib#Version
HKCR\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}
HKCR\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}\ProxyStubClsid
HKCR\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}\ProxyStubClsid32
HKCR\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}\TypeLib
HKCR\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}\TypeLib#Version
HKCR\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}
HKCR\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}\ProxyStubClsid
HKCR\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}\ProxyStubClsid32
HKCR\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}\TypeLib
HKCR\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}\TypeLib#Version
HKCR\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}
HKCR\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}\ProxyStubClsid
HKCR\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}\ProxyStubClsid32
HKCR\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}\TypeLib
HKCR\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}\TypeLib#Version
HKCR\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}
HKCR\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}\ProxyStubClsid
HKCR\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}\ProxyStubClsid32
HKCR\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}\TypeLib
HKCR\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}\TypeLib#Version
HKCR\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}
HKCR\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}\ProxyStubClsid
HKCR\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}\ProxyStubClsid32
HKCR\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}\TypeLib
HKCR\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}\TypeLib#Version
HKCR\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}
HKCR\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}\ProxyStubClsid
HKCR\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}\ProxyStubClsid32
HKCR\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}\TypeLib
HKCR\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}\TypeLib#Version
HKCR\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}
HKCR\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}\ProxyStubClsid
HKCR\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}\ProxyStubClsid32
HKCR\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}\TypeLib
HKCR\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}\TypeLib#Version
HKCR\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}
HKCR\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}\ProxyStubClsid
HKCR\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}\ProxyStubClsid32
HKCR\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}\TypeLib
HKCR\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}\TypeLib#Version
HKCR\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}
HKCR\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}\ProxyStubClsid
HKCR\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}\ProxyStubClsid32
HKCR\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}\TypeLib
HKCR\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}\TypeLib#Version
HKCR\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}
HKCR\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}\ProxyStubClsid
HKCR\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}\ProxyStubClsid32
HKCR\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}\TypeLib
HKCR\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}\TypeLib#Version
HKCR\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}
HKCR\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}\ProxyStubClsid
HKCR\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}\ProxyStubClsid32
HKCR\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}\TypeLib
HKCR\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E947413D-8A0C-49F0-80CF-F4BE01FBA904}\RP643\A0076178.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\BOB\FAVORITES\ONLINE SECURITY TEST.URL

Adware.180solutions/Seekmo
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\18094.TMP

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\TEMP.FR1FF2\OT.ICO
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\TEMP.FR1FF2\TS.ICO
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\TEMP.FRDD04\OT.ICO
C:\DOCUMENTS AND SETTINGS\BOB\LOCAL SETTINGS\TEMP\TEMP.FRDD04\TS.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E947413D-8A0C-49F0-80CF-F4BE01FBA904}\RP590\A0070831.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E947413D-8A0C-49F0-80CF-F4BE01FBA904}\RP590\A0070832.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E947413D-8A0C-49F0-80CF-F4BE01FBA904}\RP643\A0076160.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E947413D-8A0C-49F0-80CF-F4BE01FBA904}\RP643\A0076161.ICO

Edited by s■yder, 02 August 2007 - 08:49 PM.


#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:57 AM

Posted 02 August 2007 - 08:55 PM

About what I expected. are you still getting the pop up from the system tray?

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 s■yder

s■yder
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 02 August 2007 - 09:04 PM

yup that that pop up is still there

will try that DL in a minute

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:57 AM

Posted 02 August 2007 - 09:11 PM

Ok, great run that last scan and then post a hijack this log:
  • Please download the installer for Hijack this, and save it to your desktop.
  • Double click on the HJTinstall to run the installer.
  • Agree to install
  • Agree to the license agreement.
  • Hijack this will then open.
  • Click on the do a system scan and save a logfile.
  • notepad will open with your log.
Edit your original post in the hijack this log forum, and add your hijack this log to the first post. Once you have done that, take no further guidance from anybody but the Hijack This team member.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 s■yder

s■yder
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 02 August 2007 - 09:20 PM

ok thank you for your help OF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users