Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Somthing Has Infected My Computer.


  • Please log in to reply
7 replies to this topic

#1 megalo

megalo

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 04 August 2007 - 10:06 PM

Today, after I turn on my computer, I get a pop up message saying that I am infected and that I should download some software that claims to fix the problem. At first, I am surprised as I try to be very careful when I am online, but I suppose they found a way to get on my computer. So, I update and run the software that I have which are AVG Free 7.5 and Ad-Aware 2007. I ran Ad-Aware 2007 first and it found a bunch of stuff that I deleted. Then I ran AVG Free 7.5 and it found nothing. I then Explored the Start menu and found some folders that I knew shouldn't be there so I deleted them, but in the Program Files folder there is a folder called Video ActiveX Access. I am very certain that this is the source of my pop-ups and what-not, yet when I try to delete the folder and its contents I receive this message:

Cannot delete iesmin.exe: Access is denied.

Make sure the disk is not full or write-protected and that the file is not currently in use.


How sad.

These are the contents of the folder:

iesmin.exe; imsmain.exe; iesmn.exe; imsmn.exe; iespig.dll

I then check the Processes in the Windows Task Manager to see if any of them are running and all 4 iesmin.exe; imsmain.exe; iesmn.exe; imsmn.exe are running.

Subsequent scans with both Ad-aware and AVG come up with no issues or infections.

Now I don't know what to do other than consult the experts at Bleeping Computer.

I should also note that none of this seems to have an effect on Firefox.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:12 AM

Posted 04 August 2007 - 10:28 PM

See if Rogue Remover will get rid of the video active x
  • Please download Rogue Remover Free from Malwarebytes.
  • Please save the file to your normal saved file location or the desktop
  • double click on rr-free-setup to run the installation program
  • accept the license agreement.
  • follow all the steps and click finish to run the program
  • Click the check for updates link
  • click the scan link to start scanning
  • when done, follow the onscreen directions to remove anything that it found.
Let us know your results, please

Thank You, OF
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:12 AM

Posted 04 August 2007 - 10:28 PM

Use the Smitfraudfix tool in the link below.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Follow up with the instructions below.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 megalo

megalo
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 05 August 2007 - 03:01 AM

See if Rogue Remover will get rid of the video active x

  • Please download Rogue Remover Free from Malwarebytes.
  • Please save the file to your normal saved file location or the desktop
  • double click on rr-free-setup to run the installation program
  • accept the license agreement.
  • follow all the steps and click finish to run the program
  • Click the check for updates link
  • click the scan link to start scanning
  • when done, follow the onscreen directions to remove anything that it found.
Let us know your results, please

Thank You, OF



When I attempt to run Rogue Remover this message appears:

Run-time error '372':

Failed to load control 'ProgressBar' from comctl32.ocx. Your version of comctl32.ocx may be outdated. Make user you are using the version of the control that was provided with your application.

#5 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:12 AM

Posted 05 August 2007 - 09:36 AM

See info in link below concerning comctl32.ocx.
http://support.microsoft.com/kb/896559

Both Super Antispyware and Smitfraudfix should remove the malware you have. Have you tried either of those?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 megalo

megalo
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 05 August 2007 - 06:23 PM

See info in link below concerning comctl32.ocx.
http://support.microsoft.com/kb/896559

Both Super Antispyware and Smitfraudfix should remove the malware you have. Have you tried either of those?


Yes, I have used both of them and they seem to have removed that folder and its contents which has eliminated the popups, and error messages.

So, am I good or should I still post a Hijack this log in the Hijack this log forum?

#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:03:12 AM

Posted 05 August 2007 - 06:28 PM

Have you run the bitdefender scan yet?

If you have not, you are not done. If bitdefender finds anything, definitely post the hijack this log!
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:12 AM

Posted 05 August 2007 - 06:33 PM

Edited by Buddy215
Yes, you should run the online scan for Bit Defender. Didn't realize you had not done that.

That is up to you. If you want to wait a couple of days and run the scans again and if they come up clean and you have no popups or other obvious malware problems, I would say you are clean. You can also follow up with the directions below.

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/


Turn off system restore. This will remove all restore points since some are infected . Turn system restore back on.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Edited by buddy215, 05 August 2007 - 06:36 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users