Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Someone Help Me Out?


  • Please log in to reply
13 replies to this topic

#1 GeneralJim

GeneralJim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 10:41 AM

Sorry to cause you guys any trouble without introducing myself...

I believe my computer's infected with some sort of adware. Avast! detects it, but when I try to move it to the virus chest, it is unable to move the file, and I've already tried VundoFix, but it doesn't detect it.... I'm not too computer-savvy, but is there a solution to it?? (My computer runs on XP by the way)

What the warning says...
--------------------
Avast! Warning

File name: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9SSZT90D\is68131[1].exe

Malware name: Win32:Vundo-gen46 [Adw]

Malware type: Adware

VPS version:000765-1, 2007-08-13

EDIT:
-------------------------
I just tried to get rid of it with Spybot - Search and Destroy. It fixed a bunch of other problems, and the Vundo adware infected another Temporary Internet File. >< Are there any other programs that can get rid of this thing?

Edited by GeneralJim, 14 August 2007 - 11:51 AM.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 11:55 AM

Give Super Antispyware a shot at the malware. It removes some Vundo related malware.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Please let us know the result of the scan.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 12:46 PM

I tried to use the SuperAntiSpyware, but it freezes about 10-13 minutes through the scan on the same file.

C:\WINDOWS\system32\B1\rar113.exe

But, before it froze, it found these files.

Trojan.Smitfraud Variant
Trojan.Downloader-Gen/SVHost
Adware.Tracking Cookie
Trojan.Downloader-Gen/Blah
Adware.WebBuying Assistant-Installer


What do I do now?

#4 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 01:07 PM

Use the Smitfraudfix tool in the link below.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Were you using Super Antispyware in safe mode?

Please post back with results and try the SAS again after using the tool above.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 01:29 PM

Okay, I didn't even initiate another scan or do anything when it suddenly allowed me to move the stubborn file, but now I've come under attack from several Trojan Horses..

Win32:Winfixer-F [Trj]

That infected this file, which I already know is a bad file.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4PMNCDY7\WinAntiSpyware2007FreeInstall[1].exe

What do I do now???

#6 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 02:06 PM

I really don't understand what you have done.
Have you downloaded the Smitfraudfix tool?
Have you used it?

Are you now able to run a scan with Super Antispyware in safe mode? You didn't answer me when I asked you whether not you ran SAS in safe mode.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 04:08 PM

Yes, I just ran both of them on safe mode, but yet another Trojan is attacking my computer. *sigh* I'm also getting the random pop-ups like the Vundo trojan, but my anti-virus doesn't detect any Vundo


File name:C:\WINDOWS\tk58.exe

Malware name: Win32:Small-AHY [Trj]

Do you have a solution for this one?

Edited by GeneralJim, 14 August 2007 - 04:11 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 04:27 PM

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 05:29 PM

I tried to run the BitDefender, but it hit a snag on a file, and I tried to stop the scan, but it won't stop. It did find three trojans, though.

I'm starting to get desperate here, are there any other options that'll put this all to a stop?

#10 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 05:42 PM

QUOTE: "I tried to stop the scan, but it won't stop"

I could read the above a couple of different ways. Is Bit Defender still scanning? Did it complete the scan and give you a report?
Sometimes a scan may appear to stop but it is actually scanning a large file.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 06:07 PM

It kept running for another 10 minutes after I posted that..about 20 min. in all , just on scanning my Avast! antivirus' moved files folder. It seems the Trojan Horse attacks have stopped, but now I'm getting those ErrorSafe pop-ups whenever I go onto IE.

Do you think I should try BitDefender again?

Edited by GeneralJim, 14 August 2007 - 06:09 PM.


#12 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 06:12 PM

http://www.malwarebytes.org/rogueremover.php
The program above will remove error safe.

After removing error safe, rerun Bit Defender and SAS.

EDIT--Replaced link for Rogue Remover

Edited by buddy215, 14 August 2007 - 06:15 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#13 GeneralJim

GeneralJim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 14 August 2007 - 06:56 PM

I'm running BitDefender right now. When I use IE, I get the occassional unwarranted pop-up from a site called Web Buying. It's a bit of a annoyance, but the constant virus alerts and and Trojan attacks have stopped, though there are alerts now and then from Virtumonde adware. I'll keep trying though.

Edited by GeneralJim, 14 August 2007 - 06:58 PM.


#14 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:21 PM

Posted 14 August 2007 - 07:15 PM

Be sure to run the SAS in safe mode. I think you said you ran Vundofix. Try the tool below if SAS doesn't remove the Virtumonde.

Use Virtumundobegone if Vundofix doesn't work.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Download VirtumundoBegone and save it to your desktop.


Now reboot into Safe Mode.


This can be done tapping the F8 key as soon as you start your computer


You will be brought to a menu where you can choose to boot into safe mode.


Select safe mode with networking using your arrow keys on the keyboard and then press enter.


When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,


Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.


Exit when it has finished, and reboot back to normal mode.
The WinFixer and Vundo infection should now be removed from your computer.

Post a Hijack This log in the Hijack This Forum. Just skip down to #9 for the download. You have done enough prep.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users