Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating System Windows Xp Service Pack 2


  • Please log in to reply
21 replies to this topic

#1 chow2rich

chow2rich

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 14 August 2007 - 04:16 PM

I scanned my computer with Spyware Doctor and it found Affiliated with Browser Hijackers (2 infections) - Elevated, Known Bad Sites (1 infections) - High, and Tracking Cookies (10 infections) - Low. How can repair my operating system Windows XP Service Pack 2 from these spyware and adware. I removed them, but I don't know if it's completey removed free from spyware or adware. How can I tell if it's removed completely. Thank you.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 AM

Posted 14 August 2007 - 06:02 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 15 August 2007 - 09:43 PM

I went to BitDefender, and it detected Java.Trojan.Exploit.Bytverify, and Trojan.Java.Classloader.E, but it deleted because it couldn't disinfected it. I couldn't save the log, because the ant-virus took too long and it crashed or something, but it did remove the virus.

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 AM

Posted 15 August 2007 - 11:10 PM

Run the SuperAntiSpyware program next, safe mode is preferred.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 16 August 2007 - 03:30 PM

I did, it found two Adware Tracking Cookies. And I had it removed.

Edited by chow2rich, 16 August 2007 - 03:31 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 AM

Posted 16 August 2007 - 03:53 PM

What antivirus program do you have installed on your computer? If you don't have one, there are a few that free for the home user. I use the free version of AVG Antivirus. In the link below are programs that the members here have used and recommend.
http://www.bleepingcomputer.com/forums/topic3616.html

If you have an antivirus installed, suggest you run a scan with it in safe mode or rerun the online scan for Bit Defender. After that it will be your call as to posting a Hijack This log or not.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 16 August 2007 - 05:03 PM

I have Avast as my anti-virus. It detects everything or almost everything.

Edited by chow2rich, 16 August 2007 - 05:04 PM.


#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 AM

Posted 16 August 2007 - 05:06 PM

Have you used the boot time scan feature of avast yet?
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 17 August 2007 - 11:11 PM

No not yet, I'm still not sure how to do that yet. How do I do that? Thank you for all your help.

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 AM

Posted 18 August 2007 - 12:38 AM

How to start Avast boot time scan:

Right click on the blue ball in the task tray
Click on Start Avast! Antivirus
Click on the up arrow
in the menu that pops up, click schedule boot time scan
scan all local disks should be selected
click schedule, it will want to restart. restart
when the machine restarts, watch and read. do not touch any keys until the first virus is found.
Be sure to read the instructions extremely carefully!
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 19 August 2007 - 02:30 PM

Thank you, I found it. I will follow your instructions and the avast instructions.

#12 chow2rich

chow2rich
  • Topic Starter

  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 20 August 2007 - 10:32 PM

I have done the boot scan, but it didn't find the virus, because bitdefender found it and cleaned it by deleting. Bitdefender couldn't disinfect it, so it deleted the file. Bitdefender also said my BHO is infected. All of my BHO is infected. How can I fix or clean this problem? Thank you.

#13 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:20 AM

Posted 20 August 2007 - 10:55 PM

In internet Explorer, it is tools, internet options, click the programs tab, click the manage add ons button.

In firefox, Tools, Add ons, the add ons manager runs, select one then you can disable or uninstall.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#14 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:20 AM

Posted 21 August 2007 - 06:39 AM

Update your Java. Start/ Control Panel/ Double click on Coffee Cup (Java)/ click on Update tab/ click on Update Now. Once you have updated Java, go to the Add/Remove program and remove ALL old Java programs.

Which browser helper objects were infected? Did Bit Defender say the location of the infected BHOs was in the "restore" folder? If that is the case, then purging the system restore is recommended. Let us know if that is the case or not.

Edited by buddy215, 21 August 2007 - 07:55 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:20 AM

Posted 21 August 2007 - 07:14 AM

I went to BitDefender, and it detected Java.Trojan.Exploit.Bytverify...

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code.

When a browser runs an applet, the Java Runtime Environment (JRE) stores all the downloaded files into its cache directory for better performance. Microsoft stores the applets in the Temporary Internet Files. The Java.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code...Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. See: here.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache should eliminate the problem. The Java Plug-In in the Control Panel is only present if you are using Sun's Java. If you don't have the Java-Plugin installed then just delete the files manually. The Microsoft Virtual machine stores the applets in the Temporary Internet Files.

SOLUTION:
If your using Sun Java, follow the instructions for Clearing the Java Runtime Environment (JRE) Cache.
If your using IE, Netscape, Mozilla, Opera, or AOL, follow the instructions for Clearing your Web Browser Cache.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users