Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Darksma Downloader


  • Please log in to reply
19 replies to this topic

#1 Akiraton

Akiraton

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 15 August 2007 - 01:38 PM

Okay so my computer started to have...pop ups and these notices that says "WinAntiSpyware" or "WinAntivirus 2007 get it now!".. and then it would install itself and I cant stop it! I have Yahoo! Anti-Spy and it detects Darksma...And the description of it is that its "design to retrieve and install additional files, often without user's notice or knowledge." I tried to remove it by Yahoo Anti Spy, and then it told me to reboot the computer. When I did, I scanned with the Yahoo Anti Spy again and Darksma is STILL in there...and the location is hkey_local_machine /software/microsoft/dinf...I dont know where that is! I cant seem to delete it...Does anyone know how to get rid of it? I know NOTHING about computers >_< Help anyone? Remember, I know NOTHING about...viruses/downloaders/etc. Please help ! =]
Posted Image

BC AdBot (Login to Remove)

 


m

#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 15 August 2007 - 02:39 PM

I would recommend that you start trying to remove the problems with Trend Micro Housecall. once you complete the scan Let it remove everything that it can. When you have done this, please let us know your results.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 16 August 2007 - 01:30 PM

Well I did run the scan and left it on overnight...This morning there were a list of infections[aobut 10] and vulnerabilities [over 50!]..So I clicked "clean now" and...It's been saying "Deleting Active Grayware and spyware" for over 2 hours and 30 minutes...should I stop it? Well it said "Preparing" for over 2 hours before this and I waited
Okay so the scan is done..but some of the infections couldnt be deleted...and at the bottom of my screen, next to time thingi on the bottom right corner, theres still the red X that says my computer is infected...>_< I restarted the computer after the housecall thing was done too...

Well results...NO MORE POP UPS! YAY~ And...my computer is EXTREMEMLY slow now >_> I think it was like that after I downloaded the updated version of iTunes last night...but I still have Darksma downloader and ..new adwares? [I'm scanning with Yahoo Anti-Spy btw] O_O And I have 3 more questions...

1.When theres a list..with infections and cookies..is it a good idea to delete all of em?

2.I tried to "Ctrl+alt+delete" but it says I cant do it because "task manager has been disabled by your administrator"...Is there a way to fix that?

3.Last night before I ran the scan...I dont know what happened but my desktop went blank after downloading the updated version of iTunes..the background is nothing..just a color..and it wont let me change backgroud when I right click to Properties..Can you also help me with this? Here is a picture:

Posted Image

Thank you! =]

Edited by Akiraton, 16 August 2007 - 02:36 PM.

Posted Image

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 16 August 2007 - 02:46 PM

Download and run Superantispyware. Run the installer, accepting the defaults if the program needs to update, let it. when it is complete, restart the computer in safe mode. Run SAS, select scan your computer, in the next windows, select complete scan and click next to scan. when the scan is complete, click next to begin the removal process. If SAS needs to restart the computer again, let it. Again, let us know your results. Hopefully this will cure the task manager issue also.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 16 August 2007 - 02:50 PM

Uhmm..before I do anything, what is "Restart computer in safe mode"? =X I dont know what safe mode is...hehe sorry ^_^ I know..barely nothing about this..and is it recommended to select "Protect Home Page"? I installed it already...now this popped up.

Edited by Akiraton, 16 August 2007 - 05:19 PM.

Posted Image

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 16 August 2007 - 05:17 PM

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/, if this does not work, you can still run the scan in regular mode. EDITLeave the home page alone for now

Edited by oldf@rt, 16 August 2007 - 05:18 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 16 August 2007 - 05:20 PM

Okay so I figured it out myself because I want to get this over with! Blehh anyways I did what you told me to do and ...When the computer starts up where the screen is blue and it says welcome...It stay at that screen for a LONG time..where it usually stays there for only 3 seconds? >_< Well I ran Yahoo Anti Spy after SuperAntiSpyware rebooted the comp..and Darksma Downloader is STILL in there ..I still cant change my background and I still cant ctrl alt delete >_< I still have the red X at the bottom that says I'm infected too...Anymore advices?
Posted Image

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 16 August 2007 - 06:08 PM

Just follow the preparation guide for posting the hijack this log. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ and then post the log.

Edited by oldf@rt, 16 August 2007 - 06:08 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 16 August 2007 - 08:53 PM

- Clean out your temporary internet files and temp files.

Go to "Start" -> "Run" and type in the box: "cleanmgr". Let it scan your system for files to remove. Make sure these 3 are checked and then press "Ok" to remove:
Temporary Files
Temporary Internet Files
Recycle Bin

At this part, for me I only see PRESARIO (C:) and PRESARIO_RP (D:)..Which one do I click? I dont see the 3 listed...

Edited by Akiraton, 16 August 2007 - 09:02 PM.

Posted Image

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 16 August 2007 - 11:22 PM

Click the C Presario only. the d is the recovery partition and is not used for anything but reloading the computer.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 August 2007 - 09:40 AM

Okay well yesterday morning I left for fish camp from 7AM-4PM...And while I was at fish camp, my dad recovered the computer by pressing F10 when the computer is starting up, where the screens says COMPAQ...Now everything seems fine...I cant find the darksma downloader...and when I ran a-squared thingi, there were no viruses o_o the desktop and everything is fine....Is recovering the computer a good idea? I dont know...but I didnt mention this before...this has happened for months already...Whenever we reboot the computer, this pops up..

"Runtime Error!
Program: C:\Program Files\VerizonOnline\bin\mad.exe
abnormal program termination"

Do you know what that means? I want to get rid of it...but I dont know what it is o_O

edit// oh and I didnt do the hijack thing yet because I was planning to do it after fish camp but...i came home and saw...a desktop so..i was like..wtf o_O

Edited by Akiraton, 18 August 2007 - 09:42 AM.

Posted Image

#12 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 18 August 2007 - 11:04 AM

The first thing that you should do is to remove the trial anti virus that came with the machine and then install one of the freeware programs: http://www.bleepingcomputer.com/forums/topic3616.html Next you get to do every windows update known to mankind, make sure the computer has SP 2, and the additional 85 or so updates.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#13 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 August 2007 - 11:15 AM

"remove the trial anti virus that came with the machine "...Uhm how do you remove them? o_O I have Norton Internet Security and stuff...and I wanted to get rid of it so I was bout to with Add/Remove programs but...I saw this..and I dont know what the heck it means...so I didnt delete it o_o

Use Extreme Caution!!



Modifing your registry can damage your operating system beyond repair!





Before proceeding, backup your registry! NOW!!


Posted Image

#14 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:03 PM

Posted 18 August 2007 - 01:10 PM

Did you select a replacement antivirus from the list?

Don't mess with the registry!! This has been known to make windows inoperable, instead, you can download and use the Norton removal tool from Symantec.Uninstall everything that has Norton or Symantec in the add/remove programs list first, restarting as needed, then run the removal tool, then install the av program that you have selected. Caution, make sure that you are not connected to the internet while you are removing/uninstalling norton, and install the new av before reconnection.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#15 Akiraton

Akiraton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 August 2007 - 01:28 PM

Uhm...Theres 2 removal thingis..do I download both? And sorry for asking so many questions...What does AV mean? anti-virus? is a-squared counted as one? because I have it... But I'm really scared because my dad is gonna kill me if I screw the computer up >_< Dont mess with the registry? I dont know if my dad registered or whatever yet when he recovered the computer because I was at Fishie Camp...and I have the Zone Alarm firewall...Whenever I reboot the computer, zone alarm would always ask me "Symantec blah blah is trying to access the internet, ALLOW or DENY" whenever I click DENY, the internet does not work..I have to click ALLOW for it to work...and I clicked allowed already [of course to be here..] O_O soo...Help? >_< Sorry to keep botheringg you!

Edited by Akiraton, 18 August 2007 - 01:32 PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users