Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is Infected


  • This topic is locked This topic is locked
33 replies to this topic

#1 Dyllan

Dyllan

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 09 October 2007 - 10:53 PM

Hey, I downloaded Video ActiveX, and now my computer is infected and running very slow. In the Add/Remove section there is a file named Adobe Flash Player 9 ActiveX, but when I click on the change/remove button, it does nothing. It is the only program that will not remove! I've ran scans, removed or quarantined many viruses, trojans, and cookies. But I keep scanning and keep finding more. My computer is running extremely slow. I really need help. Could you please help me get my computer back to normal. Thanks!

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:12 AM

Posted 09 October 2007 - 11:35 PM

Hi Dyllan and welcome
What Operating System and Antivirus do you use
Have you run the AV in Safe Mode ..How to start Windows in Safe Mode

Try removing Adobe with these instructions .. How to uninstall the Adobe Flash Player plug-in and ActiveX control
After you have removed your malware reinstall it
http://www.adobe.com/products/flashplayer/

Try running theses scans also
BitDefender

SuperAntiSpyware - Use the Free Home user version

Let us know

Edited by boopme, 09 October 2007 - 11:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 09 October 2007 - 11:50 PM

Thank you for replying so quick. My original Anti-virus system is Norton Internet Security, but it detects nothing. I have been using AVG Anti-Spyware and Mcafee. My operating system, Windows XP, if that's what you're asking. I've ran scans with several other anti-virus systems, and they all say I have many infections. I just scanned with AVG and put 2 Downloader.Aggent.bxx and 1 Downloader.Zlob.dbn into quarantine. And I have not ran the AV in safe mode.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 10 October 2007 - 10:30 AM

Zlob is a trojan related to the Smitfraud family of rogue applications/trojans.

Please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

Then, download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program.
  • Select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and follow the onscreen directions to remove anything found.
  • The program will walk you through the remaining steps.
When done, perform a scan with your anti-virus in "Safe Mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 10 October 2007 - 11:27 PM

First I ran SuperAntiSpyware and it removed 54 trojans! I have continued to run scans, but it keeps finding tracking cookies. I downloaded and ran Rogue Remover. It said my computer was clean. I also ran SmitfraudFix. My computer seems to be running much better, but still a little slower than normal. I'm scanning right now with SuperAntiSpyware, and it's been stuck on the same file for a long time: C:\Programs Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal. So far it has detected 8 tracking cookies, this is the second time it's got stuck on this file. I also defragmented my computer under Performance and Maintenance.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 11 October 2007 - 05:24 AM

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

The type of cookie that is a cause for concern is "tracking cookies because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. They are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners. Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups nor do they install malware. As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 11 October 2007 - 06:31 PM

Okay, thanks for the info. My computer still seems to be running a little bit slower.

#8 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:12 AM

Posted 11 October 2007 - 07:04 PM

If you have more than one antivirus or installed the full version of Super Antispyware, this could be the problem with slow computer. Make sure that SAS is NOT running at startup and remove all but one antivirus.
Permanently delete the quarantined files from Norton. This should stop SAS from hanging.
Be sure to run the SAS scans in safe mode.

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings During installation you will be offered the Yahoo Toolbar. Be sure to uncheck if you don't want it. http://www.ccleaner.com/

You can block the third party cookies (spyware/adware/tracking) from installing by following the directions in the link below. Once you have blocked their installing, remove the existing third party cookies manually or using Ccleaner.
http://privacy.getnetwise.org/browsing/tools/ie6/block3

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 11 October 2007 - 08:55 PM

If your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 15 October 2007 - 07:34 PM

I removed the extra antivirus programs and cleared the Norton quarantine list. My computer seems to be running faster. But, I am running a scan with SAS and it has detected Trojan.Net-AVP/AVT 2 times, but it is now stuck on C:\WINDOWS\Temp. I will keep you updated on my computer's status, it has been a day-to-day basis. I get it running normal, then the next day it's running very slow.

#11 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:12 AM

Posted 15 October 2007 - 07:43 PM

If you are not running SAS in safe mode, you should. Less chance of getting stuck and better chance of removing the malware in safe mode. Have you used Ccleaner?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:12 AM

Posted 15 October 2007 - 08:02 PM

If you need to( say safe mode is a problem,tho it is a better way to scan) you can also stop SAS ,quarantine what was found. Click finish and resart a new scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 15 October 2007 - 09:17 PM

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Then try scanning with SAS and reboot normally.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Dyllan

Dyllan
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 16 October 2007 - 11:28 PM

I ran Ccleaner and ATF Cleaner. I ran SAS in safe mode, but it detected nothing, but before when I scanned in normal mode it detected those 2 trojans I said before. I'm not sure if either one of those cleaners could have removed the trojans, but I ran them between the scan in normal mode and the scan in safe mode. My computer is running faster and more consistant. But it is still a little slower since I downloaded Video ActiveX. When I turn on my computer, the desktop items appear very slowly. The name pops up, but it takes the images a while to load. Video ActiveX is not on my program list anymore, but I think my computer is still slow because of it. I think my computer is just about back to normal, so if you have anymore suggestions, please let me know. Thanks!

#15 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:12 AM

Posted 17 October 2007 - 06:33 AM

Remove restore points as some are infected. Instructions on how to do that are in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Defragment your HD.

Did you block the "Third party cookies"?

The last SAS scan that reported malware was in the Temporary files. Ccleaner would have removed Temp files.

Use Startup Inspector to see what programs are in startup and stop startup of any programs not necessary.
http://www.windowsstartup.com/startupinspector.php

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users