Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problems


  • This topic is locked This topic is locked
6 replies to this topic

#1 btuchman

btuchman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:04:36 AM

Posted 12 October 2007 - 05:14 PM

I am having serious malware problems.

I downloaded but can't run ad-aware
I can't even load spybot
sometimes Trend micro pro wont start.

I am trying to fix a friends Dell m140 laptop. Their son picked up loads of spyware and malware.

I downloaded a trial version od trend Micro pro.

I got rid of over 150 infections.

At first I kept finding adw_ezula.ao and adw_winpopup.a continuosly.

I finally got rid of them somehow but now I get tspy_agent.aayo.

I followed instructions and deleted domainservice in a few places in the registryt with regedit.

I am having problems from time to time starting Trend Micro and it says updating, then is says firewall shut down etc. I am at a loss here.

It takes a long time to load and update.

now I downloaded hijack this and ran a log file which I have.

It is over my head and need some help..

Mod Edit: Moved to more appropriate forum ~ stevealmighty

Edited by stevealmighty, 12 October 2007 - 05:24 PM.


BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:36 AM

Posted 12 October 2007 - 05:29 PM

If you are able to start the computer in safe mode, please try your scans with Adaware and Spybot S&D again. Starting the computer should prevent what is blocking your programs from starting, and enable you to complete the scans. Let us know your results, please.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:36 AM

Posted 12 October 2007 - 05:45 PM

If you still have problems after the scanning in safe mode, do this.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file (sysclean.log) generated in the same folder where the scan is completed - C:\Sysclean.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 btuchman

btuchman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:04:36 AM

Posted 12 October 2007 - 11:12 PM

I have been in safe mode, and tried spybot, it ran and stopped before it finished. I uninstalled trend micro pro which was slow and kept updating but it was not able to get rid of tspy_agent.aayo.

I will try the other post instructions and report back.

I just got finished running house call.
it came up with tspy_agent.aayo, adware_memwatcher, tspy_small

I will attempt to clean them now...

Edited by btuchman, 12 October 2007 - 11:15 PM.


#5 btuchman

btuchman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:04:36 AM

Posted 12 October 2007 - 11:47 PM

On the problem laptop I can get too google, yahoo, microsoft wondows update etc. but it is slow or being blocked when I try to log onto this site to get the downloads. obviously I am doing this now with my desktop. I will try to transfer the files with AIM tomorrow. thanks
Bruce

#6 btuchman

btuchman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:04:36 AM

Posted 13 October 2007 - 12:22 AM

beleive it or not, the damn thing is blocking me from getting to this site. It only lets me get to basic sites, not malware sites. Is that possible?

#7 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:36 AM

Posted 13 October 2007 - 01:51 AM

Hello btuchman,

I see you have an open HJT log posted in the HijackThis Logs and Malware Removal forum.
You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users