Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yellow Triangle, Trojans, Pop-ups And Problems With No End


  • Please log in to reply
5 replies to this topic

#1 derbu

derbu

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 15 October 2007 - 08:14 AM

i have the following problem: I have the problem with the yellow triangle saying about slow performance. I also have the following problems:

1) Ballons saying about different viruses, black trojans, slow system performance etc. If you click on them then you get to purchase a security software
2) "Security toolbar" in IE
3) IE pop-ups very frequently

I have used smitfraud fix in safe mode
I have also downloaded other security programs, one of which found a vundo trojan. I used a vundo trojan remover which found and removed the trojan.
I have also updated and run Norton Antivirus which one of the times found a downloader trojan. According to Norton this is a virus that downloads trojans from the internet!! The solution from Norton was restart in safe mode, scan and then correct the problem. I restarted in safe mode, scanned but
Norton found nothing!!

The ballons and the yellow triangle are still there!!

Please help me. I am one step before formatting the PC. Thanks

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 PM

Posted 15 October 2007 - 09:26 AM

Did you follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

Did you ollow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

If not please do so. If you have then do this:

Download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts.
  • During installation an icon will automatically be created on your Desktop.
  • If the program does not open after installation, double-click on the RogueRemover icon to launch.
  • Select "Check for Updates" and click Download if any are found.
  • Wait for the updates to finish downloading, then Close the update window.
  • Select "Scan" and follow the onscreen directions to remove anything found.
  • If nothing is found, exit RogueRemover.
  • If RogueRemover finds something, it will present a list of detected items.
  • Click on Save log, then Ok at the prompt.
  • Click "Remove selected", then Yes at the prompt.
  • Wait for the removal to complete and then close RogueRemover.
Next download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Reboot in "SAFE MODE using the F8 method and launch SUPERAntispyware.
  • In the main screen, under "Scan for Harmful Software" click Scan your computer.
  • There are three scanning options. Choose "Perform Complete Scan" and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure they all have a checkmark next to them and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to reboot, click "Yes".
  • If not, select Close to exit the program and reboot normally.
Then perform at least one of these online Virus scans:
(The following require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.)
BitDefender Online Scanner <- Add a check by "Autoclean".
ESET Nod32 Online Scanner (Vista compatible)
F-Secure Online Scanner <- Be sure to follow the directions on the F-Secure page for proper Installation. (also checks for rootkits).

Post back if you continue to have problems.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 derbu

derbu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 16 October 2007 - 02:27 AM

first of all thanks for the help. I did all the steps and the pc seems to be working fine.

I have to say however that after the superantispyware step the pc seemed to be working fine. However, when i ran the bitdefender it detected 5 problems which i corrected.

What is the best thing to do now?

1) Scan with superantispuyware again?
2) Scan with my Norton software?
3) Other suggestion?

Edited by derbu, 16 October 2007 - 02:28 AM.


#4 buddy215

buddy215

  • BC Advisor
  • 11,932 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:56 PM

Posted 16 October 2007 - 04:40 AM

Permanently delete the quarantined files in Norton, Super Antispyware, Bit Defender, and any other program you have. Delete the Vundofix, Smitfraudfix programs.

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/

Remove existing restore points as they are infected and reset a new one. Instructions for how to do that (if you need them) are in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

After doing the above, it would be a good idea to run scans with Super Antispyware and Bit Defender after updating them. Be sure to run the SAS in safe mode.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 derbu

derbu
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 18 October 2007 - 03:54 AM

it took me a couple of days to do the above instructions cause i had a lot of work.

I switched on the pc (which i remind was starting to work fine). The pc was very very slow and actually froze.

I restarted on safe mode, installed and ran the cccleaner, then ran the superantispyware which found the mvundo adware (something like that). I removed it with superantispyware. Then I ran the vundo fix (i had deleted it, then copied back) but it did not detect anything.

Then tried to run bitdefender and system froze. I even tried uninstalling it (in case this was too heavy) but system froze.

What do i do now??

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:56 PM

Posted 18 October 2007 - 06:50 AM

Some variants of vundo may not be detected by vundofix so the "Add More Files" option is another way of ridding this malware. These files need to be identified and posting a hijackthis log will enable an expert to advise you which files to add if you continue to have problems. If the infection remains after following the steps in the self-help guide, then you should post a hijackthis log.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

Important: Some variants of vundo malware will hide certain entries in a hijackthis log to prevent detection so you need to rename HijackThis before using it.
  • Open My Computer or Windows Explorer and navigate to the HijackThis Folder.
  • Inside the folder, right-click on the HijackThis.exe file and rename it Scanner.exe.
  • Double-click on Scanner.exe (which is still HijackThis) run a scan, save the logfile and copy/paste it into a new topic in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.
Give your topic, a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users