Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware?


  • Please log in to reply
4 replies to this topic

#1 joescub1

joescub1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 16 October 2007 - 10:29 PM

I don't know if my comp has 2 probs or the same prob. I currently run AVG anti-virus and firewall, I also use AVG anti-spyware. I use RegCure as well. My xp firewall is disabled because I run my AVG firewall. I am having trouble installing ANY program...I set AGV and internet options to "prompt" me if I want to run them and that got me to the extraction process. However, when I try to run the downloaded program, it says I either have a corrupt file or not enough processing memory to run it. I downloaded "download manager", and when I try to extract the file from it, the same message appears..either a corrupt file or memory probs. The programs I have tried to install include JAVA, IM windows messenger, and Limewire. This is a brand new computer with plenty of speed and memory, so I am completely stumped on what the problem is.

My other question is that I have a generic trojan horse 8 error popping up when I open Internet Explorer to my homepage MSN...the specific path name is ohcusb.sys. I read that this is malware, but I have to keep telling AVG to move it to the vault and it keeps reappearing when I open IntExp. I ran a search to locate on my comp, I found it, but it would not allow me to delete it. I have also used my AVG anti-spywayre and anti-virus check to try and catch it. no luck,

thanks for your time :thumbsup:

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:37 PM

Posted 17 October 2007 - 03:30 PM

Hi joescub1

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
  • First you will need to run Avg and update the definition files.
  • On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"[list]
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Don’t run it yet. Close Avg anti-spyware .
=====

Please download ATF Cleaner<--link by Atribune.DO NOT use yet..
=====

Reboot your computer in SAFE MODE"<--link to tutorial using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
=====
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.]
=====

Now Scan with Avg per the "Safe Mode" instructions you printed out.
IMPORTANT: Do not open any other windows or programs while Avg is scanning, it may interfere with the scanning proccess.
(Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key or Alt + Spacebar to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Reboot back to normal mode .
=====

Download AVG Anti-Rootkit and save to your desktop
  • Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit.
  • Accept the license and follow the prompts to install.
  • You will be asked to reboot to finish the installation so click "Finish".
  • After rebooting, double-click the icon for AVG Anti-Rootkit Beta on your desktop.
  • You will see a window with four buttons at the bottom.
  • Click "Search For Rootkits" and the scan will begin.
  • You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
  • When the scan has finished, a small window will open so you can view the results.
  • Right click and select "Save Result To File".
  • By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file)
  • Copy and paste the results in your next reply.
  • If anything was found, click "Remove selected items"
  • If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.

Run a full scan with AVG anti-virus, if you are still having problems.. Come back and we'll advise you further.

Stelios :thumbsup:

#3 joescub1

joescub1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 17 October 2007 - 10:11 PM

I followed all of your instructions. The anti-spywayre did not find anything in safe mode. The root kit did not find any errors in either modes. I am still getting the "C:\WINDOWS\system32\drivers\ohcusb.sys Tojan horse Generic8.LKV" error when I open int exp or other programs. I also tried download Windows Live Messenger again using download manager and received the error "Extracting file failed. It is most likely caused by low memory or corrupted cabinet file." Any other ideas? thanks for the help!

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:37 PM

Posted 18 October 2007 - 04:44 AM

Hi joescub1

I suggest you post a HijackThis log for examination.

A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Please read, and follow, all directions carefully!!!

Read Preparation Guide for use before posting a HijackThis Log.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out. It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team.
The first thing they look for, when looking for logs to reply to, is 0 replies.
If you make another post, there will be 1 reply.

The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


Stelios

#5 joescub1

joescub1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 18 October 2007 - 05:01 PM

thank you, I posted it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users