Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Do I Do Now?


  • Please log in to reply
1 reply to this topic

#1 DolphinsSG

DolphinsSG

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 27 October 2007 - 05:50 PM

Hello,
Back about a month ago, my dad and I both started getting pop-ups advertising virus software on our computer. Also, our computer was running very slowly. I did some searching online (Yahoo, Sophos, Symantec, McAfee and a few forum sites similar to this one) and found out that it was similar to the Zlob.VideoAccess Trojan or the Downloader.Agent-BJC Trojan. I manually erased some DLL and EXE files, and registry entries that Sophos, McAfee and other sites mentioned. Also, I found a program on a forum site to scan for it (I don't remember the name of it. You had to restart your computer in safe mode for it to work effectively. It may have been SpyHunter.). It did find and fix some things. After that though, I'm still having weird things happen. I read that those Trojans can install other viruses on someone's computer. I ran a full system virus scan with Symentec's online virus scanner and nothing was found. I guess there's some chance that it just might not be detecting it though. One thing that disturbs me, though - I routinely monitor what files are running in the Windows Task Manager. Lately I've been seeing programs on it that I've never seen before, only for one day though. After I restart the computer, usually it goes away. Also, while the pop-ups were coming up from the Trojan I noticed that four incidences of svchost.exe were running. Previous to the infection, only three incidences of svchost.exe were running. Occasionally one will start cranking up the CPU Usage % and memory usage amount on the task manager. Also, McAfee says that one of them tries to contact the Internet sometimes. I did a Hijackthis scan. The results are attached. Is there anything more I can do?

thanks,
~ Steve

Attached Files



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 28 October 2007 - 08:22 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum DolphinsSG :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This changed in 2006,read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*NOTE*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users