Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Situation Cleanup Advise


  • Please log in to reply
5 replies to this topic

#1 spaceship9

spaceship9

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 December 2007 - 02:51 AM

A couple months ago I had a problem with my computer... my friend was over and he was using my computer to browse game sites.. but he hates firefox so he was using IE and naturally I got a virus.. or several
It damaged explorer.exe and I couldn't get rid of it using pretty much anything i knew of, and in the end had to do a repair install.. though it still required spybot again to finally rid of it
it caused explorer.exe to randomly close and naturally "spirit away" the task bar and desktop.. there would be a new rundll running and after killing it, i could restart explorer...
I'm sorry that's vague but that's not really my problem and it was several months ago..

my current problem is very similar. Same person came over and went to the same site again when i went to get a movie to watch...
I come back and he's innocently sitting in the chair :thumbsup: and sure enough once again i have viruses
It started with virtumonde but neither of the fix programs worked to erase it
finally after a few failures there were no more dections.. i dunno if that's bad or not
Then ad-aware picks some stuff up
and now AVG's running and has picked up Trojan horse.Generic2.JDK
and at random intervals explorer.exe dies again and i have to manually restart it via taskmanager
I think it's pretty much solved, but i was wondering if there are any tips you could offer to make sure it's gone and solved... other then not let my friend on my computer again :flowers:

BC AdBot (Login to Remove)

 


#2 spaceship9

spaceship9
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 December 2007 - 03:08 AM

yes thank you who ever moved this
Sorry i didn't scroll down enough to see the correct section

#3 spaceship9

spaceship9
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 December 2007 - 03:18 AM

yes in case it wasn't clear (the second read it wasn't clear even to me..)
explorer still dies at random intervals and a rundll still pops up and explorer doesn't work until rundll is once more killed..
I don't want to do another repair install but if i have to i will

#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:37 PM

Posted 24 December 2007 - 03:42 AM

Hi spaceship9 and welcome to BleepingComputer.

If you are not running you scans in safe mode you should. In safe mode there are a limited amount of applications running which makes it ideal for troubleshooting.

What are you using for a firewall, anti virus, maleware...?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 spaceship9

spaceship9
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 December 2007 - 03:52 AM

I have run all the scans in safe mode and picked up only one new result, though the symptoms persisted upon reboot normally
I'm using the Eset Smart Security Center firewall because the router has a built in one anyway
I'm using several antivirus and malware programs:
AVG free
Avast (live scan off)
Ewido free
Ad-Aware SE free
Spybot s&D
None of the above have live scan since they're free or i turned them off to avoid conflict with:
Eset Smart Security Center Beta (made by the Nod32 people) with live scan and router

Currently I'm scanning with the eset however it's a full scan of all drives and I have a lot of files so it's going to take a while (which i suppose means it's more in depth)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 PM

Posted 24 December 2007 - 09:52 AM

...a rundll still pops up ..

It would be helpful if you could provide the exact rundll error message. Also provide the specific file name associated with this and where is it located (full file path) at on your system?

You should also do this:

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Note: Using more that one anti-virus program is not advisable even if your using one of them as a stand-alone on demand scanner. Even when one of them is disabled, it can affect the other. Issues can arise when the active anti-virus detects the non-active one's definitions or quarantined files. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognised by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. However, some anti-virus vendors do not encrypt their definitions and will trigger false alarms if used while another resident anti-virus program is active.

To avoid these problems, use only one anti-virus solution.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users