Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/spyware Help/register (norton?) Problems


  • Please log in to reply
4 replies to this topic

#1 bbuck

bbuck

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:47 PM

Posted 23 January 2008 - 12:42 PM

Hi..

Thank you for reading my post.

Thank you for any help here!


I am having issues after going on "You Tube" and watching a video. Or maybe I gained this horrible creature in one of my emails. It's a monster, that is for sure.


I have Norton Internet Security 2008 on my Dell Deminsion 2350, Windows XP. It blocks access in , but doesn't work to get rid of this beast.

I found info about the malware/spyware through my Norton. It says it's called "Downloader" folder.

I searched for it and will tell you in my reply post to this one. I have the current version of highjackthis, but it won't let me post with my results. It says my version is old...

So I'm going to try and reply to this email with the original email (the one that won't post as new)

Look for my reply for more details of my problem.

And Thank you very much for all your time here!
Bbuck

BC AdBot (Login to Remove)

 


#2 bbuck

bbuck
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:47 PM

Posted 23 January 2008 - 12:46 PM

Hi Dear People....

Thank you for reading my post! I appreciate you!

I'm using my other computer to communicate with you right now. My hijacked one does operate, but the pop-up and accessing windows explorer every 2 min. is getting on my nerves.

Hijacked computer is a Dell Deminsion 2350, Windows XP, It has Norton 2007, with a newer version installed 3 weeks ago (Norton Internet Security 2008).

I did download the trial version of STOPzilla (ran it, came up with malwar/spyware, didn't get full version to fix)

I did buy Spyware Detector v2.0 last night, ran it, it came up with these threats:

Tracking Cookie
Trojan
Adware.ClickSpring
Fake Anti Spyware.WinAnti Virus
Adware.MyWeb Search
ToolBar.UpMedis
Adware.Myhit
Adware.FunWeb Products
Adware.Smitfraud
Adware.Yourprivacyguard
Adware.BHO
Trojan.Agent
Spyware.PCWatch
Adware.WebSearch
Tojan.Zlob
ToolBar.ZillaBar
Adware.Agent


I ran the recover option on the Spyware detector v2.0, it says everything went successfully.

After all that there are still pop ups, there are three icons on my desk top(the malware/spyware icons) that go away (when I run the spyware) and they come back when you restart the computer.



The malware/spyware has disabled my restore points, and my task manager was turned off. The task manager is now on (I think one of the anit spyware programs have turned it back on).

I found the "Downloader" file, it is in Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader.

The two files in the "Downloader" (malware/spyware) folder are:
qmgro (DAT File) 105KB
qmgr1 (DAT File) 105KB

I cannot delete either. Error Deleting File or Folder:Cannot delete gmgro: It is being used by another person or program.

That's why I tried to use task manager to close it, but it was disabled. I can now open it, but don't see anything running to close that file.


I tried to put hijackthis on here, but it wouldn't let me post with it. It said I had an old version.

I will try and work on it.. It's hard with a computer that is acting crazy...

Thanks so much
Bbuck

#3 bbuck

bbuck
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:47 PM

Posted 23 January 2008 - 01:01 PM

I'm sorry, I left out some things.

Also, I did get a Max Registry Cleaner (license version) and thought that would help, because everything keeps going back to the malware/spyware setup. That only helped for about a minute.

I opened up nothing and went to look at the Task Manager to see which file in the process tab had the most activity. It seems the explorer.exe is using 99 CPU (at me doing nothing). And I thought one of the Symantec files were active too, so I went in to uninstall the Norton (I was going to uninstall it, run the Max Registry, then reinstall it) When I googled that file name that was active it said bug can get into the Symantec registry. I don't really know at this point, but thought I would elaborate on what I came across.



I didnt' get the full version of STOPzilla, but can post the error details of that, if the Spywaredetector isn't enough info..

Meanwhile I will be working on the highjackthis download.

Thank you!!
Beth

#4 bbuck

bbuck
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:47 PM

Posted 23 January 2008 - 09:10 PM

I decided since I couldn't delete the two files (I talked about earlier), I could make them read only. I did that.

My system has calmed down.

I noticed when I went in to look at the properties of the two files, that they were being accessed today, so I thought if I made them read only that they couldn't keep accessing them.

It calmed my computer down.
I know they are still on there, and am worried about that. I still can't delete them and maybe there are more somewhere else in my system?

Just wanted to share my hijack up date..

Thank you
Beth

#5 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:05:47 AM

Posted 06 February 2008 - 02:56 PM

Hello Beth

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed.

Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log <--link

And I'll be happy to take a look at it for you.
=====

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
Thanks, for your patience.



Stelios




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users