Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Pc


  • Please log in to reply
3 replies to this topic

#1 SMBW

SMBW

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:British Columbia, Canada
  • Local time:05:00 PM

Posted 07 February 2008 - 03:16 AM

Okay, I need some help in a BIG way! A friend of mine thought he was doing me a favor and reformatted my other PC when I was away and he was house sitting. He went on this PC to find some info and now this one is infected as well as the other one.
Every time I log on a pop-up is on the desktop that says "System registry error P-07-0100 irql: IF SYSVER oxff00024 NT_KERNEL error 1256 KMODE_EXCEPTION_NOT_HANDLED". This is the first time in many years that one of my PC"s has ever had anything like this.

I have run numerous virus scans, both online and with the anti-virus program I have on my PC to no avail. I have run Ad-Aware, Spybot, Windows Defender and CCleaner. I would have run HijackThis but I can't get it to save or install. I have turned off my system restore and I still can't get rid of what I have managed to find. Ad-Aware found W32.Trojandownloader.Zlob, says it has removed it but when I do a restart and run it again it is still there...not to mention my PC is stll having pop-ups appearing and running like a slug. When I run Spybot it seems to get hung up on "coolwwwsearch" which I Googled and found out it is Malware too. I have tried to find a removal tool online and when I did manage to find one for Zlob it wouldn't allow me to save it. Where do I go from here? I am determined to beat this stupid thing.

PS
I apologize, apparently i posted this in the wrong spot and couldn't find anyway to delete it and post it in the proper spot.

(Moderator edit: post moved to more appropriate forum. jgweed)

Edited by jgweed, 07 February 2008 - 10:51 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 PM

Posted 07 February 2008 - 12:47 PM

Hi Welcome to the forum. Is this an XP SP2 system? As that is what i will asume.
I'm not certain whose or what tool you have run so I''ll give you the full instructions. Following this should remove it. If not we can help you get a HJT Log posted.

NOTE: all blue wording are links to instructions
First you will need to follow the instructions in our Tutorial
How to remove the Smitfraud / Generic Zlob

Now Download Attribune's ATF Cleaner and thenSUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode: How to start Windows in Safe Mode
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or the Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how it went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SMBW

SMBW
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:British Columbia, Canada
  • Local time:05:00 PM

Posted 07 February 2008 - 06:36 PM

Hi, thanks for the help.

Yes I am running XP SP2. I forgot about mentioning that in my post. As I mentioned earlier, when I try to go to one of the links and save the file nothing happens. Prior to my post I had done a Google search for a removal tool for Zlob. I actually did find a link and tried to download SmitfraudFix but when I tried to save it nothing happens...as in no window opens asking if I want to open or save the file or where. I am using Firefox right now as IE seems to be the browser that this bug likes. opening numerous windows and tabs. Also if you can give me the instructions to reboot in safe mode I'd appreciate it. After many years of owning PC's I haven't had to open in safe mode since Windows 98 SE. Thanks again.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 PM

Posted 07 February 2008 - 08:59 PM

Don't know how I left this off..
Safe Mode Using the F8 Method

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Here's another link
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Let us know if you still have a problem with it

Edited by boopme, 07 February 2008 - 09:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users