Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.small And Js/psyme?


  • Please log in to reply
8 replies to this topic

#1 Brandy is Confused

Brandy is Confused

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:12:31 PM

Posted 11 February 2008 - 08:17 PM

I was very, very stupid to do this...

A friend's profile was hacked (at least, I hope it was, I haven't given her any reason to leave me malicious links), and she left me a link with the message "RIP Mike". Since we'd lost someone we'd gone to school with last year, I thought, "Not again...", and clicked on it. My AVG picked up two things immediately, and I moved them to the virus vault. One is Dropper.Small, and the other is JS/Psyme. I didn't find too much out there on removal of these viruses, and I was wondering the safest way to get rid of them.

Any help would be appreciated, thank you!!!
"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:31 PM

Posted 11 February 2008 - 09:28 PM

As you have moved them to the vault,they can no longer be a threat to your system. Is your PC operating normally now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Brandy is Confused

Brandy is Confused
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:12:31 PM

Posted 11 February 2008 - 10:29 PM

Actually, nothing abnormal has been happening (yet)...I haven't turned the computer off since it happened, though (it's only been a few hours). Is it reccomended that I delete them? They're not capable of healing, and from what I've read, these do not sound like pleasant viruses to be afflicted with.

If it helps, I have the AVG Free Edition virus scanner...CCleaner...AdAware SE Personal (though I've been reading up on that, and since my version isn't supported and the new one doesn't sound worth the trouble [not to mention I can't d/l it, anyway], I might just end up ditching it [sadness]), SpyBot S&D, and SUPER AntiSpy Free Edition.

Just making sure my bases are covered, this is my mom's machine and I'd like to keep it healthy for her. I was dumb to fall for that URL comment.

Thanks in advance! :D

EDIT!!! Actually, I just tried logging into my Livejournal account, and a window for Ask.com popped up without any reason at all. Does that mean anything...?

Edited by Brandy is Confused, 11 February 2008 - 10:39 PM.

"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:31 PM

Posted 12 February 2008 - 03:38 PM

Hi.
Delete the quarantined files.
Uninstall AdAware
CCleaner can be dangerous if improperly used.
Keep SUPER ,update it weekly and before scans.
Follow these instructions. For an XP or 2000 PC. You already have the SUPER` downloaded

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode:
Safe Mode Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or the Opera browser click on that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post logs and Let us know how your PC in running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Brandy is Confused

Brandy is Confused
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:12:31 PM

Posted 12 February 2008 - 07:50 PM

Okay, d/led ATF Cleaner. Will probably try and scan tonight, if I get a minute! Thank you!!!
"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

#6 Brandy is Confused

Brandy is Confused
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:12:31 PM

Posted 12 February 2008 - 10:25 PM

Alrighty, here's what went down...

I did everything you reccomended, and here's my log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/12/2008 at 10:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3392
Trace Rules Database Version: 1393

Scan type : Complete Scan
Total Scan Time : 00:40:58

Memory items scanned : 157
Memory threats detected : 0
Registry items scanned : 4064
Registry threats detected : 0
File items scanned : 25538
File threats detected : 0

Now, I switched over to the normal mode, and ran CCleaner, for the heck of it. It found 882 MB to be removed!! I removed it, scanned for and fixed issues, and everything seems to be okay, for the moment. If anything funky comes up, I'll be sure to let someone know...

I was freaked out by this because one of those two Trojans, I'd read, liked to gank sensitive information, and since I know sensitive info is used on this computer, I wanted this to get taken care of ASAP. Thank you.

I'd run teatimer on this machine, but I get complaints when I do... :thumbsup:

Thanks again! Let me know what you think, or if you have any other information! I usually know better than to check those links, but since my friend and I have known people by the aforementioned name...yeah...that was silly to do, anyway...
"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:31 PM

Posted 12 February 2008 - 11:11 PM

You have done well. :thumbsup: Good to see it all cleaned up.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Brandy is Confused

Brandy is Confused
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:12:31 PM

Posted 13 February 2008 - 10:23 PM

Hey!

Thank you! I think I may have to get to that tomorrow, but I've copied, pasted, and saved your instructions. Much appreciated!!! :D
"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:31 PM

Posted 13 February 2008 - 10:25 PM

You're welcome and DON"T forget
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users