Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusheat Gone But Spyware Isn't?


  • Please log in to reply
9 replies to this topic

#1 unpaidassassin

unpaidassassin

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 03 March 2008 - 06:35 PM

My computer became infected nearly 3 weeks ago. The following day, I searched for help guides over the internet and found the one posted here (this is how I actually found this site).

I used the Automated Removal method, and the fake security alerts finally stopped. Prior to this I ran numerous scans and even download 2 other programs mentioned in other guides which DID NOT help (only detect not remove, etc).

Anyway with the fake alerts gone and IE no longer launching up Virusheat's homepage, I thought things were fine.

However I noticed something wrong while searching. Firefox has a feature that allows you to highlight text, right-click, and an option to search it. Usually when doing this, a Google search done. But occasionally, a search at a site with a Google-like template occurs. The layout is basically Google, only the search results are all ads crap and some formatting is a bit off. All the tabs (Web, Images, Groups, News) redirect to the correct Google page and refreshing even fixes this. However these sites don't have a Google related url. So far I have come across:

findwhatneed.net
searchthruweb.com
websearchpc.com

Another thing is that Firefox has Search Search for " " when highlighting and right clicking text . I don't recall the word Search being repeated but that's not as important. This problem only happens when doing the highlight righ-click method. Going to Google first doesn't seem to bring up these problems.

The guide I found here is http://www.bleepingcomputer.com/forums/t/130080/how-to-remove-virusheat-removal-instructions/

Edit: Moved topic to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:05 PM

Posted 05 March 2008 - 03:21 AM

Hello unpaidassassin and welcome to BC :flowers:

In order to assist you we need additional information.

What is your operating system: Windows XP, Vista, etc.?

What security programs do you have on your computer?

Assuming you have a windows product, I'm going to ask you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in normal mode. You may wish to print out these directions or copy them to notepad to have them available while in safe mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 unpaidassassin

unpaidassassin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 17 March 2008 - 06:14 PM

sorry about the long delay in replying (I just used the program an hour ago)

When I rebooted in Normal Mode after all the scanning, there was no log file to be found :thumbsup: Anyway, there were two items that had to be quarantined. One was something VirusHeat (bad, I guess it wasn't fully removed) and the other was some Adware (that was part of the name). I did another scan, this time I excluded the files (just memory, registry, etc) and no harmful items were found.

As of now I don't see the weird Google-like search page when I do a search (refer to my explanation in the first post)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 19 March 2008 - 04:11 PM

Please follw these instructions to be certain it is gone. Let us know how thins are then.
How to remove VirusHeat (Removal Instructions)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 unpaidassassin

unpaidassassin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 22 March 2008 - 10:34 PM

that was the guide I used to get rid of virusheat >_>
perhaps this is a adware problem that several programs I used haven't been able to remove

#6 dmndmn

dmndmn

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 March 2008 - 10:50 PM

i also had virusheat on my computer, but Super anti-spyware took care of that for good. Download and make sure it's up-to-date and scan again for C ( considering that is your OS drive )

also go to preferences, select scanning options : unselect all except 'Scan for tracking cookies and terminate memory threats before quarantining.

I got this advice from a moderator on this site, See if this works for you.

#7 unpaidassassin

unpaidassassin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 24 March 2008 - 04:36 PM

I did another full scan a few hours ago.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/24/2008 at 01:44 PM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Complete Scan
Total Scan Time : 01:11:39

Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 6272
Registry threats detected : 0
File items scanned : 83203
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@cdn.atwola[1].txt
C:\Documents and Settings\user\Cookies\user@ar.atwola[2].txt
C:\Documents and Settings\user\Cookies\user@atwola[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP855\A0141701.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP855\A0141703.ICO


the searching "problem" still persists

Edited by unpaidassassin, 24 March 2008 - 04:37 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:05 PM

Posted 24 March 2008 - 10:43 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 unpaidassassin

unpaidassassin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 28 March 2008 - 02:41 PM

Here's the log:

Malwarebytes' Anti-Malware 1.09
Database version: 551

Scan type: Quick Scan
Objects scanned: 35253
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\BSZIP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.


the searching problem still persists (refer to first post). i don't think it is caused by VirusHeat.

Edited by unpaidassassin, 28 March 2008 - 02:41 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:05 PM

Posted 29 March 2008 - 06:04 AM

This issue will require further investigation. Before that can be done you will need you to create and post a hijackthis log.

Please see the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users