Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyaway Adaware


  • Please log in to reply
9 replies to this topic

#1 Bluzsinger

Bluzsinger

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 10 March 2008 - 06:49 PM

I came home to my computer yesterday telling me I was under attack! I never saw this before. I tried to run all the spy removal programs I have and it got rid of some stuff but not this. I wasn't sure if it was real or not. I almost downloaded it then thought, if it's telling me my personal info is not secure, why whould they be asking me to buy something on line. Anyway, I thought better of it and did a search and it brought me here to where I guess a few others have had this same thing happen. I'm not getting any porno pop ups just a bubble telling me to update my protection and all these windows telling me Im at risk. I wasn't able to find the solution here as I'm new to this site. Also my task manager isn't working. Should I do anything like change my passwords or move my finanicial software to my external hard drive while I'm waiting to fix this? Should I try to restore my system? I just had my whole system restored in October and all was good. The longer this stays like this does more things happen? I'd appreciate any help I can get. I don't know much about the workings of this computer or viruses.

Thank you
Lynn

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 10 March 2008 - 06:57 PM

EDIT: sorry, if you had system restore enabled, definately try that first. Though you can't be sure if the restore point was from before the infection.

-------------
This looks like Vundo. I've seen lots of those lately in various forums.

Please download and run VundoFix here:
http://www.atribune.org/ccount/click.php?id=4

Post back with results.

Edited by PropagandaPanda, 10 March 2008 - 06:59 PM.


#3 Bluzsinger

Bluzsinger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 10 March 2008 - 07:01 PM

Hi,

thank you, I'm scanning with it as we speak. I'll will let you know what happens.

#4 Bluzsinger

Bluzsinger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 10 March 2008 - 07:20 PM

ran it and nothing happened. No threats detected. I still have the message on my blue screen that I have serious computer fatal errors.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 AM

Posted 10 March 2008 - 07:22 PM

Please download and run VirtueMondebegone:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

During the scan, you screen may do funny things, which is normal.

Post back with the logfile.

Edited by PropagandaPanda, 10 March 2008 - 07:25 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 AM

Posted 10 March 2008 - 10:29 PM

Hello can you tell us what Operating system you are using? (XP< Vista etc..)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Bluzsinger

Bluzsinger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 March 2008 - 10:51 AM

I'm operating Windows xp, I kept running my antiadaware program and it looks like its finally gone. I went into my display setting and noticed that that blue screen background with the fatal errors messages was a background that was loaded on. I changed it and it seems to me normal now. However, my task manager is still disabled. I have no idea where to go to enable it. Any idea. It says that it was disabled by the administrator. I think this is part of the adaware.

Thanks Lynn

#8 Bluzsinger

Bluzsinger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 March 2008 - 10:57 AM

Here is the log file.


[03/13/2008, 11:55:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\MOVEIGSO\VirtumundoBeGone[1].exe" )
[03/13/2008, 11:55:10] - Detected System Information:
[03/13/2008, 11:55:10] - Windows Version: 5.1.2600, Service Pack 2
[03/13/2008, 11:55:10] - Current Username: HP_Owner (Admin)
[03/13/2008, 11:55:10] - Windows is in NORMAL mode.
[03/13/2008, 11:55:10] - Searching for Browser Helper Objects:
[03/13/2008, 11:55:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/13/2008, 11:55:10] - BHO 2: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 3: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 4: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 5: {622cc208-b014-4fe0-801b-874a5e5e403a} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 6: {63F7460B-C831-4142-A4AA-5EC303EC4343} (Bat Class)
[03/13/2008, 11:55:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/13/2008, 11:55:10] - BHO 8: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[03/13/2008, 11:55:10] - BHO 9: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 10: {9c5b2f29-1f46-4639-a6b4-828942301d3e} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 11: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[03/13/2008, 11:55:10] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/13/2008, 11:55:10] - BHO 13: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[03/13/2008, 11:55:10] - BHO 14: {cf021f40-3e14-23a5-cba2-717765728274} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 15: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - BHO 16: {ffff0001-0002-101a-a3c9-08002b2f49fb} ()
[03/13/2008, 11:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/13/2008, 11:55:10] - No filename found. Continuing.
[03/13/2008, 11:55:10] - Finished Searching Browser Helper Objects
[03/13/2008, 11:55:10] - Finishing up...
[03/13/2008, 11:55:10] - Nothing found! Exiting...

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 AM

Posted 13 March 2008 - 01:49 PM

That is good sometimes it needs a few scans.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Bluzsinger

Bluzsinger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 15 March 2008 - 08:09 AM

Thanks I'm doing that now. I'm hoping this fixes the Task Manager issue too.

Edited by Bluzsinger, 15 March 2008 - 08:13 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users