Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rocknrollheavenwear.blogspot.com


  • Please log in to reply
10 replies to this topic

#1 starwarsgeek

starwarsgeek

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 12 March 2008 - 07:45 PM

Hey guys, hope someone can help me with this. I bought my girlfriend a new laptop at Christmas time, and just this week she's noticing something strange going on. In the sidebar, where she has her image folders scrolling, some weird, animated pictures started showing up that she didn't put in there. When she opened it by clicking on the picture, she was taken to hxxp://rocknrollheavenwear.blogspot.com for no reason. I've scanned with AdAware and Spybot, and neither program found a problem. I've done a google search, with no luck. Anybody else have this problem, or know what it is? And more importantly, how I can get rid of it for her? Please, any suggestions or advice are most welcome.

Thanks in advance.

Mod Edit: Link disabled, to preclude possible infection.~ TMacK

Edited by Orange Blossom, 15 March 2008 - 10:53 PM.
completed disabling link ~ OB


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:19 PM

Posted 12 March 2008 - 07:59 PM

Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 starwarsgeek

starwarsgeek
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 13 March 2008 - 12:07 AM

Thanks for your help. Here's the logfile:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 13, 2008 1:05:57 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/03/2008
Kaspersky Anti-Virus database records: 626795
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 86490
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:56:29

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\Program Files\NetZeroInstallers\nzoffers.exe Infected: Trojan-Dropper.Win32.Agent.fvr skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\pcc_S-1-5-21-3468820456-1963427298-147763985-500.log Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-3468820456-1963427298-147763985-500.log Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbc2e.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbdam Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbdao Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbeam Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbeao Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbm Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbu2d.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbvm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\dbvmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\fii.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\fiih.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\hp Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\hpt2i.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\rpm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\rpm1m.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\rpm1mh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\rpmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Users\Linda\AppData\Local\Google\Google Desktop\7c92d7011c56\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat{37e04500-b291-11dc-864e-001d09aab4c4}.TM.blf Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat{37e04500-b291-11dc-864e-001d09aab4c4}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\UsrClass.dat{37e04500-b291-11dc-864e-001d09aab4c4}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Linda\AppData\Local\Microsoft\Windows Defender\FileTracker\{D8626920-1A72-4011-A2C3-5C1A00EA4E18} Object is locked skipped
C:\Users\Linda\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Users\Linda\AppData\Local\Temp\~DF1C95.tmp Object is locked skipped
C:\Users\Linda\AppData\Local\Temp\~DF66AF.tmp Object is locked skipped
C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Linda\NTUSER.DAT Object is locked skipped
C:\Users\Linda\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Linda\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Linda\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Linda\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Linda\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B04854AD-4FF6-4D49-AB32-E4953A6E9F1F}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:19 PM

Posted 13 March 2008 - 07:48 AM

That looks clean except for this one:
C:\Program Files\NetZeroInstallers\nzoffers.exe <-This File
which you can delete.

That image you are seeing is probably dropped there by sone website you went to at some point. You should be able to find that image in c:\Users\Linda\Pictures

Is it there?

Billy3

Edited by Billy O'Neal, 13 March 2008 - 07:48 AM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 starwarsgeek

starwarsgeek
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 13 March 2008 - 07:22 PM

OK, I deleted that file, and I've searched through all the folders and sub-folders for the pictures, but I can't seem to find them anywhere, yet they keep popping up in the sidebar. Anything else I can do?

Thanks for your help so far.

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:19 PM

Posted 13 March 2008 - 07:40 PM

Can you take a screenshot and attach it here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 starwarsgeek

starwarsgeek
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 13 March 2008 - 07:58 PM

A screenshot of the picture showing up in the sidebar? I can do that.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:19 PM

Posted 13 March 2008 - 08:26 PM

Please do so. :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:19 PM

Posted 15 March 2008 - 10:56 PM

Hello starwarsgeek,

In order to continue with proper disinfection procedures, we need to know what operating system you are using: Windows XP, Vista, etc.

Please post that information in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#10 starwarsgeek

starwarsgeek
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 16 March 2008 - 12:45 PM

The laptop is a Dell with Windows Vista.

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:19 PM

Posted 16 March 2008 - 01:55 PM

Hello starwarsgeek,

Thanks for the information. At this point, I would like you to do a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users