Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Got A Std Lol Its Infected I Need Mad Help.


  • Please log in to reply
24 replies to this topic

#1 KILLUVIRUS

KILLUVIRUS

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 March 2008 - 08:58 PM

ok so i went to sleep last night and my bro stayed using the computer. so i get home today from school and the first thing it tells me is a pop up saying system eror! your computer was infected by unknown trojan. its dangerous for your system (critical files can be lost)! click ok to download the antispyware program to clean your system! (recommended)
and in my desktop theres a new thing called files secure 2.1
please help me i just want it to be a normal internet use but this pop up and that files secure thing just makes me paranoid to use the internet full on. and i havent downloaded what the pop up says and i havent opened that files secure thiing and when i go to my control panel and clik on the removal i find files secure and clik on remove and the screen says english i clik ok and then it just says to remove it and it says quit and cancell. what to do. :huh: :inlove: :thumbsup: :flowers: :trumpet: :huh:

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 13 March 2008 - 09:00 PM

You most likely have smitfraud. Please follow the instructions here:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/
Please post the file c:\rapport.txt as a reply when you are done with those instructions.

When you are done,
Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 March 2008 - 11:16 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2946 (20080313)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=7f2206b5c2b8e44181c334fdc2a6a3dc
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-03-14 04:12:34
# local_time=2008-03-13 11:12:34 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=347873
# found=13
# scan_time=4981
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-61194b01 Java/Exploit.Bytverify trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-61194b01 »ZIP »Dvnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-61194b01 »ZIP »Dex.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-61194b01 »ZIP »Dix.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-61194b01 »ZIP »Dux.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\58\7589253a-79516fb9 a variant of Java/ClassLoader trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\6.0\58\7589253a-79516fb9 »ZIP »BlackBox.class a variant of Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-3a4e36f4.zip Java/Exploit.Bytverify trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-3a4e36f4.zip »ZIP »Dvnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-3a4e36f4.zip »ZIP »Dex.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-3a4e36f4.zip »ZIP »Dix.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\CRISTIANSOLIS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-3a4e36f4.zip »ZIP »Dux.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\wmpdxm.dll Win32/Adware.IeDefender application (unable to clean - deleted (after the next restart)) 3C1DC62444E154637E46C6B646933282

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 06:53 AM

Hello, KILLUVIRUS.

Do you have the smitfraudfix log?

How are things running?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 03:17 PM

did u ask for this.

SmitFraudFix v2.193

Scan done at 18:39:11.32, Thu 03/13/2008
Run from C:\Documents and Settings\CRISTIANSOLIS\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




so well the pop up doesnt happen no more but it wasnt on the task bar or filter what ever its called it was just a pop up that came up and well on the eset online scan it said that the laptop hasd like 13 viruses or what ever and i dont know if it fixed it? did it?

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 03:22 PM

Hello again, KillaVirus.

Apparently it did.

How are things running speedwise?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 03:31 PM

hello, well yea um everythins preety good, not slow but just alittle but its been like dat becasue i only have like 6gigs left from alot, but yea it seems to be working no more pop up, but that file secure 2.1 is still there and i cant delete it, how can i.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 03:34 PM

Where is that file located?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 03:36 PM

um in the desk top

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 03:49 PM

I need the full path of the file before I can help you delete it.

Should be something like C:\Documents and Settings\<USERNAME>\Desktop\secure 2.1.exe

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 03:59 PM

C:\Documents and Settings\CRISTIANSOLIS\Desktop
um theres dat. and C:\Program Files\Files-Secure\

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 04:03 PM

Ok, KillaVirus.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Files-Secure\
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\CRISTIANSOLIS\Desktop\*secure 2.1*
  • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Billy3

Edited by Billy O'Neal, 14 March 2008 - 04:04 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 04:14 PM

File/Folder [xcode] not found.
C:\Program Files\Files-Secure moved successfully.
File/Folder [/xcode] not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03142008_161154

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:52 PM

Posted 14 March 2008 - 04:15 PM

No, it didnt get the one on the desktop. Please follow the instructions in the previous post one more time :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 KILLUVIRUS

KILLUVIRUS
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2008 - 04:22 PM

File/Folder C:\Documents and Settings\CRISTIANSOLIS\Desktop\*secure 2.1* not found.
File/Folder not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03142008_162140




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users