Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Given Up All Hope On What To Do...


  • Please log in to reply
7 replies to this topic

#1 joeyrd1027

joeyrd1027

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 March 2008 - 07:07 PM

Hi all, I've come to this board to figure out how to fix this problem of mine that for the past 4 days I've struggled with. To start off, I'm not computer illiterate and I generally have a good idea about how to fix these problems but I've given up all hope and I'm at a roadblock, once again.

A few days ago, I started receiving messages about Worm.W32.Netsky being on my laptop, along with a "Windows Security Alert" and a System alert message:


"Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system."

"Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protection"

"System Alert:
System detected virus activities. These may impact the performance of your computer. Please, use recomended (their spelling, not mine) antispyware to protect your system from parasite programs." It pops up in the bottom right bar with a symbol of a Stop Sign with a white X in the middle. I don't have Stop Sign, at least not to my knowledge, so I imagine this is something else.



At first, I thought it was Window being nice and telling me to fix this, although I was skeptical, and I went ahead with one of their downloads, TrustedAntivirus (foolish me). 2 days later, I managed to remove apparently several viruses using AVG, and over 100 things of spyware with AdAware SE Personal. I've ran my laptop in Safe Mode and scanned it with AVG (for a second time, first time was not in Safe mode and it removed all that) and about 30 tracking cookies came up (What was odd was that I looked at my laptop one second and saw the scan running, I looked back less than a minute later and it was gone, POOF. Literally) I figured that AVG went ahead and removed them, that was this morning. When I got home earlier I ran a MRT, Malware Removal Tool scan, also while the laptop was in safe mode, and 3 hours and over a million files scanned later, it came up completely empty. Nothing. Nada. That was about 20 minutes ago. I put the laptop off of safe mode and restored System Restore (which was off when AVG and MRT did the scans by the way) and I'm still receiving these messages.

I'm completely fed up with this and I'm at a loss of what to do now. Currently I'm running Symantec W32.Netsky FixTool 1.12.0 and babysitting it to stop these pop up from slowing it down anymore.

If there is absolutely anything someone can tell me to do, that hopefully doesn't involve having to buy anything, please tell me. I have a feeling that the problem might lie with the System Restore, that all seemed confusing to me so yeah.

Thx :thumbsup:

PS - Oh yeah, I looked up 1 thing and it happened to be on THIS site and someone posted to delete all temp. files and cookies and all that good mess but none of that worked for me. I tried to find out where the topic was moved to but I couldn't so I thought it was best to make another one. ;)

BC AdBot (Login to Remove)

 


#2 joeyrd1027

joeyrd1027
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 March 2008 - 07:10 PM

Oh, lucky me. AVG just popped up saying that it's detected a Threat.

File Name: systemerrorfixer.com/celan?....etc.

Threat Name: Exploit Trojan Installer.

It's popped up with this before but never asks if i want to remove it, I'm assuming that it does it for me, although with my luck it probably doesn't.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 18 March 2008 - 08:37 PM

Hello and welcome to BC.

Please print out and follow the instructions for using SmitFraudFix by S!Ri. Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
Entering Safe Mode instructions are below in Green Text.
Note:
The scanlog report can be found at the root of the system drive, usually at C:\rapport.txt .
Please copy and paste the Scan Log results in your next reply.
Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NEXT:
Print out and follow the instructions for using SDFix from the BC'tutorial How to use SDFix

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.

Also:
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt
.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post 3 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 joeyrd1027

joeyrd1027
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 18 March 2008 - 08:51 PM

Thx for the reply but I have one quick question:

Should System Restore be OFF or ON while I do any of this? Plz specify which :thumbsup:

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 18 March 2008 - 09:29 PM

Leave it on . Better to have an infected restore point than none at all ,should something go wrong. We Will clean that last.

Edited by boopme, 18 March 2008 - 09:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 joeyrd1027

joeyrd1027
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 19 March 2008 - 06:15 PM

I accidentally overlooked the Sdfix part of your instructions, would it be ok to proceed with the other tasks and once done with them, go out of safe mode and download what I need for that tool and then use it?

#7 joeyrd1027

joeyrd1027
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 19 March 2008 - 08:41 PM

Well nevermind now, those instructions that were given SEEMS to have fixed the problem. And I use seems very loosely b/c who knows what could happen.

For now, thank you ever so much for your help and yeah, thx lol. *bows and worships ground you walk on*

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 19 March 2008 - 08:49 PM

Could you post any of the scan logs? Then we can verify things.

Smitfraud ... C:\rapport.txt

SAS .... To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log

SDFix ... Report.txt
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users