Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hepl - Misc P2p Virus, Clap, Clamidia, Herpes - Total Infection!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Lithops3

Lithops3

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 03 April 2008 - 09:02 PM

Running windows XP Pro. I turned off recover, went into safe mode, ran spybot sd, ran norton, could not run ad aware 2007 in safe mode, I also was unable to run AVG (Roxio software conflict). Ran HijackThis after I did all of the above and restarted normally - log attached
Sympoms are crashing internet explorer and when I am working in another application (any app, word, excel, etc) - Ill get an internet popup screen which flashes for less than one second - it will keep flashing for a duration of about 1 min. I did a printscreen to capture the website which is popping up. http://whiteboy/snakehost.com/ADS.html
Pls Help!

Attached Files


Edited by Lithops3, 04 April 2008 - 01:06 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 08 April 2008 - 06:30 PM

Hello Lithops3,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please get a healthy dose of antibiotics and post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Lithops3

Lithops3
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 10 April 2008 - 07:39 PM

Thank you so much - yes I still need help. My norton is indicating the infected files below. New Hijack this file is attached

Date Filename Virus Name Original Location Status
2008-04-06 17:53 b153.exe Downloader C:\WINDOWS\ Infected
2008-04-05 17:46 b155.exe Downloader C:\WINDOWS\ Infected
2008-04-02 16:53 cryper.dll Infostealer C:\WINDOWS\system32\ Infected
2008-04-02 16:53 nutjnhs.exe Bloodhound.W32.EP C:\ Infected
2008-04-02 16:53 vsskkbc[1].htm Trojan.Packed.13 C:\Documents and Settings\lfender\Local Settings\Temporary Internet Files\Content.IE5\1FF7P58Q\ Infected
2008-04-02 16:53 olijfpmv.exe Trojan.Packed.13 C:\ Infected
2008-04-02 16:53 rxlyddhv[1].htm Bloodhound.W32.EP C:\Documents and Settings\lfender\Local Settings\Temporary Internet Files\Content.IE5\W1IV4TEV\ Infected
2008-04-02 16:53 oucrunth.exe Downloader C:\ Infected
2008-04-02 16:53 plmzrevwn[1].txt Downloader C:\Documents and Settings\lfender\Local Settings\Temporary Internet Files\Content.IE5\4HIFK1MN\ Infected
2008-04-02 16:53 nutjnhs.exe Bloodhound.W32.EP C:\ Infected
2008-04-02 16:53 rxlyddhv[1].htm Bloodhound.W32.EP C:\Documents and Settings\lfender\Local Settings\Temporary Internet Files\Content.IE5\1FF7P58Q\ Infected

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 10 April 2008 - 08:35 PM

Hello,

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Lithops3

Lithops3
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 11 April 2008 - 10:16 AM

Thank you so much for getting back to me. I couldnt stand it anymore - bit the bullet last night and formatted the whole mess. Sorry to waste your time. Folks like me really appreciate your willingness to help.
THANK YOU!

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 AM

Posted 11 April 2008 - 12:14 PM

Hi there,

You didn't waste my time at all, and I thank you so much for coming back to let me know what happened. :thumbsup:

Have a great weekend!
tea

this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users