Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Malware But Not Sure Exactly What

  • This topic is locked This topic is locked
3 replies to this topic

#1 srfwidow


  • Members
  • 14 posts
  • Local time:05:30 AM

Posted 05 April 2008 - 05:55 PM

Aloha, I am trying to clean my friends computer that has at least one virus if not many. We are getting internet popups, fake security message alerts (Windows Alerts) an error at startup regarding winsrc.dll. I ran spybot and we have Virtumonde, Command Service, FakeAlert.cc that it didn't seem to clean (I have uninstalled spybot for now but can reinstall easily if needed). I tried to run dss.exe which is in the how to use this form instructions but during the process where I think it is trying to backup the registry it stops. My guess is I first need to install hijack this for you but I need a link. Please advise. Mahalo.

BC AdBot (Login to Remove)


#2 skyfuser


  • Members
  • 470 posts
  • Location:California
  • Local time:08:30 AM

Posted 05 April 2008 - 06:15 PM

Get SUPERAntiSpyware Home Edition here.
Then this is directly copy and paste from the expert's post:
SUPERAntispyware Scan

Download and install SUPERAntiSypwareusing the default settings

Roght-click the SUPERAntiSpyware desktop icon and choose "Run as Administrator" to launch the program.
When you are asked to update the program definitions, click Yes.
Only if you are not prompted to update the definitions or already have SAS, select Check for Updates before scanning.

Program Setup

Select Preferences | Scanning Control

Check the following Scanner Options:
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the Close button to leave the control center screen.

Scan Setup

Select Check for Updates to verify that you are working with the most up-to-date definition database.
On the main SAS screen, under Scan for Harmful Software select Scan your Computer.
On the left, make sure your primary drive (normally C:\Fixed Drive) is selected, plus any other hard drives that are connected to your system.
Now, close SUPERAntispyware because you will be running the scan in safe mode

Boot into safe mode

Restart your computer
Right after the PC manufacturer's splash screen appears, immediately tap the F8 function key
When the Advanced Options menu appears, select the safe mode option
You will see a list of drivers scroll by, after which a low resolution version of the Windows desktop appears

Scan with SUPERAntispyware

Relaunch SUPERAntispyware by right-clicking its desktop short-cut and choosing "Run as Administrator".
On the main SAS screen, under Scan for Harmful Software select Scan your Computer.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan.
After the scan is complete, a Scan Summary box will appear listing potential threats that were detected. Click OK.
Check all detected threats, then click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click OK and then click the Finish to return to the main menu.
Reboot your computer

Retrieving the scan report

Relaunch SUPERAntispyware
Click Preferences | Statistics/Logs
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, select the most recent and press View log. The SAS scan log will be displayed in your default text editor.
If you are posting a HJT log, and any threats (excuding cookies) were found - copy and paste the SAS Scan Log results in your HJT topic - along with your HJT log.
Click Close to exit the program.
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#3 srfwidow

  • Topic Starter

  • Members
  • 14 posts
  • Local time:05:30 AM

Posted 05 April 2008 - 06:25 PM

Thanks, I'll try that now.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,111 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:30 AM

Posted 05 April 2008 - 10:03 PM

Hello srfwidow,

I see that you now have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/140240/infected-with-malware-my-hjt-log-superanitspyware-logs/ Because you have posted this log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 10 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users