Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Now!


  • Please log in to reply
5 replies to this topic

#1 MagicallyDelicious

MagicallyDelicious

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 17 April 2008 - 06:11 PM

i was on the internet looking at new computers...and then randomly the start menu bar disappeared along with the icons on my desktop...i started scanning my computer MANY MANY TIMES!...no new bleep was popping up just some minor crap that didnt change a single thing...and ive already found 7 different viruses (one of which gave me about 286 notifications through my firewall (symantec Firewall Client/symantec antivirus corporate edition)...the first one was called fccdaxx.dll, another was cbXRIBqq.dll) i cant remember all of them though...but my antivirus thing couldnt clean them, all i could do was delete them (so i did). I googled some fo the viruses but that was pointless, they were already deleted so i didnt see what i could do about them now. Oh wait!...the cbXRIBqq.dll one was detected but symantec couldnt quarantine it or clean it...so i left it alone that moment....then i did a search thingy for that file and found where it was located (C:\WINDOWS\system32), i tried deleting it, and even scan the thing for viruses with symantec but the scanner wouldn't appear. So i went to the antivirus thing and i tried to scan it from there and it said that my scan thing...hold on let me quote it..."Symantec Antivirus could not access the scan engine. Please ensure that the product is properly installed." Why wouldnt it be properly installed? It has been working since january of last year when i first got the computer. Anyway, i got frustrated and went to a bit torrent source (mininova.com) and found a new symantec thing (didnt believe it would work properly for a long period of time but i tried to install it anyway) it was a .uif file and i downloaded something that opens up uif files (magicISO)...and it told me to uninstall my current symantec thing...but i went to symantec first to see if there was another option but i couldnt find one. I ended up deleting symantec and tried to install the other one and it ended up failing (of course, nothing can go the way i want it to), so i had no firewall and antivirus protection at the time so i did a system restore (i had made about three of them to start me back to a better time in this whole process of ridding myself of this bleep, and i had restored my system atleast 5 times within the past four days, started monday (the 14th))(and when the system restore is over with my computer goes back to normalcy for about an hour, but now it only lasts about 10 mins and it takes about an hour to do the system restore when it only took about 5-10 mins before) and when it was done and it restarted my computer this notice showed up that symantec was unable to install itself fully (basically what it said but i cant quote it for sure)...and now im left with my desktop flicking on and off every 5 seconds (sometimes permanantly gone, but i would use task manager to access everything (like internet obviously, aim, limewire, itunes etc.) the things i cant access when the desktop disappears is (my documents, control panel, and other folders on my computer)...and that is where i am now...desktop flickering and a "improperly installed" antivirus/firewall...what should i do because i've run out of ideas...sorry the message is so long but i wanted to give you details...OH and my computer is windows XP home edition...um i read another post from someone on what to post...and im sorry i cant exactly go in order of what i did cause its been 4 days almost...ive dont alot of things...but i forgot to add that i had installed a newer version of limewire, it was a beta version (limewire 4.17. something), from mininova...and some firewall that didnt succeed in installing (zone alarm version 7 or 8) from mininova too...these two installations were before the problem occured but i uninstalled limewire 4.17, and zone alarm i just got rid of since it didnt need to be uninstalled...

Edited by MagicallyDelicious, 17 April 2008 - 06:37 PM.


BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:30 AM

Posted 17 April 2008 - 07:14 PM

Dear MagicallyDelicious
Welcome to BC
This is just a quick note to let you know that we have moved your topic to another forum that would be best suited for its subject matter.

You can find your moved topic here:

Am I Infected

Thank you and have a great day!

garmanma
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 17 April 2008 - 07:28 PM

Hello please try to run one scan here. Is this an XP,Vista etc... PC?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 MagicallyDelicious

MagicallyDelicious
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 17 April 2008 - 10:39 PM

yes i mentioned in my last port that i have windows XP home edition

#5 MagicallyDelicious

MagicallyDelicious
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 17 April 2008 - 11:38 PM

My desktop is no longer flickering...i think its fixed...im not sure...




Malwarebytes' Anti-Malware 1.11
Database version: 646

Scan type: Quick Scan
Objects scanned: 80332
Time elapsed: 22 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 34
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\cbXRIBqq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayaYQKb.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxribqq (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{351411f4-d623-40e5-8d86-364ca1ec1ddc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{351411f4-d623-40e5-8d86-364ca1ec1ddc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31aa10fe-9109-4f89-be8e-b556d322ac4f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b92ab7b-53f4-40a4-8c0e-3450f798b77c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c045eb14-0a29-48e9-981a-0d491c228d7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eba01ca2-7942-44b8-a02b-7f72a2eaf7c4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bxmo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayayqkb -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayayqkb -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Dayle\Local Settings\Temp\NI.UGA6P_0001_N111M1707 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection\Logs (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\cbXRIBqq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcASiHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yHiSAcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaYQKb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bKQYayay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bKQYayay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rtqmekwg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dayle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dayle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection\avtasks.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection\Logs\av.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection\Logs\ga6Support.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dylan\Application Data\TrustedProtection\Logs\update.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\omlbpkaw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\lgmxvpatrqm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 18 April 2008 - 02:57 PM

So after you reboot are the symtoms gone?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users