Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big Problem Here...


  • Please log in to reply
31 replies to this topic

#1 moo.moo.bear

moo.moo.bear

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 10:56 AM

My first post.

Anyways I have a few problems, I have a laptop and I always have the same update everyday. I always have to update it when I turn off the computer or on the automatic updates (which will cause me to restart). I believe it's the same update since it is always one update. I also have a Trojan downloader from the win32/Zlob Family (I believe) and it always comes back. How I got that Trojan I do not know. Now how do I get that this one updates "stays" on my computer and that Trojan is away for good.

I also don't have a good anti-virus program since my Norton subscription has expired and my OneCare trial has expired also. I don't know why the subscription has expired, it came with the computer.

Please help me!

Thanks in advance!!!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 11:09 AM

I am now installing Avira AnitVir so I will have a good anti-Virus program. It still doesn't solve the problem though.

Edited by moo.moo.bear, 17 May 2008 - 11:10 AM.


#3 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 11:52 AM

I now have another problem. I have the anti-virus program installed now, doing a scan, doing the update. I have two other viruses on the computer, which was never ever found. I don't know if that is true, also Norton tells me all the things from this program is all high risk. Like the updater and the notifier. I have permitted them though since it was said from this forum that it is a trusted program.

I'm still a little scared that it had found 3 things that will harm my computer. Can someone tell me (that uses the program them self) that it is VERY trusted.

Thanks in advance!!!

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:41 AM

Posted 17 May 2008 - 03:12 PM

Having no antivirus is risky but with proper care and other protection like being fully updated, immunizing IE and using firefox with noscript and doing frequent scans you can stay fairly malware free.

Having more than one resident active antivirus will almost certainly cause conflicts that will corrupt windows to the point of no repair.
Chewy

No. Try not. Do... or do not. There is no try.

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 17 May 2008 - 04:10 PM

you are going to get MORE infections with, at my reconing ,THREE antivirus programs now on there


Norton,One Care and antivir
look at this pictorial guide ON xp system restore
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

see if you can roll back to PRIOR to all this stuff going on there?

I suggest you see in each of the programs if they can be disabled while you do your roll back , stating the hopefully obvious OFF line
then start again

get that sorted then we can get you scanned for some other nasties with different tools

#6 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 06:33 PM

I didn't mean that, OneCare has been removed right after the trial has expired so I don't have it on my computer anymore. The Norton Anti-virus doesn't work at all since the subscription has expired, so it is disabled (because of no key since the program came with the computer, it won't let me enable it). The only anti-virus program that is working or on the computer that I have is Antivir.

Anitvir removed all the Malware I have had but often that one Trojan downloader will come back, so how will it happen that is stays away for good? Also if I want to update the program (Antivir) will it work with Wireless internet. It always says that it failed to get connection.

Also that one update has came back! I went to dinner and the computer restarted when I came back it said that it is up to date but now it says that my computer has updates. That thing just keeps coming back! Note that this update thing has been before I even had all this Trojan downloader stuff so it has nothing to do with it. I hope.


Don't worry I don't have 3 anti-virus programs on my computer. One doesn't work and the other has been removed. I know it's bad. Although I have a question, Norton Anti-Virus is with Norton, it's disabled but will harm the computer if it stays off? Since I can't turn it on, I don't have any anti-virus at all so it shouldn't harm the computer, right?

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:41 AM

Posted 17 May 2008 - 07:26 PM

http://www.majorgeeks.com/Norton_Removal_T...mNRT_d4749.html

let's make sure norton's is gone

also run this scan and post the log after running the removal tool and rebooting

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

avira is about the only free av I would reccomend

Edited by DaChew, 17 May 2008 - 07:27 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 07:34 PM

It tells me that the Removal tool has expired

Edited by moo.moo.bear, 17 May 2008 - 07:35 PM.


#9 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 07:46 PM

Nevermind, I have downloaded the program from the link of the message. http://service1.symantec.com/SUPPORT/share...006050909471013 was the link. Well not like that, I think is was just symantec.com only it redirected me to the correct place.

#10 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 08:17 PM

Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Quick Scan
Objects scanned: 37780
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14869272-e04b-66dc-80dd-58bab2570cf0} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03b54468-0899-4233-8689-623fffc295ee} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08f5d2f6-4ae5-486b-98e0-3e85ba6b4d11} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38481807-ca0e-42d2-bf39-b33af135cc4d} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica Franks\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

#11 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 08:27 PM

Is the program just a Anti-Malware or also a Anti-Spyware? Just a small question that interests me since I get confused a lot. I don't have good knowledge with computers as you can see.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:41 AM

Posted 17 May 2008 - 08:52 PM

malware is a catch all term for all the bad stuff
Chewy

No. Try not. Do... or do not. There is no try.

#13 moo.moo.bear

moo.moo.bear
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 17 May 2008 - 08:54 PM

Oh ok, wasn't so sure. Thanks! I'm off for bed and I'll check tomorrow! Thanks for the help, it's running better now although I'm still unsure.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:41 AM

Posted 17 May 2008 - 08:57 PM

there will be more scans to do, zlob is a bad one but be sure and turn your computer off
Chewy

No. Try not. Do... or do not. There is no try.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:41 AM

Posted 17 May 2008 - 09:02 PM

Mainly an Antimalware app. But since spyware is malware it does get both. As doe s Superantispyware it will also catch and kill most trojans plus spyware. Scan your PC with it also and see.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users