Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • Please log in to reply
8 replies to this topic

#1 evilmanic

evilmanic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 21 May 2008 - 12:53 AM

Hi there, i'm new here and was told to post and i'd be taken care of lol, so here I am.

I'm not sure where to start, but needless to say, i'm experiencing major pop ups, mostly from AntiSpywareMaster. I was using avast pro and it had detected a series of trojan, vundos, win95 and a few others, unfortenly i am unable to recall the logs as i had taken avast out and installed a 30 day trial of bitdefender and full version of pc tool spyware doctor. I have run multi scans and they both had found these trojans and suppoisly removed them, but appear again on the fourth scans or so forth. The popup are still coming up, but only if i open explorer to go to hotmail, it'll open up new tabs directng to a site that is down, or the antispywaremaster, sayin i'm infected and gotta get that. I have heard of hijackthis, and sorta familiar with it, but wont post it up till you guys tell me where to start. The computer, net is very slow 80% ish, cant really play my wow game or feels like i'm on dial up to search on google. Any help or advice would be much appreciated as i've exhusted my search in tryin to fix this.

thanks,

evilmanic

*edit* btw i'm on Vista Home, any other computer info you need, just let me know.

Edited by evilmanic, 21 May 2008 - 12:55 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:09 AM

Posted 21 May 2008 - 06:19 AM

would you run rogueremover first

http://www.malwarebytes.org/rogueremover.php

then reboot and run MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
Chewy

No. Try not. Do... or do not. There is no try.

#3 evilmanic

evilmanic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 21 May 2008 - 10:19 PM

Dachew thanks for the quick response, unfortenly i had to do a factory restore. my computer was so bad, i couldnt do anything and one thing after another was crashing. First time i've been defeated in my years on the computer. Thats my fault on my part, not keeping up whats going on. Anyways, thanks for the fast response, appreciate it and will keep in touch.


evilmanic

#4 evilmanic

evilmanic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 22 May 2008 - 12:32 AM

well i guess i spoke too soon, even thou i did a factory restore, wiped out every file i had, and i also deleted the ones on the d drive, still i had a feeling something wasnt right, after proceeding with my 90 day norton trial, took a few tries to get my updates, then the problems started, only this time, i never got my constant popups, just some websites i couldnt enter, like hotmail.com, windows update and couldnt even download window messenger live. norton did a full scan and found one virus infostealer.gampass which it had deleted it. still i couldnt get into hotmail or the other sites, so i turn off the net, uninstalled norton and installed avast, almost right away it found the win32vundo virus again. i did what you said to do up top, first program didnt find anything, but the malwarebytes had found this:

Malwarebytes' Anti-Malware 1.12
Database version: 775

Scan type: Quick Scan
Objects scanned: 33682
Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\User\AppData\Local\Temp\xxyWOfDs.dll (Trojan.Agent) -> Delete on reboot

is it possible this is blocking my common sites that i vew ?

#5 evilmanic

evilmanic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 22 May 2008 - 12:39 AM

second scan after reboot ( still unable to access hotmail/window update or even download messenger)


Malwarebytes' Anti-Malware 1.12
Database version: 775

Scan type: Quick Scan
Objects scanned: 33289
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by evilmanic, 22 May 2008 - 12:47 AM.


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:09 AM

Posted 22 May 2008 - 05:30 AM

door 1 reinfected from a file you saved or redownloaded from P2P source

door 2 got back on the net unprotected unupdated/patched and went back to the bad web sites

door 3 malware infected by immaculate conception? or something like that, my theology is a little rusty

http://www.bleepingcomputer.com/forums/ind...st&p=830913

the bottom part of Quietman's closing statement is a must read
Chewy

No. Try not. Do... or do not. There is no try.

#7 evilmanic

evilmanic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 22 May 2008 - 09:01 AM

thanks again for the fast reply, i have scanned my backup files before saving them, any chance this was a work of a hacker? all i do on here is chat, email and play world of warcraft, i dont go to porn sites or anything......i have tv for that :thumbsup: any sites that i went to, is to update the system, nothing unusual. I read that post, will shut down my computer and do it after work as it looks like it will take some time doing and will keep you posted, again, thanks man

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:09 AM

Posted 22 May 2008 - 09:17 AM

I try to update and bulletproof computers after a clean install before connecting them to the internet

I once kept a trojan/virus for 3 weeks before norton's would pick it up

Some are so embedded in a large cracked pirated software package they may never detect until you install them

reliable sources is the key here so you don't open door number 3 and find the tiger

I prefer the pretty girl behind door 2

:thumbsup:
Chewy

No. Try not. Do... or do not. There is no try.

#9 evilmanic

evilmanic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 24 May 2008 - 03:58 PM

seems alot of my system settings arent working. window defendor wont load , security centre, internet is very slow loading, basically everything is. i've ran all scans and its coming up emtpy. i'm gonna use my cd's this time to run a full format, i have downloaded virus def to today's date and will store on the d drive and only run those till i can update windows. hopefully this will work.


*edit*

Well I made it back, everything seems to be working perfectly now, no trace of anything, managed to do a full system backup, and a restore point after updating virus and windows update. Thanks for the advices man, you've better prepared me for any future attacks. :thumbsup:

Edited by evilmanic, 25 May 2008 - 08:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users