Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.cyberlog-x (help!)


  • Please log in to reply
11 replies to this topic

#1 jandn73007

jandn73007

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 May 2008 - 04:33 PM

ok yesterday i got off my comp after being on myspace when i returned i had a message saying i had spyware.cyberlog-x to click here to fix it i didnt click because it looked a little iffy so i looked online and found it that it just displays those messages but anyways i cant get rid of it and i dont know what to do so i came here for help i tryed the preperation guide but it wont give me the text files at the end because my comp has some kind of data excurtion thing (dep) and i need to know what to do so i can post the text files so you guys can help..it would be awesome if you guys could help thanks alot

Edited by Orange Blossom, 25 May 2008 - 07:34 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 25 May 2008 - 08:29 PM

Hi and welcome.
I think we can clear this up here.
What operating sytem is installed XP,Vista etc...?
What Antivirus and spware tools are installed.

Edited by boopme, 25 May 2008 - 08:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jandn73007

jandn73007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 May 2008 - 07:43 AM

ok yea its windows xp and what i had origanally on there was the McAfee Security Center and SuperAntiSpyware but after getting this rougue viruse a put some other ones on there to see if they would take it off like they claimed it would but it didnt do anything so i also have SmitFraudFix on there and a Google security that came with a spy doctor or something but all these seemed to fail at removing it

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 26 May 2008 - 09:28 AM

Ok good i'll post some instructions. I don't know where you loaded Smitfix from so to be sure I'll give you this as I know it's the correct and updated version. If you have installed SpyBot,disable it for theses scans.

First run SmitFraudFix by S!Ri
Post the scan report.... The report can be found at the root of the system drive, usually at C:\rapport.txt


Next;


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jandn73007

jandn73007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 May 2008 - 09:42 AM

ok i got the smitfraudfix from the link uou provided and i ran it in normal mode not safe mode im guessing thats what you wanted me to do and will it was running i noticed it saying it couldnt delete some files because it was being ran by another process let me know if i need to go into safe mode to do this here is the text file that it gave me and i am running the mbam scan as we speak...

SmitFraudFix v2.322

Scan done at 10:35:22.43, Mon 05/26/2008
Run from C:\Documents and Settings\Owner.marie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 26 May 2008 - 09:46 AM

Yes the cleaning aspect of SmitFraud should be done in safe mode.
The Malwarebytes Anti-Malware is better from normal. So after runnong the cleaning. then reboot to normal and run MBam.
Post 2 logs ,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jandn73007

jandn73007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 May 2008 - 10:29 AM

thanks for helping and sorry it took so long for me to reply back im not sure what to do now :thumbsup: because i went to safe mode did the smitfraudfix and rebooted to normal mode and when i tried to get the text file from smitraudfix it said data execution prevention stoped this program and it wouldnt let me see it but here is the mbam log if you tell me how i can get the smitfraudfix i will get it and post it too


problems of the virus has stoped im not getting the fake popups anymore and google seems to be working again meaning when i click on something it dosnt take me to the pages on how to remove the virus or pages about buying a program to remove it

waiting for further instructions here is the mbam


Malwarebytes' Anti-Malware 1.12
Database version: 788

Scan type: Quick Scan
Objects scanned: 40495
Time elapsed: 16 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\activedsv.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Owner.marie\Application Data\Microsoft\dtsc\7664.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spywarewarning.mht (Trojan.FakeAlert) -> Delete on reboot.

Edited by jandn73007, 26 May 2008 - 11:03 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 26 May 2008 - 12:33 PM

Well Ok then, this log looks good. How is the PC now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jandn73007

jandn73007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 May 2008 - 12:49 PM

:thumbsup: the pc seems to be doing fine im not getting those annoying pop ups telling my im infected by the spyware.cyberlog-x anymore and my browser was doing this thing where it would redirect me to a page to buy something to fix the problem but it has stoped to so i think its gone

do you think im good to go now????



and thanks ALOT!!!!!!! i cant thank you enough im so happy someone decided to help me so yea thanks again :flowers:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 26 May 2008 - 12:54 PM

Great and you're welcome. Now if all symptoms are gone then...
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jandn73007

jandn73007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 May 2008 - 01:07 PM

hey just did this and i wanted to thank you one more time

so yea THANKS!!!!!!!!!! its much appreciatied

:thumbsup:

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 27 May 2008 - 09:19 PM

You're welcome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users