Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert! Next To Clock. Error Cleaner, Privacy Protector On Desktop. Wallpaper Changed


  • Please log in to reply
15 replies to this topic

#1 Kevin Bouwman

Kevin Bouwman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 May 2008 - 04:58 PM

I have a problem with my laptop. My first evidence was that the wallpaper changed to a message about a Virus Alert. I have been a computer user and hobby programmer since the Apple II days so I recognized this right away as a problem. I soon realized that I had shortcuts on my desktop for Error Cleaner, Privacy Protector, and Spyware & Malware Protection also. I recognized these from a friend's description from a problem he had a year ago. I then noticed that where my traybar clock should indicate AM or PM the text VIRUS ALERT! was present. I didn't realize that text could even BE changed. I also started getting fake dialog boxes popping up warning me of a virus threat and wanting me to install the recommended software to fix it. I knew better than that so I closed those using Alt-F4 as much as I could. I also had Internet Explorer windows popping up and trying to load pages from a risking looking URL. I turned off my wireless adapter's antenna so I wouldn't be on the internet. Apparently the virus had started working on broadcasting before I noticed this because a little later my ISP called to let me know I had a virus and that he had shutdown my connection temporarily. I told him I knew and that I had disconnected the offending machine from the internet already. He wished me luck and told me he would turn my connection back on so I could use another computer to troubleshoot the problem. I downloaded AVG 8.0 and ran it twice. The first time it found a couple of files and and number of registry entries it didn't like. At this time I didn't realize that I was going to be asking for your help so I didn't record what the names of the items found were. If you know that AVG creates a log and where it might be I can certainly forward it. The second time AVG ran it didn't find anything it labeled a threat. This didn't seem to have any affect on getting rid of the virus.

I then googled on the Error Cleaner, Privacy Protector, Spyware & Malware Protection and found a thread recommending the use of SDFix.exe. I downloaded it and followed its intructions. When it told me to open a command prompt, I discovered that many of my start menu items had disappeared including Run and Command Prompt. When I opened Run dialog by typing Windows Key-R and typed cmd.exe ENTER the command prompt opened containing a message that my administrator had disabled my command prompt. As I am my administrator I knew this was another trick of the virus. After a little research I found that SDFix.exe had a registry script to fix this. I ran it and then my command line started to work. I resumed with the instructions from SDFix and after and hour or so thought I had the problem fixed. Twenty minutes or so after that I discovered that the virus was back with all symptoms except for the wallpaper change.

I just remembered that there is a white X in a red circle flashing in my traybar about half the time. It pops up a ballon every so often telling me I have a virus and asking me to accept its help getting rid of it.

This brings me to you. I am stuck and after reading your instructions in the sticky posts I have quit expirementing with it and am awaiting your advice.

Thank you,
Kevin

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:00 AM

Posted 28 May 2008 - 08:08 PM

Hello and welcome to Bleeping Computer.
A bit more info is needed. The Operating system (XP,Vista etc..).
You can download now correct?
Please follow these instructionsin our tutorial,ask any questions needed.
How to remove Privacy Protector or PrivacyProtector (Removal Instructions)
Post a copy of the scan report in your next reply.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Follow with this scan and log:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kevin Bouwman

Kevin Bouwman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 May 2008 - 08:28 PM

To get the easy questions out of the way:

This is an XP SP2 machine with all operating system updates applied as of a week or so ago.

I can go online but unless you recommend otherwise I am going to do as much downloading as I can on my desktop to minimize aggravating my ISP. I have a USB key I can use to transfer files into and out of the laptop.

I will start working through your instructions and post back as soon as I am through.

Thanks Again,
Kevin

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:00 AM

Posted 28 May 2008 - 08:31 PM

http://www.malwarebytes.org/mbam/database/mbam-rules.exe

after installing MBAM, you need to update it to the latest rule definitions
Chewy

No. Try not. Do... or do not. There is no try.

#5 Kevin Bouwman

Kevin Bouwman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 May 2008 - 05:23 PM

Hi,

Last night I ran the SmitfraudFix.exe and it seemed to get rid of the virus. When I logged onto the internet and openned IE to do the Panda Scan my homepage was not restored. The URL that it tried to load looked like an old windows default home page. The address bar and status bar flashed the URL and this looked strange to me so I closed IE right away and used Internet Options from the control panel to set my home page to blank. I then openned IE again logged in here and navigated to the Panda Scan link and started Panda Scan. The scan got started about 7:00 AM and in an hour was up to 12% complete. When I checked it again at 9:00 AM the popups from the virus were back. The changes the virus had made to my start menu (that were corrected by SmitfraudFix.exe) were not back at that time. The task manager button was still available on the Ctrl-Alt-Del menu also. Now at 5:00 PM the scan is only at 24% and the start menu and task manager button are corrupted again.

Do I let the scan continue even if it takes several days or do I need to take a revised approach?

Thanks,
Kevin

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:00 AM

Posted 29 May 2008 - 05:40 PM

stay off the internet for the rest of the treatment, there's a rootkit hiding that will reinstall and/or update the infection


try to do this exactly as specified without being on the internet

sdfix is a powerful program

I use it , MBAM, ATF cleaner and SAS and other tools in most cases.

I would have followed Boopme's exact instructions

Edited by DaChew, 29 May 2008 - 05:43 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 Kevin Bouwman

Kevin Bouwman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 May 2008 - 10:28 PM

DaChew,

I have followed Boopme's exact instructions thus far. I am curious as to where you think I may have strayed.

This is the first mention of sdfix. I do not see a reference to it in Boopme's instructions.

Your instruction in your first post to update MBAM was in Boopme's instructions.

I only went on the internet long enough to click on the Panda Scan link and get the scan started. I went offline again just as soon as it started.

Now at 10:25 PM the Panda scan is still showing 24% complete. The number of files scanned is slowly increasing.

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:00 AM

Posted 29 May 2008 - 11:51 PM

Sorry for the misifo, I didn't know that Panda was

Jul 5 2007

reccomended for the manual fix, the fact that the infection survived sdfix earlier is a almost cetainity that you are dealing with something newer and more complicated.

Because you disconnected from the internet does not mean the malware is disconnected, unless you pulled a cable or powered down a modem/router

My reccomendation would be to deny any access to the internet, immunize a usb drive with sub's flash disinfector and use it to transfer fixes to the infected computer

Your experience with Panda online scan seems to confirm my approach as being safer and more effective

Edited by DaChew, 29 May 2008 - 11:54 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#9 Gmayo

Gmayo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 29 August 2008 - 12:08 PM

Thanks all. I'd seen references to some of the programs here which duly found and (presumably) fixed some problems. However, it was the MBAM that did the trick - wham, mbam, thank you ma'am!

I've lost the contents of my My Documents and Desktop folders but nothing major there anyway. Previously symptoms were the words "Virus alert!" next to the clock (which is how I found this topic on Google), task manager disabled, firewall disabled, start menu missing most options (including Run, Log Off, the C:\ drive missing from My Computer, and various pop-ups appearing. XPHome SP2.

I might be able to recover some files using undelete software but as I say, nothing major anyway.

That'll teach me for relying on AVG to tell me that a file I downloaded had a virus! Next time I'll be a lot more careful.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 AM

Posted 29 August 2008 - 01:37 PM

Please post the results of your MBAM scan for review.

Launch MBAM.
Click the Logs Tab at the top.
mbam-log-7-18-2008(09-52-04).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Gmayo

Gmayo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 01 September 2008 - 04:40 AM

I'll do another scan later with the updates I've just downloaded. If there's anything else found I'll report it, otherwise assume no problems found.

Geoff M.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 AM

Posted 01 September 2008 - 07:17 AM

Sorry Gmayo, I scrolled through the thread too fast and thougt I was addressing Kevin Bouwman when I asked for the log to be posted for review. We ask members not to post for assistance in other member's threads and instead to start a new topic of their own to avoid confusion.

Therefore, I split your log into its own topic so we can continue separately from Kevin. You can find it here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Gmayo

Gmayo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 02 September 2008 - 07:26 AM

Thanks but I wasn't actually asking for help - I was thanking everybody for their help as it was this thread which directly solved my problems. At the time of posting I was virus-free.

So I was just showing my appreciation, not hijacking another thread!

Cheers

Geoff M.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 AM

Posted 02 September 2008 - 07:34 AM

I appreciate your kind words to thank us but you posted a MBAM log which indicated a serious infection. Although you are not having any obvious issues, I suggest you follow my instructions in the other thread and perform a new scan so we can confirm your system is clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 vanessary

vanessary

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 21 October 2008 - 05:18 AM

I've got this yesterday night too, i did what u said and it's alright, but the next day morning, I turned my computer on again, the wallpaper is here again, what can i do????Please help!!!THXTHX!!!!!!!!!!!

Edited by quietman7, 21 October 2008 - 07:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users