Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Privacy Danger


  • Please log in to reply
16 replies to this topic

#1 suicidallyangry

suicidallyangry

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 09 June 2008 - 07:39 PM

Hey everyone,

Yesterday, while using this site and several others on a reasonably new computer system (XP SP3), trying to find answers to how to fix my other computer, I ran into a bad website, and what do you know? It gave my a virus.

It replaced my Desktop with a red div overlay type thing that had a biohazrd graphic with crap about privacy danger. It was one big link. Other people with the same issue online said that they got about 15 popups along with it. I think that that didn't happen to me because I disabled Internet Explorer on that computer.
It's described better here
http://forums.techguy.org/malware-removal-...tml#post5325336

After alot of online reading, I removed the Desktop "overlay", and everything that I could that originated on my computer yesterday. Meanwhile, it's not all gone. My internet is now slower than a drunk elephant.

I want a way to COMPLETELY REMOVE the spyware. I've had some problems trying to install Smitfraudfix, SAS (SUPERAntispyware), and a few other programs that were advised by certain websites. I tried Adawareaway, and it finds the trojans and spyware, but you have to pay to get the goddamned thing to remove them.

Everyone on here uses Hijackthis logs. I don't know where you get those, and I don't want to have to unless they are necessary.

Can anyone help me?

Thanks!!!!!!

BC AdBot (Login to Remove)

 


#2 diego_moicano

diego_moicano

  • Security Colleague
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:08:53 PM

Posted 09 June 2008 - 08:10 PM

Hi suicidallyyangry

and I don't want to have to unless they are necessary.


Yes, they are necessary...

Look this topic:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

And this:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Hugs :thumbsup:

Edited by Orange Blossom, 09 June 2008 - 08:13 PM.
Move topic to more appropriate forum. ~ OB

UNITE & ASAP member

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:53 PM

Posted 09 June 2008 - 08:21 PM

What you want to do first is run this and post bak the log. HiJack if needed will be requested and Not posted in this forum.

What is your Operating System XP?? Also your installed antivirus and spyware tools,thanks

If using Vista then,Run As Administrator

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 09 June 2008 - 09:18 PM

Hey, thanks. I had no idea what Hijackthis even was.

I did everything requested at the links you sent me to. The damn DSS performed an illegal operation. It did however install Hijackthis.

Like I said in my original post, I'm working with Windows XP SP3.
I've tried installing Malwarebytes Anti-Malware 3 times. Nothing happens when I click on the program. I even moved it directly inton the C:\\ Drive like I found someone advise to online. No response. That's not going to work.

All I have now is Avast, which, for all of the rave reviews isn't worth a damn with a hole punched in it. It doesn't protect me from anything, it just "detects" a virus, and says "WARNING, A VIRUS HAS BEEN DETECTED" and you can try to delete it all day with no results.

**Update** My internet now works but a little slower than I'd like.

I REALLY WANT TO INSTALL SUPERAntispyware.
Everytime I try to, however, A window comes up saying this:
"
Windows Installer. V 3.01.4001.5508

msiexec /Option <Required Parameter> [Optional Parameter]

Install Options
</package | /i> <Product.msi>
Installs or configures a product
/a <Product.msi>
Administrative install - Installs a product on the network
/j<u|m> <Product.msi> [/t <Transform List>] [/g <Language ID>]
Advertises a product - m to all users, u to current user
</uninstall | /x> <Product.msi | ProductCode>
Uninstalls the product
Display Options
/quiet
Quiet mode, no user interaction
/passive
Unattended mode - progress bar only
/q[n|b|r|f]
Sets user interface level
n - No UI
b - Basic UI
r - Reduced UI
f - Full UI (default)
/help
Help information
Restart Options
/norestart
Do not restart after the installation is complete
/promptrestart
Prompts the user for restart if necessary
/forcerestart
Always restart the computer after installation
Logging Options
/l[i|w|e|a|r|u|c|m|o|p|v|x|+|!|*] <LogFile>
i - Status messages
w - Nonfatal warnings
e - All error messages
a - Start up of actions
r - Action-specific records
u - User requests
c - Initial UI parameters
m - Out-of-memory or fatal exit information
o - Out-of-disk-space messages
p - Terminal properties
v - Verbose output
x - Extra debugging information
+ - Append to existing log file
! - Flush each line to the log
* - Log all information, except for v and x options
/log <LogFile>
Equivalent of /l* <LogFile>
Update Options
/update <Update1.msp>[;Update2.msp]
Applies update(s)
/uninstall <PatchCodeGuid>[;Update2.msp] /package <Product.msi | ProductCode>
Remove update(s) for a product
Repair Options
/f[p|e|c|m|s|o|d|a|u|v] <Product.msi | ProductCode>
Repairs a product
p - only if file is missing
o - if file is missing or an older version is installed (default)
e - if file is missing or an equal or older version is installed
d - if file is missing or a different version is installed
c - if file is missing or checksum does not match the calculated value
a - forces all files to be reinstalled
u - all required user-specific registry entries (default)
m - all required computer-specific registry entries (default)
s - all existing shortcuts (default)
v - runs from source and recaches local package
Setting Public Properties
[PROPERTY=PropertyValue]

Consult the Windows Installer SDK for additional documentation on the
command line syntax.

Copyright Microsoft Corporation. All rights reserved.
Portions of this software are based in part on the work of the Independent JPEG Group.

(OK)
"

Does anyone know what is up with that? Or how to solve?

My Hijack this Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:33 PM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5508)
Boot mode: Normal

{Deleted HJT log as NOT requested}

Edited by boopme, 09 June 2008 - 09:37 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:53 PM

Posted 09 June 2008 - 09:39 PM

Let's try to reinstall the Cleanup Utility
Windows Installer CleanUp Utility
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 09 June 2008 - 09:59 PM

Sorry, but that doesn't work either. It brings up the same message about windows installer.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:53 PM

Posted 10 June 2008 - 06:11 AM

http://www.malwareremoval.com/tutorials/safemodeboot.php

Would you boot into safe mode and run a scan with avast

Avast is one of only 2 free AV's I reccomend

It's a very good program but today it takes a lot of combined effort to keep a computer clean or clean one if it's infected badly

People do not move MBAM to the C root, the developers have talked about a portable version, but I couldn't even find a legitimate hacked version when I looked
Chewy

No. Try not. Do... or do not. There is no try.

#8 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 June 2008 - 09:59 AM

I booted into safe mode and clicked avast. It came up and told me that there were infections in the memory that would be safer to remove before a system boot. It then shutdown my computer, restarted it, and scanned the memory before windows xp loaded. It deleted ALOT of dll files.

It finished scanning the memory, and my computer fully loaded normally. I ran avast, and it's in the process of a "thorough" system scan. It's at 44% and it'sa scanned 66,000 files. I'll keep you updated. Did you want me to post the results when they come?

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:53 PM

Posted 10 June 2008 - 10:10 AM

that avast process sounds good, let's hope that you didn't wait too late in the infection, just let us know if it finds any rootkits or backdoor trojans and their names

After avast has run it's course try to do the MBAM from Boopme's request, don't ever expect one program, no matter how good it is, to handle these new malware suite infections, the damn things change everyday and then update from the web on top of that
Chewy

No. Try not. Do... or do not. There is no try.

#10 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 June 2008 - 11:12 AM

It finished after 116,000 files.

This is what it found and deleted in various parts of the computer.

Infection: Win 32:PurityScan-V [trj](3X)
Infection: Win 32:E404-H[adw] (2X)
Infection: Win 32:Vundo@dll[trj]
Infection: Win 32:Obfuscated-EJC[trj]
Infection: Win 32:Small-JMH [trj]
Infection: Win 32:Adaware-gen [adw]
Infection: Win 32:Small-KXF
Infection: Win 32:Small-jMH
Infection: Win 32:Rootkit-gen[rtk] (5X)
Infection: Win 32:Agent-VGV[wrm](5X)
Infection: Win 32:Agent-BSU[trj]

I'll go try to install MBAM now.

#11 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 June 2008 - 11:42 AM

MBAM WAS SUCCESSFUL!!!

It deleted 12 things, but when it restarted my computer, about four messages came up about how ______ was not a valid image file. I'm worried about this!

I'm going to see if I can get SAS to install now...

Malwarebytes' Anti-Malware 1.16
Database version: 845

12:28:46 PM 6/10/2008
mbam-log-6-10-2008 (12-28-46).txt

Scan type: Quick Scan
Objects scanned: 35610
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 34
Registry Values Infected: 11
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 24

Memory Processes Infected:
C:\Documents and Settings\John\cftmon.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\nvrsma.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\nnnnMFur.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnmfur (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.band (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\stflex.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{463f6f49-fea0-4a1e-833e-f15fe0337cbf} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fe27c3b6-1bcf-43ea-99cf-1e6385589c8f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a5385046-c554-4205-a263-a67e273747de} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\MozillaPlugins\@outerinfo.com/yazzlegateway (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\antiviirus (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\erpobmsw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath (Hijack.Service) -> Bad: (C:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\nvrsma.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\nnnnMFur.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\John\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bzsqlpa.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ntpl.bin (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\ST678LMN\CAHJZ1OW (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\KDQNWPW3\CAHY4RJ9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\KDQNWPW3\CATG611Z (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\KDQNWPW3\CAY34PKH (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\KDQNWPW3\CACV2PSB (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\GLYFSDUF\CA7AM9VR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\GLYFSDUF\CAXKRQFP (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\GLYFSDUF\CAVCT7NG (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8FYFKNQH\CAFUQ1F7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8FYFKNQH\CALW29HJ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8FYFKNQH\CAF2U9NF (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\8FYFKNQH\CAUXLXC6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\adgpfoxs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:53 PM

Posted 10 June 2008 - 11:47 AM

http://www.bleepingcomputer.com/forums/ind...mp;#entry839950

I call this approach the Quietman123

You have done 1, let's do the 23 and maybe get ahead of this infection, I was going to reccomend a clean install
Chewy

No. Try not. Do... or do not. There is no try.

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:53 PM

Posted 10 June 2008 - 11:49 AM

Don't worry about the messages about the missing or broken malware files, actually that's a good sign,we just need to finish the disinfection
Chewy

No. Try not. Do... or do not. There is no try.

#14 suicidallyangry

suicidallyangry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 10 June 2008 - 02:22 PM

I did everything that you said to. It seems to have fixed the messages about broken malware files. I fixed all visible problems that come up in Avast, SAS, MBAM. I don't have anymore problems with windows installer. :thumbsup:

However, my internet is still running a little slower than normal. Are there any other recommendations?

Should I use spybot and lavasoft to make sure that they can't find anything else?

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:53 PM

Posted 10 June 2008 - 02:29 PM

Run another scan with MBAM, it might find something

your internet will be slower at first since we wiped out the temp files

Edited by DaChew, 10 June 2008 - 02:30 PM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users