Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected, Cannot Id, Locate Or Clean Unknown Viruses


  • Please log in to reply
4 replies to this topic

#1 mnxd9

mnxd9

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 11 June 2008 - 10:59 PM

Got a nice one here, just did a fresh install, however I was forced to get a driver off another computer, which was infected, and I'm not sure if it carried over that way or what....

I scan with AVG 8 I come up with 30 warnings, AVG calls them a couple names...
Under infection it lists
Found Adware.Generic about 24 times
Found Adware.TitanSheildAntispyware 4 times
Found Adware.Isearch 1 time
Found Adware.newDotNet 1 time.
And I think if I just let it run, it'll find a bunch more viruses, I think something keeps opening a door, and everyone comes for the gangbang, unless I scan and move the files into the vault....

Now if I moved those to the Virus Vault I can scan and scan with mulitple things and never find another bad listing, But if I delete them from the Virus vault the whole process starts over again, and I find more "warnings" in avg, nothing else seems to find anything. Whatever it is, it's pretty slick, it will unimmuneize 30 things from spybot under "softwareplugins" It unchecked 167 items for protection in spywareblaster.

I've run lots of programs, I see if I can remember them all....
Threatfire, AVG 8.0 Spyware blaster, spybot, adaware, otscanit, rootkitrevealer,malwarebytes, windows defender. and a couple more I can't remember, though I am sure they were legit programs, I found multiple reccomendations to run them online before AI even attempted anything.

The only program the kind of find something is AVG, it just closed threatfire when I restarted the computer, after I tried running what I can in safe mode, again finding nothing more in any program.

Seems mostly contained when the activix's are in the virus vault.


At this point I'm not sure what the F I can do. I've done everything I could find to read and then some, and I'm getting nowhere, I even manually deleted the values in the registry, and they still came back...

Edited by mnxd9, 11 June 2008 - 11:00 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 12 June 2008 - 10:21 PM

I would suggest you try disabling all the tools and run the malware bytes scan from normal mode after updating it. Post that log here. Also disconnect from the Internet after the update and before the scan. Spybot is a good tool but many time the Teatimer function interferes with other scanners. So please keep that of during all scans we may do.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 12 June 2008 - 10:53 PM

Are you using SpywareBlaster, Spybot S&D's Immunize Feature?
AVG FAQ 1198: Infection detected in "ActiveX Compatibility" registry key

An "ActiveX Compatibility" registry key is a result of the "Immunize" function included in some anti-spyware programs (e.g.: "Spybot search & destroy", "Spyware blaster",...)

The key contains the same registry entries as the actual threats, thus preventing them from working correctly. Some anti-spyware programs use this method to prevent launching of the malware. Unfortunately, these parts are still detected by AVG signatures and that is why AVG marks them as infected.

To assure protection provided by AVG against these threats, it is not possible to remove such signatures from AVG virus bases.

Because of this, "Immunize" function included in above mentioned softwares is NOT compatible with AVG products.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 mnxd9

mnxd9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 13 June 2008 - 02:18 AM

First off thanks Boopme, I have actually done that, I believe my issues is exactly what quietman7 says it is....

Dang I've wasted a lot of time on this too :thumbsup:

The good news is that I'm not infected, and I'm Dang sure of it now, I just pretty much put together what quietman7 said right before I came here to check this thread, now that I've completely wiped 3 computers, and one of them twice. Atleast they are 100% clean now.

May be time to switch to Avast or something....

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 13 June 2008 - 02:22 PM

See BC's Freeware Replacements For Common Commercial Apps and List of Virus & Malware Resources.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users