Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Ton Of Viruses Are Still Lurking


  • Please log in to reply
1 reply to this topic

#1 bluejay2

bluejay2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 23 June 2008 - 10:57 AM

I'm on a PC with Windows XP serv. pack 2.

I have run combo-fix and it cleared up my hijacked browser after running ClamWin, in safe mode. When I ran ClamWin again, I got this:

F:\Documents and Settings\All Users\.clamwin\quarantine\infected.A0031280.exe: Adware.ZenoSearch FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.A0031284.exe: Trojan.Downloader.TSUp-15 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.A0031293.exe: Trojan.Downloader.TSUp-14 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.pwinqpeg.exe: Adware.ZenoSearch FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.tsuninst.exe: Trojan.Downloader.TSUp-15 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.tsupdate_4_0_4_1_b3.exe: Trojan.Downloader.TSUp-14 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.ysb_prompt[1].htm: Trojan.Downloader.JS.IstBar.A-4 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.ysb_prompt[1].htm.000: Trojan.Downloader.JS.IstBar.A-4 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.ysb_prompt[1].htm.001: Trojan.Downloader.JS.IstBar.A-4 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.ysb_prompt[1].htm.002: Trojan.Downloader.JS.IstBar.A-4 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.ysb_prompt[2].htm: Trojan.Downloader.JS.IstBar.A-4 FOUND
F:\Documents and Settings\All Users\.clamwin\quarantine\infected.~DF4D57.tmp: Trojan.VB-105 FOUND

Does this mean I'm in the clear or not?

Thank you in advance,

Bluejay2

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2008 - 12:36 PM

1. Download ATF cleaner (by Atribune)

Doubleclick ATF cleaner to start the program.
At the tab "Main", place a mark at Select All.
Klick the button Empty Selected.

If you use FireFox:
Klick at the tab "Firefox", place a mark at Select All.
I you would keep the stored passwords in FireFox, please choose "No" at the window that opens.
(This deletes the mark at "Firefox saved passwords")
Klick the button Empty Selected.

If you use Opera:
Klick the tab "Opera", place a mark at Select All.
I you would keep the stored passwords in Opera, please choose "No" at the window that opens.
Klick the button Empty Selected.

Ga to the tab "Main" and click the button Exit to close the program.

2. Download the next programs, but do nothing more than that:3. Install the programs that are advised in step 2, and update them. :thumbsup:

4. Restart your computer in Safe Mode. See here for a tutorial how to do this.

5. Scan with the next programs:
  • Your anti-virusscanner
  • Spybot S&D
  • Ad-Aware
  • Windows Defender
  • MalwareBytes' Anti-Malware
    Post the results in your next answer
6. Restart your computer again, but now in Normal Mode.

7. Go to Kaspersky Online Scanner.
Klick at the button Accept.
This scanner is only compatible with Internet Explorer 6 and higher !!
It could be you must click at a yellow beam to activate ActiveX files that Kaspersky needs to run and download. Accept this.
  • The program will now start downloading the latest definition files. After this you need to click Next.
  • Than click Scan Settings.
    Beneath the text Scan using the following antivirus database: you need to choose the second option: extended - protect your .....
    Beneath the text Scan options: you need to check the following boxes: Scan Archives .... and Scan Mail Bases ....
  • Than click OK.
  • Now start the scan by clicking the text My Computer.
    Posted Image
    Note that this scan may take a while.
  • When the scan is finished, you'll get the option to save the scan report.
    Click at the button Save Report As. Save the report at your Desktop with the name kavscan.txt
Post this report in you next reply.

8. Now, post the logs/results in your next answer. Tell which problems you still have. I need the following reports:
  • The results of your anti-virus program
  • Spybot S&D
  • Ad-Aware
  • Windows Defender
  • Kaspersky Online Scan
Good luck. :flowers:

Edited by superbird, 23 June 2008 - 12:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users