Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bman and Bman1


  • Please log in to reply
9 replies to this topic

#1 Krooz

Krooz

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 18 April 2005 - 02:01 PM

New to this site so Hi to all.... and yes I have problems...

Picked up a good one last Friday somehow. In task manager I see Bman and Bman running.... cannot delete the exe. Have Norton and Adaware SE (?) I think it is, anyway it got through those. It put all kinds of icons on the screen, computer is extremely slow and I can't log on to the internet. At least it doesn't look like it. Goes to some BS screen that says server not be found but there's buttons that appear to be active (I won't press them) for casinos, on line prescriptions, premium sites etc. Ran the scans and found somethings but the scans go right past Bman apparently. Plus it won't let XP build another internet connect with a password requiement (only always on). Bought Norton Internet Security last night.

So, I'm sitting here at work.... I've put SpyBot and Hijackthis onto my flashdrive to take home. This should be interesting as I'm not that computer savvy though I did remove a malicious script from the registry one time - a painful process for me.

I have a feeling I'll have all kinds of issues because it sounds like SpyBot isn't always the answer. This will be frustrating too since I'm not connected at the house at this time for trouble shooting.

Anyway, this is a great site and I'll be back I'm sure!

Thanks

Krooz

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:04:08 PM

Posted 18 April 2005 - 07:46 PM

Hi Krooz
There will be others along who can give you more detailed instructions, I'm sure, but for now collect updated pattern files for Norton AV, AdawareSE (it must be SE), and the latest Spybot S&D and put them on your pen drive as you suggested. Also recommended is SpywareBlaster which is a blocker rather than a cleaner. Make sure your system has a good Firewall installed - try ZoneAlarm which is free from Zonelabs.
I would hold off installing Norton Internet Security until you have recovered most of the functionality of your PC, unless your current Nortons is really obsolete.

When you get back to your computer boot in safe mode. If you are not sure how to do this there is a tutorial here:
Safe Mode

Update and run your Nortons and the anti-spyware programs and let them delete anything found. (You can run Hijack this if you wish but you are advised not to make any changes unless you have been instructed to by a qualified member of this site's HJT Team.)

After scanning in safe mode reboot normally and see if you can get internet access back again. Then let us know what your situation is.

Edited by Rimmer, 18 April 2005 - 07:50 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 Krooz

Krooz
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 19 April 2005 - 07:56 AM

Thanks Rimmer. Last night I ran SpyBot and the AdawareSE that I downloaded at work. The Adaware said it replaced what I already had on the computer but it still said it was 217 days old(?). Don't know how that could be since I just pulled it from the link at this site.

Anyway, both scans turned up issues. All that is gone now but ole Bman and Bman1 are still there. While running the scans it kept trying to connect to the internet but I had the coax unplugged. After scanning I still could not build a normal password required internet connection using XP.

I did not run the scans while in Safe Mode.... will that make a difference? I can try that tonight if it does. I also ran Hijackthis and have the log.... I'll post that in the right spot to see what y'all think that looks like.

Thanks!

Krooz

#4 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:04:08 PM

Posted 19 April 2005 - 09:46 AM

Yes running in safe mode will make a difference, but primarily if you have up to date pattern files for your anti-virus and anti-spyware. This is easy to achieve if you have internet access but not so easy without. To answer your question about Ad-Aware - yes you loaded the latest Anti-Spyware program onto your system but it came with an old reference file. You need to update the reference file to have the latest level of protection.

1. run what you have in safe mode as I suggested originally.

2. At a PC where you have internet access go to the Symantec website and look for a SARC intelligent updater for your version of Norton AntiVirus. Download that to your pen drive. When you connect it to your PC and run the SARC file it will update your Norton AV.

3. Have Ad-Aware running on a PC connected to the internet and update it. This will create the latest pattern file called defs.ref in the 'c:\windows\program files\lavasoft\ad-aware se personal' folder. Copy this file to your pen drive.
When you are at your PC go to the same folder and rename defs.ref there to defs.old then copy defs.ref from your pen drive into that folder. When you next run Ad-Aware it will have the latest references.

4. You should have Spybot S&D also on your system - I don't know how to manually update this so you will have to run it as is and then run it again to update it when you get internet access restored.

5.You should also get SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html
There is a SpywareBlaster tutorial here: http://www.bleepingcomputer.com/forums/Usi...ware-tut49.html
You will need to update that online as well.

6. Boot your PC in safe mode and run Norton AV, Ad-Aware, Spybot S&D, and SpywareBlaster.

The process of removing all the malware from your system is not necessarily a 'one flick and it's gone'. Each time you remove some spyware with the above programs will make it easier to progress the other steps.

If before you attempt these steps you get a response to your HJT Log post you should ignore these suggestions and focus only on the HJT response.

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#5 Krooz

Krooz
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 19 April 2005 - 12:23 PM

Thanks Rimmer. I downloaded just the reference update "Latest definition file: SE1R39 15.04.2005 ". I didn't want to run SE on my work computer .... they frown on loading any "unauthorized" software. I'll try it again tonight along with the spyblaster.

Krooz

#6 Krooz

Krooz
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 20 April 2005 - 07:09 AM

Well, I ran everything in safe mode last evening. Picked out more junk hidden in there. Actually went to back to Bman and Bman1 and tried to delete them again. It looked like it allowed me to delete this time... BUT - when I ran the HJT log file it picked up the Bman exe still in there. Haven't heard back yet from the posting of the HJT log. Getting anxious as I do my banking on line and I still can't connect to the internet. When I try to build a network connection I get these error messages:
"Cannot Load Phonebook. Error 1722: The RPC server is unavailable" and
"Cannot save password. Error 621:The system could not open the phone book file"

Any advice?

I'm toying with the idea of backing up some more of the items I don't want to lose, deleting it all or re-formating the hard drive and then reloading XP. I'm not sure how to startover after reformating though and can I format my c: and leave the f: alone?. This all sounds extreme and maybe I'm in over my head?

Thanks again for any input.....

Krooz

#7 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:04:08 PM

Posted 21 April 2005 - 03:16 AM

Reloading XP is an extreme step and you should regard that as a last option imho.

I'm not clear what you mean by "build a network connection" or what phonebook is and what it has to do with getting connected to the intenet?

From what you've said your original internet connection still exhists in your PC it is just being blocked/hijacked by Bman. You don't need to (can not) build a new network connection to connect to the internet on the same machine.

I think you are best to wait for the HJT response.

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#8 Krooz

Krooz
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 21 April 2005 - 11:52 AM

Rimmer, I have a HJT repsonse today and will try it tonight. Hopefully that does the trick.

The icon for the normal connection say it's disconnected - I cannot make it reconnect. That's why I was trying to use XPs Network Connection Wizard to see if I could make a new connection. I have had to do that in the past when the icon on the desktop up and quit working (first sign of trouble maybe). Anyway, those error messages I noted pop up while trying to work through the Wizard. Called my local provider and they didn't know what it meant either.

Any luck HJT will remedy the situation and this will all be gone shortly!

Thanks

Krooz

#9 Krooz

Krooz
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 22 April 2005 - 08:15 AM

Thanks Rimmer for all your advice. Thanks to "miekiemoes" and HJT for fixing the problem! Life is good!

Loaded Firefox this a.m. No more MSIE for me!

Krooz

:thumbsup: :flowers: :trumpet:

#10 computerclueless

computerclueless

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 01 May 2005 - 09:00 PM

Okay, I'm having the same problem but after reading this I still have absolutely no clue what to do! Yes, I'm a computer-know-nothing. I've asked my friends but, well, they're as clueless as I am. How can I get rid of BMan? The only thing I have is Spybot Search and Destroy. I really, really need help with this but I don't know what to do. Please, put it in layman's terms because if not, I'll be very, very confused. Oh, and does anyone how to get rid of tracking cookies called zedo and z1@adserver for good?
"I'm computer clueless. I seriously am. So clueless, in fact, when I first got my computer, I couldn't figure out how to turn it off for an hour. I mean, come on, how is someone like me going to look for the button to turn off the computer on the Start Menu?" - Personal Quote




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users