Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where Did My Post Go?


  • Please log in to reply
9 replies to this topic

#1 Elderly Dumb Blonde

Elderly Dumb Blonde

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 August 2008 - 10:35 AM

Hello oh learned ones.

I spent three hours today going through the Prep guide for this forum to try and help out my elderly neighbour. I finally did a hackthis log and wrote a long post with it in and I've come home and it seems to have not actually arrived here...

Before I go and get another log from her machine, perhaps if I explained the issues you might tell me whether it's worth going through the pain or just recommending she formats and reinstalls.... She's running xp Home 2001

She had been getting problems when using ie and searching - all sorts of porn and stuff kept popping up. Everytime she logged on a nag box talking about ashdsp.exe not working properly. Her regedit and task manager facilities were disabled (and hadn't been disabled by her). Managed to get into task manager by reseting regedit. There were suspicious processes running: mrofinu1001186.exe and 17phomes1001186.exe. Task manager kept getting disabled again. Deleted the processes were useless - they just popped up again eventually

So, I did the following as per the guide you give.

1) Cleaned out temp internet files and temp files

2) Attempted to scan her PC with Adaware but it wouldn't run (could that be because I downloaded it using my computer, burnt it to CD and then put it on her computer?)

3) Ran Spybot. Took about an hour. Found loads of stuff. I nipped back home for lunch whilst it was running and found it had rebooted the PC whilst I was eating. It seemed to finish OK after that.

4) Ran BitDefender. This found all sorts of wierd and wonderful stuff like trojan.dropper.peed.e, win32.worm.allaple.gen, trojan.delf inject.as etc. It also found mrofinu... and 17pholmes... tried to disinfect , failed, so tried to delete and failed. ashdsp.exe was successfully deleted and there's been no locking out of task manager since then. Also no dodgy porn popups. However, at the end of running BitDefender, it got down to 0 time left but then suddenly jumped to 72 hours left to run so I terminated it!

5) Ran McAfee Stinger which seemed to trundle along fine - found virut.remnants and virut.gen and mrofinu.... but then 'encountered a problem' and closed itself.

6) Tried to get latest windows security updates but couldn't because windows reckoned there were incompatibilities so gave up on that.

7) Ran the hijackthis tool. Wrote a long post, pasted the log to the bottom of it thought I'd posted it here but it seems I haven't!

After all that, ashdsp.exe no longer nags on loading up. Porn is no longer popping up when doing an internet search. But 17pholmes... and mrofinu... are still running.

My real question, I guess, is it is worth getting an new logfile for you all to look at or should I just suggest she buys a new PC? She's had this one for about 3 years.

Edited by Orange Blossom, 17 August 2008 - 01:24 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 17 August 2008 - 01:46 PM

Try installing and running this on that machine.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Elderly Dumb Blonde

Elderly Dumb Blonde
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 August 2008 - 11:51 AM

Thank you - I shall go and try that this evening and report back.

#4 Elderly Dumb Blonde

Elderly Dumb Blonde
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 August 2008 - 01:39 PM

Well, I did the download of the Malwarebytes thing, saved it to the desktop and started the install.

The install failed with the following:

c:\program files\malwarebyte.....\mbamext.dll

unable to register the DLL/OBL
create process failed; code 2

chose to ignore just to see what happened and then it failed with the same error for ssubtmr6.dll

I think I've just about given up...

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 PM

Posted 18 August 2008 - 02:17 PM

What version did you download?

If you encounter the error message:
"C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll unable to register the dll/ocx: RegSvr32 failed with exit code 0x5"
just click on ignore mbamext.dll.

If that does not resolve the problem, uninstall MBAM, reboot the system, and reinstall the latest version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Elderly Dumb Blonde

Elderly Dumb Blonde
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 August 2008 - 02:32 PM

I downloaded the version that boopme had as a link on their answer.

The error code wasn't the one you suggested, it was

create process failed; code 2

When I clicked the ignore, the same error came up on ssubtmr6.dll. I ignored that as well and then when install finished, there was a runtime error. It just didn't want to play ball.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 PM

Posted 18 August 2008 - 02:46 PM

Sorry, I misread the error code number while checking my notes. Report this error at the
Malwarebytes Anti-Malware Support Forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Elderly Dumb Blonde

Elderly Dumb Blonde
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 August 2008 - 04:20 PM

Thanks Quietman - I have reported the fault at the place you suggested

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 PM

Posted 18 August 2008 - 04:39 PM

Ok. The team over there are usually quick to respond and fix reported bugs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 PM

Posted 18 August 2008 - 04:42 PM

While you are waiting, you can do this.

Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.
Note: If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, you will need to fix the policy restrictions created by this infection. Open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users