Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert! In Taskbar?


  • Please log in to reply
11 replies to this topic

#1 francisco13

francisco13

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 October 2008 - 04:54 PM

i think i'am infected with a virus can somebody help me?

BC AdBot (Login to Remove)

 


#2 TH0RN

TH0RN

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 03 October 2008 - 06:07 PM

What does it say?

#3 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 October 2008 - 06:13 PM

i get pop ups all the time and it says virus alert next to the clock
also i am missing some icons in my desktop
and my start menu is too.

#4 Noypi_to_its

Noypi_to_its

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 03 October 2008 - 06:16 PM

download MBAM... or use search... :thumbsup:

#5 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 October 2008 - 06:21 PM

ok downloaded and installed it

#6 Noypi_to_its

Noypi_to_its

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 03 October 2008 - 06:28 PM

make sure to update it and also download ATF or ccleaner to get rid of temp files. and do another scan using another anti-virus program like AVG, Spybot, Super Anti Spyware, or what-ever anti-virus program you have as long as its not Antivirus 2008, Vista Antivirus 2009 or Micro AV 2009 then it will do. :thumbsup:

#7 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 03 October 2008 - 06:49 PM

please try running both of these nasties-finding programs
superantispyware
http://www.bleepingcomputer.com/forums/ind...st&p=959604

and malawarebytes
http://www.bleepingcomputer.com/forums/ind...st&p=959453

and post back the reports for the Team to check out for you; one assumes you are on XP?

Also what is your installed antivirus program and when did you last fully update it and run a deep computer scan with it?

#8 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 October 2008 - 03:20 PM

okay got malwarebytes and downloaded SUPERAntiSypware
in malwarebytes i click update but it cant find the website to download from so it doesnt do anything.

edit: i have AVG Free 8.0 and i fully scanned it 2 days ago
yeah i have xp

Edited by francisco13, 07 October 2008 - 04:55 PM.


#9 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 October 2008 - 07:18 PM

i couldnt get it 2 update so i just scanned it :thumbsup:

Malwarebytes' Anti-Malware 1.28
Database version: 1203
Windows 5.1.2600 Service Pack 3

10/7/2008 5:11:12 PM
mbam-log-2008-10-07 (17-11-12).txt

Scan type: Quick Scan
Objects scanned: 54458
Time elapsed: 11 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 19
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBstqQK.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bce61ab3-c310-4227-a3aa-5d79775d140c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bce61ab3-c310-4227-a3aa-5d79775d140c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6bf4a190-76aa-41d7-a3f9-8e232a94d130} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebstqqk -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebstqqk -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0011903-00110) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geBstqQK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KQqtsBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KQqtsBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

#10 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 October 2008 - 09:33 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/07/2008 at 07:23 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:54:29

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 6293
Registry threats detected : 26
File items scanned : 146282
File threats detected : 5

Trojan.Net-MSV/VPS-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012D9FBA-5736-4E91-9798-3C92984D2832}
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\InprocServer32
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\InprocServer32#ThreadingModel
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\ProgID
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\Programmable
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\TypeLib
HKCR\CLSID\{012D9FBA-5736-4E91-9798-3C92984D2832}\VersionIndependentProgID
HKCR\QXK.Olive
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}\1.0
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}\1.0\0
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}\1.0\0\win32
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}\1.0\FLAGS
HKCR\TypeLib\{AD8CFF82-177E-48AA-B9CC-76D27F8D2796}\1.0\HELPDIR
C:\WINDOWS\NKEFBLTDBVE.DLL
HKCR\Interface\{846C8982-78B5-4D03-B832-8768AFA1A361}
HKCR\Interface\{846C8982-78B5-4D03-B832-8768AFA1A361}\ProxyStubClsid
HKCR\Interface\{846C8982-78B5-4D03-B832-8768AFA1A361}\ProxyStubClsid32
HKCR\Interface\{846C8982-78B5-4D03-B832-8768AFA1A361}\TypeLib
HKCR\Interface\{846C8982-78B5-4D03-B832-8768AFA1A361}\TypeLib#Version
HKCR\Interface\{8516B5E9-5421-4308-BF24-38B5CAB31281}
HKCR\Interface\{8516B5E9-5421-4308-BF24-38B5CAB31281}\ProxyStubClsid
HKCR\Interface\{8516B5E9-5421-4308-BF24-38B5CAB31281}\ProxyStubClsid32
HKCR\Interface\{8516B5E9-5421-4308-BF24-38B5CAB31281}\TypeLib
HKCR\Interface\{8516B5E9-5421-4308-BF24-38B5CAB31281}\TypeLib#Version

Trojan.Unclassified/GTS
C:\WINDOWS\DKWQGNBE.DLL

Trojan.Dropper/Gen
C:\WINDOWS\FKEBANRW.EXE

Adware.Vundo-Variant/J
C:\WINDOWS\NEKSOLDA.DLL
C:\WINDOWS\XGPSARBM.DLL

#11 francisco13

francisco13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 October 2008 - 09:42 PM

okay i think that did it thanks for the help :thumbsup:

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 AM

Posted 08 October 2008 - 03:29 PM

Please try to update the Malware bytes now. Run the scanner and post the new log thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users