Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows Detected Spyware Infection" still exist in my computer! Please help me! :'(


  • Please log in to reply
5 replies to this topic

#1 rianaibrahim

rianaibrahim

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 19 October 2008 - 06:37 AM

Hi all,

It seems that I have spyware or something like that in my computer. I have read and follow let-say-about 6-7 instructions in this forum but I'm still having trouble getting rid of it.
at first my computer keep popping up the baloon text with the red circle and white cross like this:

"Windows has detected a spyware infection.
It is recommended to use special antispyware tools to prevent
data loss. Windows will now download and install the
most up-to-date soft ware for you.
Click here to protect your computer from spyware"

then the worst thing happened at last is, NOW I CAN'T CONNECT TO THE INTERNET USING MY COMPUTER!

please help me,

i have followed the instruction in

http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/

and

http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/

even%20in%20this%20topic:

%5burl=http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/" target="_blank">http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

but it couldn't work :thumbsup: :) :) :)

here i attached my hijackthis log and smitfraud log

thank u very much

i'm badly need your help................

Attached Files


Edited by rianaibrahim, 19 October 2008 - 07:06 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:11 AM

Posted 19 October 2008 - 09:02 AM

Hello rianaibrahim

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 rianaibrahim

rianaibrahim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 19 October 2008 - 10:23 AM

hi kahdah,

thank u so much for your respond.

here i attached log.txt and info.txt

waiting for your further advise

:thumbsup: :) :)

Attached Files

  • Attached File  log.txt   40.53KB   14 downloads
  • Attached File  info.txt   10.79KB   28 downloads


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:11 AM

Posted 19 October 2008 - 10:30 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :files
    D:\WINDOWS\system32\wini10801.exe
    D:\WINDOWS\system32\tmp.txt
    D:\WINDOWS\system32\qahu.bat
    D:\WINDOWS\luqopofep.bat
    D:\Program Files\Common Files\afut.dll
    D:\Documents and Settings\ibera\Application Data\aqycakemof.exe
    D:\Program Files\XP_AntiSpyware
    D:\WINDOWS\brastk.exe
    D:\WINDOWS\system32\delself.bat
    
    :commands
    [emptytemp]
    [start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Ot Move it log
  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 rianaibrahim

rianaibrahim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 19 October 2008 - 11:29 AM

dear kahdah,

i have followed your instruction. unfortunately, i can't update the malwarebytes because the internet connection in my computer didn't work (as i said in my first post). but it seems that the program still can work well.

here i attached the logs

thanks

:thumbsup:

Attached Files


Edited by rianaibrahim, 19 October 2008 - 11:42 AM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:11 AM

Posted 19 October 2008 - 01:16 PM

Hi see if you can right click on your internet connections and choose repair.
See this page for detailed instructions on doing that:
http://www.microsoft.com/windowsxp/using/n...ain/repair.mspx
====================
Then Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users