Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected! I've tried everything from this forum!


  • Please log in to reply
8 replies to this topic

#1 travel_femme

travel_femme

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 25 October 2008 - 05:29 PM

Hi,

I have been reading this forum and reviewing other posts since last night when I discovered my pc was infected with the anti-spywarexp 2009 virus.

I was finally able to install the anti-malware and ran it. I have run a scan with this now 3 times, the last time it came up with nothing further detected.

I could still tell that there is something wrong with my pc. I downloaded Super anti-spyware. Went into safe mode and ran a full scan. This came up the the spywarexp again.

Last night after running the anti-malware I also used the windowsupdate advised by this forum, also updated a few other things with microsoft.

However everytime I reboot the computer the little yellow icon is still in the bottom corner of my screen telling me there are microsoft updates. On my shutdown menu that MS icon is also there. I have updated 4 times today and it shows on my update log with MS. It looks like the same update all 4 times.

I fear that there is still something(s) plaguing my computer.

What else can I do? This has been about 12 hours of hell, reading posts here and trying everything possible. I'm also not very tech saavy so some of the things I have been reading are going over my head. :thumbsup:

Thanks!

BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:49 AM

Posted 25 October 2008 - 07:20 PM

I would still post a HJT log unless you're absolutely positive you're virus-free:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
To fix your update problem, run Dial-a-fix:
http://www.bleepingcomputer.com/forums/t/160132/how-to-use-dial-a-fix-to-repair-windows-internals-problems/
Be sure to tick the box that says Fix Windows Updates
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 travel_femme

travel_femme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 25 October 2008 - 10:23 PM

Hi Mark,

Thank you for the suggestions!

I started following the instructions from the HJT thread. I had changed my email setting, ran "cleanmgr" and downloaded Ad-Aware. I have now tried to run the full scan 3 times and each time it is getting stuck. It is not always in the exact same place when it freezes but always around the same area that it's scanning. It completely freezes so that clicking on Stop Scan does not work. I have to click the X to get out of the program. Then it will not restart the scan unless I reboot.

I have also uninstalled it and then reinstalled it a second time and now this is the 3rd time trying to run the full scan and it has frozen again.

On the Ad-ware scanning screen this is where it keeps getting stuck. (I apologize, I don't know how to capture the actual picture of the scan screen)

Current Section: Deep scanning registry
Current Path: CLSID\{FC7D9E06-3F9E-11d3-930-00C04F72DAF7}\
Current Object: InprocServer32

Scan Details

Selected scan mode: Full Scan
Definitions File: 0081.0000
Total objects scanned: 1838
Total infections detected: 0
Objects ignored: 0
Scan time: 00:21:48 <--- this of course keeps ticking longer, it's been frozen for almost 20 minutes now.


What can you suggest? Clearly the viruses are still causing havoc with my pc.

I haven't even tried the second link you provided yet as this virus scan has got me pullling my hair out!

Please help!

Thank you!
Anna

#4 travel_femme

travel_femme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 October 2008 - 11:26 AM

Hi,

I wanted to give an update to my last post.

I tried to run the "Full Scan" on Ad-Aware again but this still froze up as described last night. I ran the Smart Scan and this worked.

It found some things but nothing labeled as the anti-spywarexp again.

I can't figure out how to capture the Ad-Aware screen to post here but the result of the Smart Scan are that it found 42 Tracking cookies , removed 12. Found 3 MRU objects, removed 3.

I then proceeded to try the Dial-a-fix to get rid of this update problem. (I was not able to shut down my computer last night as it kept trying to install updates and would not complete and shutdown. I finally had to pull the battery from my lap top.)

I followed the instructions of Dial-a fix and then it also stopped, with an error pop-up -

Error 1114 was encountered while calling LoadLibrary(C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll)
The error text is: A dynamic link library (DLL) initialization routine failed.

Can anyone help me? Or is this hopeless and I must have my computer reformatted?

Thanks!
Anna

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:49 AM

Posted 26 October 2008 - 12:22 PM

I am not a big fan of Adaware that much I truly believe your best bet is a HJT log.
We can try Mbam:


Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Edited by garmanma, 26 October 2008 - 12:22 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 travel_femme

travel_femme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 October 2008 - 01:01 PM

Hi,

This is the follow up from this thread - (Am I infected? What do I do?)

http://www.bleepingcomputer.com/forums/t/176364/still-infected-ive-tried-everything-from-this-forum/

Although I had originally installed Malwarebytes when I first discovered the anti-spywarexp 2009 on my computer on Friday and thought I had removed all the problems there is still something wrong. Yesterday I ran it a few more times and it has come up clean. However I think there is still something wrong with my computer.

I am not able to run a full scan on Ad-Aware unless I am in safe mode. I was also not able to run Dial-a-fix. See previous thread for error message.

Here is my most recent log from Malwarebytes -

Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3

10/26/2008 10:48:38 AM
mbam-log-2008-10-26 (10-48-38).txt

Scan type: Quick Scan
Objects scanned: 56210
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I still have the yellow icon prompting me to update, it is also there when I try to shut down. As per my MS update logs I have updated this same thing 4 times now. Last night it would not even allow me to shut-down as it kept trying to update and wouldn't.

This is why I think there is still something wrong with my computer.

Please help! I'm about to throw my computer out the window! :thumbsup:

Thanks!
Anna

#7 travel_femme

travel_femme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 October 2008 - 01:07 PM

I was finally able to install the anti-malware and ran it. I have run a scan with this now 3 times, the last time it came up with nothing further detected.

I could still tell that there is something wrong with my pc. I downloaded Super anti-spyware. Went into safe mode and ran a full scan. This came up the the spywarexp again.



I just wanted to advise that I have run anti-malware again and submitted my log in the HJT forum. It is still saying that nothing has been detected. I think there is still something wrong with my pc. Is it another type of virus that anti-malware does not look for?

Please let me know if I should be adding it to this thread instead.

Thanks!
Anna

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:49 AM

Posted 26 October 2008 - 01:14 PM

Hello travel_femme,

I've merged your topic in the HiJack This forum to your thread here in the Am I Infected forum because the log was a MalwareBytes log.

If you wish to create a topic in the HiJack This forum, please follow these instructions:

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows:

Logfile of Trend Micro HijackThis v2.0.2

Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please be sure to include a link to this topic in your new topic.

If you have a question or encounter a problem in the Prep Guide, please post back to this topic.

When your HJT log is posted in the HiJack This forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Good luck with everything,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 travel_femme

travel_femme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 26 October 2008 - 06:12 PM

Hi,

I have followed all the steps to the HJT prep guide and posted in the HJT forum with my log.

http://www.bleepingcomputer.com/forums/t/176576/hjt-log-is-there-still-something-there/

Please, please, please can someone tell me what the heck is wrong with my pc?? :thumbsup:

The update icon still will not go away after all the scans, etc from the HJT guide.

I need my computer for work tomorrow. Acck!

Thanks!
Anna




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users