Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another RAPID Anti-Virus infection


  • Please log in to reply
15 replies to this topic

#1 ltdave

ltdave

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 November 2008 - 04:26 PM

my wifes laptop has the Rapid Anti-Virus infection complete with the porn site shortcuts on the desktop...

im not the sharpest crayon in the box but i can usually follow directions if one the whiz kids here is ready to lend a hand...

she has the media center version of XP for an OS and ive had her use firefox to browse but alas, she got stuck somehow...

it all started with the windows security alert looking icon on the system tray (?) flashing with the bubble say the computer was infected. once or twice we got the blue screen saying that there was an unregistered version of RapidAntiVirus on the system blah blah blah...

thanks in advance...

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:28 AM

Posted 28 November 2008 - 06:27 PM

See http://www.bleepingcomputer.com/malware-re...-rapidantivirus

Louis

#3 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 November 2008 - 08:27 PM

thanks!

ill give it a whirl and let you know how it works out...

#4 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 November 2008 - 06:23 PM

got to love this twist...

i turn on my wifes laptop and attempt to log in here. both firefox and ie can not find the site...

i google malwarebytes and find several sites with it, primarily malwarebytes.org and both firefox and ie can not access it either. i get redirects to some other 'anti virus program' page...

i just got this too when i tried to follow a google link to malwarebytes.org...

Warning: implode() [function.implode]: Invalid arguments passed in /core/ls_conv/mountaingirlfriend.info/inc/cls_fast_template.php on line 221
ERROR: get_template() failure: [./templates/row_result_xml.html]

does her computer require a complete reload of xp?

ADDED: i got a copy of malwarebytes anti-malware 1.30 from cnet and saved it but it wont run when i attempt to install it...

Edited by ltdave, 29 November 2008 - 06:38 PM.


#5 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 01 December 2008 - 07:28 PM

okay, i cant get any REAL anti-virus software downloaded because i cant go to any REAL anti-virus download sites...

any thoughts on how to proceed?

#6 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 05 December 2008 - 06:16 PM

okay...

i managed to get the malwarebytes program downloaded but it wouldnt run from the windows desktop of the laptop...

i downloaded it on my pc and saved it on a flash drive. i cant get the laptop to run it from the flash drive either...

any suggestions out there?

here is a HJT log and a Kaspersky report from my pc. i havent tried anything on the laptop yet:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:29 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

{HJT LOG REMOVED}

Friday, December 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 05, 2008 17:18:49
Records in database: 1438933
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 63819
Threat name 3
Infected objects 6
Suspicious objects 0

Duration of the scan 01:57:59

File name Threat name Threats count
C:\Documents and Settings\Dell Dimension 8200\My Documents\My Pictures\Windows XP Home & Pro Cracks (Key Generator & Activation Crack).zip Infected: Trojan.BAT.Small.ai 2
C:\WINDOWS\Temp\rdl90.tmp Infected: Trojan-Downloader.Win32.Delf.puu 1
C:\Windows XP Home & Pro Cracks (Key Generator & Activation Crack).zip Infected: Trojan.BAT.Small.ai 2
G:\autorun.inf Infected: Worm.Win32.AutoRun.sjn 1
The selected area was scanned.

Edited by boopme, 09 December 2008 - 09:32 PM.
Mod Edit: HJT Log removed~~boopme


#7 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 08 December 2008 - 11:32 PM

FINALLY got malwarebytes to download to my wifes computer and actually run the set up. got the nice icon on the desktop and in the "new programs added" under the start button but it wont run...

ive removed it and re-downloaded and re-installed it and it still wont run on her computer...

i still cant go to any anti-virus website like superantispyware.com and i cant get online here either. i can do most websites like yahoo, google, my gun forums etc but no computer help sites...

it wont let me update AVG so i removed it for now and it wont let me update ad-aware either but will run. well see what it comes up with...

i had one non-critical item after running ad-aware but it didnt do anything to allow me to run malwarebytes...

im trying to reload avg free to see if it will scan and find anything. well so far, nothing with the latest download (8.0) of avg but its not got the latest updates and the computer will not go to their website to get the latest definitions...

is a complete reload my last resort?

#8 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:12:28 PM

Posted 08 December 2008 - 11:51 PM

Quick! before the mods see the HJT:

MBAM won't run @ BC w/link to MBAM support incl. screenshots

you have Zlob Trojan. This should get MBAM up to at least hurt it. Good Luck!!

#9 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 07:09 PM

the lastest...

ive got MBAM downloaded to my wifes laptop but not installed. i can NOT get it to install. likewise i can not get ATF Cleaner or SAS to even download (i cant get to BC from her computer nor can i get the programs from cnet.com)...

do i need to restart in safe mode to install MBAM? and then run it in full scan (vs. quick scan)?

i cant do anything with her computer...

im asking this on my one and only un-infected computer MY laptop. my desktop is going thru a SAS scan. i hope i can get it to stop clicking the A: drive with this scan...

#10 Mr-Bee19

Mr-Bee19

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 07:16 PM

Are you doing all of this in Normal mode or Safe mode?

#11 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 08:44 PM

i was trying it all in normal mode...

i dont know how to do any of this stuff unless im told what to do or when...


anyway, i ran SAS in safe mode and now all of my websites are jacked up and this is what my home page (comcast.net) looks like:

Posted Image


and i cant log into my yahoo mail account either. its says Ooops. Yahoo! Mail can't load due to a client side error...

Edited by ltdave, 09 December 2008 - 08:47 PM.


#12 Mr-Bee19

Mr-Bee19

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 09:15 PM

You need to run your scans in safe mode. Running windows in safe mode loads only the files necessary to run Windows. If you are infected with any such virus, spyware that is a running process, it will not run.

Restart your computer and keep tapping the F8 key. When asked what to boot, boot up "Safe mode with Networking" that way it will load your appropriate network drivers for you to access the web and get updates.

First, download this free anti spyware program called Ad-Aware. It is a really good freeware program that removes spyware. Download it directly form Here

Download and install the latest updates then run a full system scan. It will take about 15 mins or so. When the scan is complete, remove anything that it finds. Maybe take a screen shot for me too like you did last post.

Restart your computer. Boot into safe mode with networking again. Open up your AVG anti virus and download/update the latest definitions then run a full system scan as well. Take a screen shot and post it, and remove/quarantine anything and everything that it finds. Restart your computer in Normal mode and lets take a look from there.

Edited by Mr-Bee19, 09 December 2008 - 09:17 PM.


#13 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 09:25 PM

yeah i ran my scan in safe mode...

i deleted the things SuperAntiSpyware said to delete (and my A: dpesnt seem to be trying to run anymore) but now this website among others is all screwed up. it only has a bunch of words on an open white page and Comcast.net doesnt load properly either...

maybe a system restore now to a time prior to all of this mess?

#14 Mr-Bee19

Mr-Bee19

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 10:24 PM

Usually a system restore won't work.

Truth be told, once you get infected, the question you have to ask yourself is how can you trust your computer anymore knowing that every little piece of malware/spyware may not be removed. Especially if you are doing such things as online banking.

The best thing to do is to back up all your data you want (ie. music, pics), and just reformat your PC. Spend a couple of hours reinstalling windows and then placing everything back on your system.

Ensure when you are done you install your antivirus and keep it up to date. As well as a good antispyware program. A good free one is Lavasoft's Ad Aware (Remember to update your definitions prior to scanning), and install ALL possible windows updates (Ie. SP3, IE7, and every critical update until Microsoft says no more priority).

Thats my tip!

#15 ltdave

ltdave
  • Topic Starter

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 December 2008 - 10:45 PM

i got comcast.net to work properly again...

it used to be comcast.net/a/ now its comcast.net/b/ or the actual numerical url...

not all pages are working properly yet but i guess theyll come around...

yeah, i run Ad-Aware, AVG with the daily updates, Spybot search and destroy and ive got another id have to look at to recall what its called...

i dont use IE for anything so im definitely not going to download 7 for it. i think my computer still has 4 or maybe 5 on it because ive never gotten around to getting rid of it...

thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users