Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need some help on viruses etc


  • Please log in to reply
24 replies to this topic

#1 orange65

orange65

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 02 December 2008 - 02:22 PM

Hi guys, I'm new to this forum and not great with computers! Yesterday I appear to have got a virus or something on my computer. I input the details in to Google and was taken to a forum where people said they'd run Spybot and it had sorted the problem although some people were saying Spybot says it's sorted but then messages re-appear after a day or two to indicate otherwise. I also ran AVG and Ad-Aware which all deleted items that shouldn’t be on the system (according to the programs). However on logging onto my computer today and completing another check there seems to be more malware etc which has been deleted. Because of my concern I've also downloaded Spyware Doctor and Super Anti-spyware (all free editions). Spyware Doctor has come back saying I have numerous things (which the others obviously haven't picked up on) – all of the items are not of big danger (according to Spyware Doctor) but there is one called Backdoor.Agent.ARK which it says is big danger. In order to use the clean up on Spyware Doctor I have to pay for the program. I haven’t got a problem with that but I’m concerned about inputting credit-card details to pay for the item (if the virus is going to forward those to sum baddies!)and am also concerned just in case the program may not even clear the problem up (based on AVG, Spybot and Ad-Aware’s results).
Your advice would be much appreciated.
Thanks.

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2008 - 02:39 PM

Hi,

Welcome here. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 02 December 2008 - 03:30 PM

Hi Superbird thanks for a speedy response to my nightmare. I've done what you told me to and here is the log.

Does this make any sense to you? Do I need to do anything more?

Thanks again.

Malwarebytes' Anti-Malware 1.30
Database version: 1449
Windows 5.1.2600 Service Pack 3

02/12/2008 20:11:59
mbam-log-2008-12-02 (20-11-59).txt

Scan type: Quick Scan
Objects scanned: 66528
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\LH2m356P.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2008 - 01:42 AM

Hi,

Now, do a full scan with MBAM, and post that logfile in your next reply. :thumbsup:

#5 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 03 December 2008 - 04:32 AM

Here's the results of the full scan - looks like good news?

Malwarebytes' Anti-Malware 1.30
Database version: 1449
Windows 5.1.2600 Service Pack 3

03/12/2008 09:20:35
mbam-log-2008-12-03 (09-20-35).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 160067
Time elapsed: 1 hour(s), 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 03 December 2008 - 07:25 AM

Hi Supebird, in addition to the above I have just completed a Spybot scan and the following items showed up which I've clicked on remove and according to Spybot all were removed:

- AdRevolver
- Adviva
- DoubleClick
- FastClick
- HitBox
- MediaPlex
- Right Media
- Statcounter

I'm going to complete another Malware check and will forward the details to you again - I've been working on the laptop for 3 hours since I completed the full scan above.

Cheers

Orange

#7 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 03 December 2008 - 07:35 AM

Superbird, here's the result of my quick scan on Malwarebytes - as you can see nothing as shown up:

Your opinion would be much appreciated.

Malwarebytes' Anti-Malware 1.30
Database version: 1454
Windows 5.1.2600 Service Pack 3

03/12/2008 12:33:22
mbam-log-2008-12-03 (12-33-22).txt

Scan type: Quick Scan
Objects scanned: 66152
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2008 - 09:54 AM

Hi,

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#9 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 03 December 2008 - 01:34 PM

Hi Superbird, I have completed the check and here is the result - I'm aware of the PC Pandora monitoring which I have previously put on the system:

I look forward to hearing from you.

Wednesday, December 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 03, 2008 10:22:18
Records in database: 1434527
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 93256
Threat name: 3
Infected objects: 35
Suspicious objects: 0
Duration of the scan: 02:33:52


File name / Threat name / Threats count
C:\WINDOWS\system32\setweb.dll/C:\WINDOWS\system32\setweb.dll Infected: not-a-virus:Monitor.Win32.PCPandora.e 27
C:\WINDOWS\system32\confeng.dll/C:\WINDOWS\system32\confeng.dll Infected: not-a-virus:Monitor.Win32.PCPandora.e 3
C:\Program Files\Online Services\BTYahoo\HPPre05.msi Infected: not-a-virus:Dialer.Win32.BT.g 1
C:\WINDOWS\system32\confeng.dll Infected: not-a-virus:Monitor.Win32.PCPandora.e 1
C:\WINDOWS\system32\dhcpweb.dll Infected: not-a-virus:Monitor.Win32.PCPandora.a 1
C:\WINDOWS\system32\msdisk.dll Infected: not-a-virus:Monitor.Win32.PCPandora.a 1
C:\WINDOWS\system32\setweb.dll Infected: not-a-virus:Monitor.Win32.PCPandora.e 1

The selected area was scanned.

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2008 - 01:39 PM

Download this file to your Desktop: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Start the setup_.exe-file and click "Next".
The tool will be unzipped now to his own folder on the Desktop, confirm this by pressing "Next" again.
Now, click "Scan" to start the quick scan.
When it's finished, the found malware will be showed to you, press "Delete".
Now click the button "Reports" in the main screen and save the logfile to your Desktop.
Post this logfile in your next reply (only the deleting-part)
After that you'll get this message: "Do you want to uninstall?", choose "Yes".
The tool will be deleted then.

#11 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 04 December 2008 - 04:51 AM

Hi Superbird, I've followed what you told me to do with regard to completing the Kaspersky Virus Removal Tool scan. It didn't give me an option to complete a quick scan so I just clicked on the button for a scan - this took about five hours. At the end of it, it said there were no viruses - I saved the results to the notepad, however when I try to open it, it doesn't respond. I have just started another scan to obtain the information although since you only need the deleting part of the report I suspect there won't be any information to provide to you.

What do you want me to do next?

I look forward to hearing from you.

Orange.

#12 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 04 December 2008 - 09:37 AM

Hey Superbird, I've just completed the Kapersky Virus Remover again and the report says there there was nothing detected.

Orange.

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2008 - 12:12 PM

Hi,

Please do this again then: http://www.bleepingcomputer.com/forums/ind...t&p=1029045

Post the logfile in your next reply. :thumbsup:

#14 orange65

orange65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 04 December 2008 - 12:17 PM

Hi, I did a second time earlier today and it said everything was clear again.

Do you mean for me to do it for a third time?

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2008 - 12:19 PM

Sorry, I'm a bit tired (had a long day) :thumbsup:

No I think you're clean now. Do you still have problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users