Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Insecure Internet Activity. Threat Of Virus Attack. Corrupted computer


  • Please log in to reply
18 replies to this topic

#1 Frustrated and Tired

Frustrated and Tired

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 10 December 2008 - 02:24 AM

Hi. I'm new to the site. In need of help. While on the internet today, my computer froze up and seemed to restart itself on its own. When I logged in later, got window that took me to what I'm sure is bogus virus software program. When I go to the internet (Internet Explorer), keep getting a page take over stating "Insecure internet activity. Threat of virus attack." There are links to take you to the virus software program. Check my AVG free version 8.0 and all seemed to be fine. Haven't been running regular scans however.

Googled around for fix and downloaded Super AntiSpyware. Ran a full scan, which found 85 or so threats, quarantined then removed them. Went to internet but still same message and small window pops up every 5 or so minutes. Closed internet browsers and deleted cookies, temp internet files, etc from the control panel.

Looked some more and found May 28, 2008 post on this site from Daryl in Despair, with topic title "Insecure Internet Activity. Threat Of Virus Attack., Computer corrupt." Sounds like my problem.

If someone could help me get my computer back, I would be extremely grateful. I tried inserting an image of screenshots below. Hope I did that right.

Posted Image

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:49 PM

Posted 10 December 2008 - 08:36 AM

Make sure you have the latest updates for Super Antispyware before running another scan after rebooting into "safe mode".

Use MBAM if SAS has not removed the malware. It is possible that neither program will find and remove the malware. The reason is that the malware is constantly changing to hide from the security programs and the security programs are always playing catch up. Both SAS and MBAM update daily or more often.

Link below has instructions for using MBAM.
http://www.bleepingcomputer.com/forums/ind...st&p=944365

Post back with the logs from the programs and for further instruction.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 11 December 2008 - 10:29 PM

thanks for your response, buddy. sorry bear with me, you got me already what's "rebooting into "safe mode""?

#4 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 11 December 2008 - 10:41 PM

never mind..i got it. i'll try now

#5 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 12 December 2008 - 12:56 AM

I'm extremely tired and not a techie by any means, so please forgive my ignorance....but how do i got about retrieving the logs you speak of to post back?

Btw, here are my rambling notes that i've been taking so far this evening. they may seem a bit choppy because i had printscreens strewn throughout but figured i'd wait til i got an asnwer before going to the trouble of inserting any of those here. can you tell i'm punchy?

waiting patiently for your response about the logs. many thanks
-------------------------------------------

12/11/08 booted up, malware pop-up, clicked it off, opened internet explorer, googled hotmail, malware pop-up, clicked it off, then AVG message

AVG virus vault

Selected all viruses and deleted them.

Closed AVG, closed IE reopened, started again from the top

Deleted them from virus vault, changed Resident Shield settings to scan for tracking cookies and saved changes. Went to hotmail andÖ

Resident Shield Alert about tracking cookie threats found
Remove threats
Some files cannot be healed, specified file was not found

Again pop-up

Checked for updates for SAS

Opened new IE browser, got another alert from AVG about viruses, deleted the following from the virus vault...

...Resident shield alert, moved to vault
Two tracking cookie threats

First one was in vault which I deleted (the double click one), but second one was not in there.

Am going to reboot in safe mode and run a scan with SAS.

After about 1.5 hours of complete scan, which detected 8 threats I believe, I checked the items to be quarantined and then, boom, got one of those system error messages for SAS, said it needed to close, send a report or donít send a report. Damn I canít remember what I clicked, maybe donít send. When i went to quarantine it looked like the items had made it in there, so I deleted them.

Shut down and rebooted in normal mode but again the pop-up, and take over of IE, opened browser twice and each time pop-up and some more stuff from AVG to be deleted. A goddam never-ending cycle!

#6 buddy215

buddy215

  • Moderator
  • 13,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:49 PM

Posted 14 December 2008 - 02:10 PM

SAS INSTRUCTIONS:
update the definitions before scanning by selecting "Check for Updates".
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.

POST LOG FROM MBAM
# When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
# Click OK to close the message box and continue with the removal process.
# Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
# Make sure that everything is checked, and click Remove Selected.
# When removal is completed, a log report will open in Notepad.
# The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
# Copy and paste the contents of that report in your next reply and exit MBAM.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 djangoo

djangoo

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 December 2008 - 02:50 PM

Sorry for budging in here, but I have to say that the same exact thing happened to me last night. I believe I got rid of it by doing a system restore as this virus or whatever put malware crap in a Google folder in Applications Data and I could not delete them, but system restore seems to have taken care of them.

That's what I did and that crap ain't happening now. Plus I've added Firefox as another browser now.

#8 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 14 December 2008 - 07:35 PM

thanks buddy. tomorrow i'll print this out and follow your detailed instructions.

although obviously it's still on my computer, it's actually gotten better. now there is no take-over message when I open IE browser, it goes straight to my default home page and no annoying pop-ups. my avg keeps finding tracking cookies and other bad stuff that i've been thowing into the virus vault and deleting.

funny thing is back when the take-overs and pop-ups were occurring, other than those being annoying i had absolutely no trouble with applicatons or websites except one - myspace. the virus seemed to want to keep me off myspace. when at its worst, i was accessing or trying to access myspace often. but if i even made it onto the site, things were screwy, every 1 to 5 minutes i was kicked off or my whole computer mysteriously rebooted. other websites though, no problem. since i've stayed away from myspace, things - like i said - have been getting better. well at least no pop-ups and takeovers.

ever heard of this before. i've got my own theories, but would like to hear from an expert.

also, thanks, djangoo. buddy, is the system restore something you would advise?

i could be totally off base here...and i can't recall exactly what made me think this - something i was looking at in avg i think - but i believe my computer was infected way back on 11/20/08. i assume i'd need to back-up all my files before doing a system restore to ensure i had the most recent version of files modified between then and now saved, right?

#9 buddy215

buddy215

  • Moderator
  • 13,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:49 PM

Posted 14 December 2008 - 08:00 PM

If you update and run scans with SAS and MBAM I am sure that will solve your problem.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit

After you have removed the cookies already installed on your comp with AVG, you will never see them again in IE.

Why take a chance on system restore at this late date? It can cause problems when you go back that far.

So the malware acted up when you went to MySpace. It probably recognized a lot of its mates. MySpace is noted for having
a lot of malware. That is true with a lot of the most popular sites. Never click on any ads there. If you get a popup while visiting don't click on the ad to close it. Find the cause of the ad in your task manager and close it there.

Edited by buddy215, 14 December 2008 - 08:09 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 18 December 2008 - 09:01 PM

Sorry I've been away for so long. I appreciate your responses. Just printed your instructions now at work and plan to go home and try them out. Will let you know.

Thanks!

#11 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 18 December 2008 - 11:47 PM

Hi Buddy,

Well, twice now I have tried scanning with SAS and both times, about 30 minutes into the scan, my computer mysteriously shuts down. I followed the SAS instructions through choosing Perform Complete Scan, and clicking next...and like I said, about 30 minutes into the scans, both times my laptop just shut down. :thumbsup: I checked that i was running on full power, which I was, so I know it didn't go into sleep mode or anything due to low battery.

Below is the log from the last SAS scan I performed, on December 11. That scan was done in safe mode, included my C drive and a D drive I have of extra space, and I had checked for latest updates, however I hadn't changed configurations, etc at that point (the stuff included in your SAS Instructions).

I decided to perform your instructions about blocking the Ad/tracking cookies from installing on my computer. Of course I know since I haven't removed anything yet it doesn't prevent the old stuff from coming up. As soon as I got on IE, I got a bunch of AVG threat and cookie detections, moved them to the vault as usual, ut when I opened the vault to delete them they weren't there.

I suppose the next step is to try MBAM, since I'm having no luck running a SAS scan again. I won't have time tonight but will get to it tomorrow probably.




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/11/2008 at 09:12 PM

Application Version : 4.23.1006

Core Rules Database Version : 3672
Trace Rules Database Version: 1651

Scan type : Complete Scan
Total Scan Time : 01:22:21

Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 5505
Registry threats detected : 1
File items scanned : 20684
File threats detected : 9

Adware.IWantSearchBar
HKU\S-1-5-21-1365774084-3722249133-1464735135-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP253\A0101207.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Kimberly\Cookies\kimberly@kontera[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@ad.yieldmanager[2].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@doubleclick[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@atdmt[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@chitika[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@msnportal.112.2o7[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@advertising[1].txt
C:\Documents and Settings\Kimberly\Cookies\kimberly@adopt.euroclick[2].txt

#12 buddy215

buddy215

  • Moderator
  • 13,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:49 PM

Posted 19 December 2008 - 06:57 AM

The more you are using the computer online, the more malware will be installed until you get rid of the malware that you first had.

Try this fix for the SAS. uncheck the Kernel Direct and Direct Disk Access options under the scanning control tab of SUPERAntiSpyware's Preferences.

Before running another SAS scan, run the MBAM scan after updating.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 December 2008 - 05:15 PM

ok i ran the mbam scan. here's the log. checked that those sas settings were unchecked and will run the sas scan now. thanks

Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 5.1.2600 Service Pack 3

12/20/2008 2:12:43 PM
mbam-log-2008-12-20 (14-12-43).txt

Scan type: Quick Scan
Objects scanned: 60062
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 buddy215

buddy215

  • Moderator
  • 13,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:49 PM

Posted 20 December 2008 - 05:33 PM

If SAS still has a problem while scanning, I suggest you uninstall it after exiting the program. Use the Add/Remove program to uninstall. Reboot and reinstall SAS. After reinstall update in regular mode and run a scan in safe mode.

Post back with the SAS log and for final cleanup instructions. Let us know how the computer is doing.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Frustrated and Tired

Frustrated and Tired
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 December 2008 - 06:25 PM

You anticipated my next question. The shut down did occur again about half hour into the SAS scan. I'll uninstall and reinstall as you suggest.

Except for the couple times I've accessed this forum today, I've avoided the internet. I'm lazy and go to my hotmail first though to access the link to the thread. Usually I get the AVG tracking cookie/threat/etc messages the first click into hotmail. But so far today i haven't gotten any. First hotmail access was before the mbam scan, and the second was after.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users