Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Virus


  • Please log in to reply
8 replies to this topic

#1 Lucygotit

Lucygotit

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 December 2008 - 06:35 AM

Hello Everyone,

This is my first post here.

I had a pop up Intervalhehehe in which I have managed to get rid of however I now can't access my Internet Explorer as aMicrosoft Security page comes up asking for me to download their spyware.

I haven't clicked on it.

I have downloaded and run combofix and restarted computer but still can't access it.

I have kept a record of the log if that will help anyone.

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 10 December 2008 - 03:57 PM

I have downloaded and run combofix and restarted computer but still can't access it.

I have kept a record of the log if that will help anyone.

Please be aware

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.


maybe try this scan?


Please download Malwarebytes Anti-Malware and save it to your Desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.

    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

please let us see THAT report for someone to check for you :thumbsup:

#3 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:27 AM

Posted 11 December 2008 - 06:05 AM

One of the things this particular malware does is change your host file to redirect sites.
You can delete the changes it has made. One way to do that is by installing WinPatrol.
Once it is installed click on options and you will see a button for viewing your host file.
You will likely see entries such as the ones below. Delete all of them.

The reason I suggest using WinPatrol is because you will see in options a box you can check to lock the host file. Look around in WinPatrol and you will see it has many other uses. It uses very little resources and will give warnings when changes are being made to startup or registry. You can also control what programs, etc. are allowed in startup and even has an option to delay some programs at startup.
http://www.winpatrol.com/

If for some reason you would rather not install WinPatrol, you can do this. Go to C:\Windows\system32\drivers\etc\, and find a file called hosts. Open this file in notepad, and delete everything under "127.0.0.1 localhost". Save this file, and restart your computer.
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.msasern.com
O1 - Hosts: 61.157.217.210 www.antispy.com

Edited by buddy215, 11 December 2008 - 06:09 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Lucygotit

Lucygotit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 11 December 2008 - 06:21 PM

I have downloaded and run combofix and restarted computer but still can't access it.

I have kept a record of the log if that will help anyone.

Please be aware

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.


maybe try this scan?


Please download Malwarebytes Anti-Malware and save it to your Desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.

    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

please let us see THAT report for someone to check for you :thumbsup:








This is what the report said:

Malwarebytes' Anti-Malware 1.31
Database version: 1491
Windows 5.1.2600 Service Pack 2

11/12/2008 23:17:08
mbam-log-2008-12-11 (23-17-08).txt

Scan type: Quick Scan
Objects scanned: 66328
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Any ideas what to do now please???

Edited by Lucygotit, 11 December 2008 - 06:22 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:27 AM

Posted 11 December 2008 - 06:45 PM

Did you miss my other post? Post #3?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Lucygotit

Lucygotit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 11 December 2008 - 07:22 PM

Did you miss my other post? Post #3?



Hi,

I have downloaded Winpatrol, but on looking at my Host file I can't see the local host at all!! How do I get this back. All the hosts are as you put in post 3 except without the local host

Argh, this is getting so annoying

#7 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:27 AM

Posted 11 December 2008 - 07:31 PM

What is so confusing? Just delete everything below 127.0.0.1 localhost.
You can wipe the entire slate clean if you want. Once you have deleted them, you will be able to surf the net.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Lucygotit

Lucygotit
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 12 December 2008 - 03:50 AM

Doesn't it matter if I don't have local host there then??
Sorry I'm not very computer literate

#9 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:27 AM

Posted 12 December 2008 - 05:10 AM

That is correct.
Once you have deleted all of the addresses, and are back on line, you can install a new list in your host file if you want to
or not.
For more info and a replacement of your host file, see info in link below.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

I have Spyware Blaster on my computer and it blocks thousands of bad Active X and bad sites,etc. I suggest you install that.
It uses little or no computer resources and you just update it twice a month.
http://www.javacoolsoftware.com/spywareblaster.html

Use Ccleaner to remove temporary files, logs, etc. During install you will be offered the Yahoo Toolbar. UNcheck if not wanted.
http://www.ccleaner.com/

Some of your restore points are infected and if you ever have a need to use them they could reinfect your computer.
The only way to get rid of them is to delete all restore points. Tutorials on how to do that are in the links below.
Vista---http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/
XP-----http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Allow Secunia's online scanner to scan your programs for missing security update. Very important.
http://secunia.com/vulnerability_scanning/online/

The most secure browser is Firefox 3 with the NoScript addon. NoScript will prevent "driveby" installs of malware and many more. Just yesterday an advisory was issued concerning IE. It was advised not to use IE until it is patched for a recent released zero day vulnerability. http://www.bleepingcomputer.com/forums/ind...view=getnewpost

Edited by buddy215, 12 December 2008 - 05:13 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users