Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got the fake Zafi B too


  • Please log in to reply
3 replies to this topic

#1 ludocdoc

ludocdoc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 January 2009 - 09:28 PM

So My fiancee's laptop picked up the fake popup about the worm. I think she clicked the link to the website it wants you to go to, but didn't do more. The laptop now refuses to connect to the internet. So here's what I've done thus far.

Copied over spybot S+D, Malawarebytes and ran them in safe mode. I HAD been able to get to the net from safe mode, via an ethernet cable. Used that to update Malawarebytes, Spybot, and register Kaspersky. SHe had been running Norton, which I yanked. Spybot found the usual cookies and a few other things. Malawarebytes found and says it quarantined the files below. I reran Malawarebytes and it found nothing. Then ran kaspersky internet security and it found a laundy list of things it says its blocking. So I reboot into normal mode and eureka! no more popups. Then again, can't access the internet. Cant get on the wireles network (even though the computer says its connected to the internet), nor can I access the web through the wired network. The frequently implicated TDSSserv.sys is not in the windows/win32/drivers directory.

Here's the Mal. log:
Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP117\A0047228.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Documents and Settings\Beth A. Leeman\Application Data\Google\ptnptn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Beth A. Leeman\Application Data\Google\jxzub5410451.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Any ideas on next steps?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 January 2009 - 05:37 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 ludocdoc

ludocdoc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 14 January 2009 - 09:34 PM

It says everything is clean.

I think Malawarebytes removed the actual "virus". Now I just cant get the computer to access the internet. In safe mode, with a network cable plugged in, I can get on. No wireless. In a full boot, cant get on at all. The computer does connect to the wireless network, but no internet. I've unclicked just about everything from the boot list in msconfig, but still -- no internet with a regular boot. I can't see what's starting that blocks it, but something does between safe mode and this very limited regular boot.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 January 2009 - 10:06 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.

Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users