Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop-ups


  • Please log in to reply
13 replies to this topic

#1 lexwannabe

lexwannabe

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 January 2009 - 10:51 PM

I was on my laptop one day, and I accidently clicked on my mouse with my body.I don't know what it clicked on and it went down hill from there. My one
care

starts asking if I should let programs access the internet. I click on no, and it would start asking about several other programs after that. Despite me saying no I

go online as usuall and pop-ups just start on my usuall sites. My One care is out of date (my fault :thumbsup: ) so I download spybot and it found problems I clean them

and my laptop went crazy. something about 23 0r 32 not being found. It just became a mess. Still having pop-ups, so I decide to come back here to

bleepingcomputers and run the malware program finds issues cleans but 2 or 3 problems still there. I restart computer and I still have same problems but the

pop-ups are loading but not showing anything. They also only pop up when I do a search on my search bar. I was frustrated so I go microsoft and download

Windows Live OneCare safety scanner first. It finds problems so I clean and still some problems could not be fixed. Then I download Malicious Software

Removal Tool scan it with that but did find anything I don't think. I haven't had a pop up yet, but that's how it was when I downloaded the malware scan from

bleepingcomputers. I don't know what to do. I wanted to do this on my own, because I don't like to bother people, but I'm stuck and I don't know what to do.

I don't want to damage the laptop any further if I have. Also, my laptop has been shutting off on it's own after this happened. I've never had this happen

before. It's plugged in through an ac cord because the battery is dead and it will not charge anymore, so I'm not sure what would it be causing it to shut off.

:flowers:

Please any help or advice is appreciate.

BC AdBot (Login to Remove)

 


#2 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 January 2009 - 10:55 PM

Also my updates was turned off and it would say could not be turned on go to security settings and turn on manually. Some of my programs were also denied access to the internet before, orb etc.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 12 January 2009 - 10:39 AM

Please post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 12 January 2009 - 04:32 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/7/2009 5:04:32 PM
mbam-log-2009-01-07 (17-04-32).txt

Scan type: Quick Scan
Objects scanned: 54096
Time elapsed: 17 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dbaqxtub.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnoLcba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pehirema.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wenunuve.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnnOIyW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gsoievhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jatuts.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnnoiyw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99d04897-4c39-4705-a8fc-8a724d23ba6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{99d04897-4c39-4705-a8fc-8a724d23ba6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b41ad58c-381e-42a9-bf91-82d04e206298} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b41ad58c-381e-42a9-bf91-82d04e206298} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02744151-7200-4312-a1d3-242604c5b063} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{02744151-7200-4312-a1d3-242604c5b063} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02744151-7200-4312-a1d3-242604c5b063} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99d04897-4c39-4705-a8fc-8a724d23ba6a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b41ad58c-381e-42a9-bf91-82d04e206298} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mesagemove (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnolcba -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pehirema.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pehirema.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pehirema.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnolcba -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pmnnOIyW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnoLcba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\abcLonmp.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\abcLonmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jatuts.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\airnuoyv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyounria.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bufezeza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azezefub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbaqxtub.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\butxqabd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kopupavo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovapupok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lesufuya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayufusel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luribepo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opebirul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nakonaze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ezanokan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxifckxm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxkcfixo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdxcldet.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tedlcxdp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seyohehu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhehoyes.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sslbhjle.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eljhblss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wenunuve.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pehirema.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gsoievhu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\anyxrt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brvptt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXrsPiH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diwunawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnhkcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekedvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqrnek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gggpej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guevytcx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfETmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\marefkxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxfjwfhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkqyhche.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rabtefnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtbdmoxp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtsomuiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfcrdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxllbfpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp22.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7FCHY9VR\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KQSBTH3U\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\kernel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkHBss.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mapenelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.


second scan





Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/7/2009 6:06:29 PM
mbam-log-2009-01-07 (18-06-29).txt

Scan type: Quick Scan
Objects scanned: 53829
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 13 January 2009 - 10:09 AM

Your MBAM log indicates you are using an outdated database. Please update it through the program's interface (preferable way) or manually download the updates and just double-click on mbam-rules.exe to install. Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 January 2009 - 06:26 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 5.1.2600 Service Pack 3

1/13/2009 6:20:52 PM
mbam-log-2009-01-13 (18-20-52).txt

Scan type: Quick Scan
Objects scanned: 54172
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mrsjrukc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmp1A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 14 January 2009 - 07:52 AM

Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database updates through the program's interface (preferable way) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform the above instructions in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 January 2009 - 08:32 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1653
Windows 5.1.2600 Service Pack 3

1/14/2009 7:29:58 PM
mbam-log-2009-01-14 (19-29-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 113537
Time elapsed: 56 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP289\A0131665.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP289\A0129642.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP291\A0136013.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 16 January 2009 - 09:13 AM

Please continue with the rest of my instructions for using ATFCleaner and SAS. Then post the results of the scan in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 January 2009 - 10:23 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2009 at 09:02 PM

Application Version : 4.24.1004

Core Rules Database Version : 3714
Trace Rules Database Version: 1689

Scan type : Complete Scan
Total Scan Time : 01:58:28

Memory items scanned : 168
Memory threats detected : 0
Registry items scanned : 6465
Registry threats detected : 14
File items scanned : 62620
File threats detected : 2

Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www#*

Rogue.Component/Trace
HKLM\Software\Microsoft\699972C6
HKLM\Software\Microsoft\699972C6#699972c6
HKLM\Software\Microsoft\699972C6#Version
HKLM\Software\Microsoft\699972C6#6999df46
HKLM\Software\Microsoft\699972C6#6999b6a3
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\Software\Microsoft\CS41275
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\Software\Microsoft\FIAS4018

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-1090907478-2265491204-2484776268-1003\SOFTWARE\Microsoft\fias4013

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\CYVVSSNW.DLL

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\SUHAMOSE.DLL

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 19 January 2009 - 09:39 AM

How is your computer running now? Any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 19 January 2009 - 04:28 PM

Nothing yet and it hasn't shut off on it's own either. I'm still crossing my fingers on the shutting off part. Now, can I delete the last two programs and still keep

malware and One care without having any problems? Second, I have 3 other computers that I had scanned with malware. It found stuff on all 3, but for a fact I

know the one computer had windows spyware 2009. On all three computers I did quick scan first cleaned it and then I did full scan. Only one of the three had

extra stuff that it found. Not the one with the windows spyware 2009. Is it ok to take the same steps I did for my laptop to make sure all 3 are clean? I thank

you very much for the time and help.

#13 lexwannabe

lexwannabe
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 January 2009 - 05:21 PM

Nevermind it shut off. It might be overheating.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 AM

Posted 21 January 2009 - 08:29 AM

Now, can I delete the last two programs

I recommend keeping and using them as part of anti-malware toolkit.

Is it ok to take the same steps I did for my laptop to make sure all 3 are clean?

Yes.

As for this computer, if there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.

It might be overheating.

The symptoms you describe could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, etc. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis.

Note: Some video cards can generate such intense heat while playing games with high quality graphics that they require a separate cooling system. If that fan fails, the video processor will not be far behind and your system may start crashing.

When was the last time you cleaned the inside of your computer? Dust restricts the airflow and prevents proper cooling. This in turn can cause overheating and faulty processor fans which can result in unexpected shutdowns, random restarts, booting problems, etc.
  • Open your machine, check all the connections and make sure the fans are all operational.
  • Remove the CPU's cooling unit and clean the fins on the heat sink that sits under the CPU with a can of compressed air.
  • Inspect the thermal compound between the CPU and heat sink as it can deteriorate over time so. You may need to remove it, scrape away the old thermal gel that makes contact with the processor, then apply a very thin coat of fresh thermal gel on the surface and fit the heat sink back in place again.
  • Feel the CPU heatsink when it powers down. It should be warm to very warm but not hot.
  • Monitor the temperature of your CPU, motherboard, hard disks, voltages, and fan speeds.
See "Cleaning the Interior of your PC" and "Getting The Grunge Out Of Your PC".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users