Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP with possible Vundo, Bifrose, some Google 404


  • Please log in to reply
14 replies to this topic

#1 Wirewalker175

Wirewalker175

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 23 January 2009 - 03:35 AM

I am running an old Compaq Presario R3000 512mb RAM Intel Pentium 4 2.8gHz. and this PC is loaded to the hilt with God only knows what. I've ran AVG 8.0, and it wouldn't ever detect a thing other than advertising cookies. I have since then installed Malware Bytes and Spybot Search and Destroy. Lately i've been having a problem with my PC running extremely slow taking an eternity to boot up. I keep the temp internet files cleaned out while online, I don't run resource hog programs at least not to my knowledge. I'm at a loss when it comes to ideas, does anyone have any Suggestions??
Any and all advice tips pointers whatever will be more than welcomed and appreciated.

Thank you

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 23 January 2009 - 12:48 PM

Hi,

Please do a new full scan with MalwareBytes Anti-Malware. Post the logfile in your next reply. :thumbsup:

#3 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 25 January 2009 - 04:19 AM

here is the scan log from malwarebytes. it says that i have 0 infections and 0 detections, but i am still having the same problems. it comes and goes which is what really baffles me, almost as if the PC knows when it is safe to act up. HA HA strange i know but freakin weird...

Malwarebytes' Anti-Malware 1.33
Database version: 1691
Windows 5.1.2600 Service Pack 3

1/25/2009 4:09:00 AM
mbam-log-2009-01-25 (04-09-00).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 157968
Time elapsed: 1 hour(s), 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 25 January 2009 - 06:24 AM

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#5 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 January 2009 - 03:44 AM

sorry for it taking so long for me to get back in touch with you. I work out of town from home and even worse my motel's wi-fi signal doesn't carry outside the lobby. I'm in the process of running the Kapersky online scanner now and hopefully will have the results before i have to leave for work. If not I will have to try again sometime after 6 o'clock PM central standard time. Once again thank you for the help you've given me thus far, I truly appreciate it.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 January 2009 - 09:50 AM

Hi,

Okay I'll wait for your reply. :flowers:
And you're most welcome :thumbsup:

#7 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 27 January 2009 - 01:58 AM

Finally was able for the scan to complete. Man that is slow....
here is the Kaspersky Online Scanner Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 27, 2009 01:53:44
Records in database: 1702901
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 107238
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:17:16


File name / Threat name / Threats count
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-2b3b562a Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7b24364a.zip Infected: Trojan-Downloader.Java.Agent.f 1

The selected area was scanned.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 January 2009 - 09:46 AM

Dhants20,

Spybot doesn't need much RAM. There is an infection present here. So updating RAM won't help this person.


Wirewalker,

Let's go. Do this:

Open Notepad.
Copy this in the Notepad-file:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7b24364a.zip") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-2b3b562a") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: del.bat
File type: All files (*.*).
Now, click Save.
Doubleclick del.bat.
Post the contents of the logfile that opens in your next reply.

#9 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 29 January 2009 - 01:22 AM

here is the log that opened in a new window in notepad after i followed your last instruction. Sorry about the delay, been on standby with various power companies due to the snow/ice storm that's been pounding ky,mo,ar,ok,in,oh,etc. i'm sure you get the idea. Being a lineman sure does turn a man into a weather watcher, and the only thing i'm complaining about is that the contractor i work for wasn't called out for stormwork. Sure hate missing out on the big $$$$

#10 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 29 January 2009 - 01:23 AM

sorry hear is that log........


Deleting files
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7b24364a.zip" not found

Deleting folders
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-2b3b562a" not deleted

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 January 2009 - 01:42 AM

Hi,

Please run del.bat again, but now in safe mode. Post the log in your next reply. :thumbsup:

#12 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 29 January 2009 - 02:08 AM

Deleting files
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-7b24364a.zip" not found

Deleting folders
"C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-2b3b562a" not deleted


here is the log that you asked me to post, i restarted the PC in safe mode then ran the .del file then restarted again and copied the log and posting it now....

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 January 2009 - 08:26 AM

Hi,

I'm going to redirect you to the HijackThissection of this forum. This, because more powerful tools are needed here.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please include a link there to this topic. :thumbsup:

Good luck. :flowers:

#14 Wirewalker175

Wirewalker175
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 29 January 2009 - 10:46 PM

thank you for your time and assistance

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 January 2009 - 01:30 AM

You're most welcome. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users