Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360 on XP-cannot get to websites to download help


  • Please log in to reply
7 replies to this topic

#1 ZwickFlicks

ZwickFlicks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 February 2009 - 01:56 PM

Stupid worms-

av360 was to my knowledge never opened or purchased (there are other users on this computer).
I am on my Mac now and have downloaded mawarebytes and spy bot search and destroy onto a jumpdrive which I inserted into the WIN XP. It will not open and run since I have disconnected my broadband link.
Prior to that I deleted av360 in end process in the Security Task Manager.

I am at a loss as to what to do next.
Is av360 the same as another infection?

Paul

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:20 AM

Posted 08 February 2009 - 05:54 PM

Try renaming the malwarebytes executable you downloaded to reply.bat. and see if it will run that way. If it runs, please follow this procedure.

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 ZwickFlicks

ZwickFlicks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 February 2009 - 07:07 PM

Thanks for the help.
I will try to rename it.
Right now malware is stuck trying to register on the internet and cannot do so.
62 files were found and it did find the following:


Microsoft Windows XP Professional Service Pack 3
5.01 build 2600 Service Pack 3
Username: Paul
In groups: LOCAL Administrators Everyone Users None INTERACTIVE Authenticated Users
2009/02/08 16:17:29:796: Application Version: 1.9.3331.645
2009/02/08 16:17:29:968: Module Version: 1.0.3331.644
2009/02/08 16:17:30:015: Service Version: 1.9.3331.645
2009/02/08 16:17:30:015: ===============================================================
2009/02/08 16:17:30:031: Switching to PIEInProc.
2009/02/08 16:17:30:109: Checking for bad run key.
2009/02/08 16:17:30:125: Windows directory: C:\WINDOWS
2009/02/08 16:17:30:125: System directory: C:\WINDOWS\system32
2009/02/08 16:17:30:125: Program Files directory: C:\Program Files
2009/02/08 16:17:30:125: Application Data: C:\Documents and Settings\Paul\Application Data
2009/02/08 16:17:30:125: User Profile: C:\Documents and Settings\Paul
2009/02/08 16:17:30:125: User Temp: C:\DOCUME~1\Paul\LOCALS~1\Temp\
2009/02/08 16:17:30:125: Start Menu: C:\Documents and Settings\Paul\Start Menu
2009/02/08 16:17:30:125: User Desktop: C:\Documents and Settings\Paul\Desktop
2009/02/08 16:17:30:125: Common Desktop: C:\Documents and Settings\All Users\Desktop
2009/02/08 16:17:30:125: Common Profile: C:\Documents and Settings\All Users
2009/02/08 16:17:30:125: SID set to: S-1-5-21-3979332483-275312030-72197566-1005
2009/02/08 16:17:32:609: version was called, but is not defined in this dll version.
2009/02/08 16:17:32:609: Database Version:
2009/02/08 16:17:32:609: version was called, but is not defined in this dll version.
2009/02/08 16:17:32:609: Database Version:
2009/02/08 16:17:34:578: No command line.
2009/02/08 16:17:34:578: Parsing command line:
2009/02/08 16:17:34:578: launch
2009/02/08 16:17:34:578: OnitDialog...
2009/02/08 16:17:36:406: Checking for database update...
2009/02/08 16:17:37:921: Database Version: 11.2.2 1233605813
2009/02/08 16:17:38:000: Setting Timer to Hide Splash
2009/02/08 16:17:38:500: Hiding Splash
2009/02/08 16:17:42:578: Start Scan
2009/02/08 16:17:42:578: Scan options:
2009/02/08 16:17:42:578: Scan Active Processes
2009/02/08 16:17:42:578: Scan Windows Registry
2009/02/08 16:17:42:578: Scan Cookies
2009/02/08 16:17:42:578: Scan Files
2009/02/08 16:17:42:578: Clearing Volatile Lists.
2009/02/08 16:17:42:656: 32-bit Winsock LSP Map:
2009/02/08 16:17:42:656: No LSPs are installed
2009/02/08 16:17:45:953: Entering Process Scan
2009/02/08 16:17:46:375: \systemroot\system32\smss.exe scan aborted ... Reason: unable to open or create the file specified
2009/02/08 16:17:46:546: \??\c:\windows\system32\csrss.exe scan aborted ... Reason: unable to open or create the file specified
2009/02/08 16:17:48:390: \??\c:\windows\system32\winlogon.exe scan aborted ... Reason: unable to open or create the file specified
2009/02/08 16:19:13:687: ResultAdded[77304]: Downloader, BackWeb
2009/02/08 16:19:49:359: Completed Process Scan
2009/02/08 16:19:49:359: PreDbScan
2009/02/08 16:19:49:406: ResultAdded[8]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:437: ResultAdded[39583]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:453: ResultAdded[17]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:484: ResultAdded[582163]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:531: ResultAdded[62]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:562: ResultAdded[66]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:593: ResultAdded[538634]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:593: ResultAdded[25147]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:609: ResultAdded[82]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:656: ResultAdded[106]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:656: ResultAdded[112]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:671: ResultAdded[603813]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:703: ResultAdded[123]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:718: ResultAdded[139]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:750: ResultAdded[154]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:812: ResultAdded[203]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:859: ResultAdded[526392]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:859: ResultAdded[327]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:875: ResultAdded[527874]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:937: ResultAdded[272]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:49:953: ResultAdded[295]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:000: ResultAdded[550076]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:015: ResultAdded[319]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:031: ResultAdded[323]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:078: ResultAdded[25142]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:140: ResultAdded[526442]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:171: ResultAdded[404]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:187: ResultAdded[409]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:203: ResultAdded[413]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:234: ResultAdded[526147]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:250: ResultAdded[432]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:50:312: ResultAdded[464]: Tracking Cookie, Tracking Cookie
2009/02/08 16:19:58:859: 32-bit Winsock LSP Map:
2009/02/08 16:19:58:859: No LSPs are installed
2009/02/08 16:19:58:859: 32-bit Winsock LSP Map:
2009/02/08 16:19:58:859: No LSPs are installed
2009/02/08 16:19:58:859: 32-bit Winsock LSP Map:
2009/02/08 16:19:58:859: No LSPs are installed
2009/02/08 16:20:00:875: ResultAdded[619489]: Downloader, Zlob
2009/02/08 16:20:07:343: DeepScan
2009/02/08 16:20:07:343: IsBadEnough calculation:
2009/02/08 16:20:07:343: IsBadEnough: 1
2009/02/08 16:20:07:343: OptDeepScan: 0
2009/02/08 16:20:07:343: OptDeepScanScheduleScan: 1
2009/02/08 16:20:07:343: OptScheduleScan: 0
2009/02/08 16:20:07:343: PostScan
2009/02/08 16:20:07:437: Saving scan results...
2009/02/08 16:20:07:437: Building result tree.
2009/02/08 16:20:43:640: Quarantining items: debug version 1.0
2009/02/08 16:20:43:640: Selecting quarantine folder: C:\Documents and Settings\Paul\Application Data\MalwareRemovalBot\Quarantine\08-02-2009-16-20-43
2009/02/08 17:55:07:640: Database Version: 11.2.2 1233605813
2009/02/08 17:55:27:593: Restoring quarantined items:
2009/02/08 17:55:27:593: PreUnQuarantine;
2009/02/08 17:55:27:593: PostUnQuarantine;
2009/02/08 17:55:27:593: Removing items:
2009/02/08 17:55:37:328: Database Version: 11.2.2 1233605813
2009/02/08 17:56:28:703: Saving scan results...
2009/02/08 17:56:28:718: Building result tree.
2009/02/08 17:56:58:656: Quarantining items: debug version 1.0
2009/02/08 17:56:58:656: Selecting quarantine folder: C:\Documents and Settings\Paul\Application Data\MalwareRemovalBot\Quarantine\08-02-2009-17-56-58
2009/02/08 18:02:28:968: Database Version: 11.2.2 1233605813

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:20 AM

Posted 08 February 2009 - 08:09 PM

If you have malwarebytes downloaded. Go ahead and download the manual updates and install them that way. Then try a run.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 ZwickFlicks

ZwickFlicks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 February 2009 - 08:44 PM

If you have malwarebytes downloaded. Go ahead and download the manual updates and install them that way. Then try a run.


I could not get the WIN PC to get to the registration website for malwarebytes.

I also renamed malwarebytes as you suggested on the PC.

Getting nowhere, I went to downloads.com and think I downloaded Spybot Search and Destroy from MBCONTACTS.com
Cost $52 for 3 yrs.
Ran the program and it found only cookies being a problem.
rebooted the PC and still get a warning from what appears to be Antivirus360 about going to the Spybot page.

Did I buy the wrong program?
Seemed legit.

Thanks

Paul

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:20 AM

Posted 08 February 2009 - 09:01 PM

Getting nowhere, I went to downloads.com and think I downloaded Spybot Search and Destroy from MBCONTACTS.com
Cost $52 for 3 yrs.


I'm not sure what you downloaded, but Spybot Search and Destroy is a free program.

From their site:

As you may have read, we are working full-time on this free project, but we have got to pay hosting bills and development software. So we would be glad if you could donate a small amount to our cause. Thank you :-)


Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.


Reference: http://www.safer-networking.org/en/spybotsd/index.html

Try this program and we can go from there...

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 ZwickFlicks

ZwickFlicks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 February 2009 - 09:09 PM

I think I was redirected to a lame and costly website when I searched on the PC.
Back on the Mac now and feeling safer.
I'll print your directions and download to my jumpdrive in WIN XP.

Fun Fun Fun...

Next on the list to call my credit card company and get that money back or cancel the card.

#8 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:20 AM

Posted 10 February 2009 - 07:49 PM

Let us know how it goes...

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users