Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I think I've got rid of my virus, but I'm not 100% sure

  • Please log in to reply
1 reply to this topic

#1 MillerWakka


  • Members
  • 1 posts
  • Local time:04:14 PM

Posted 13 March 2009 - 09:48 AM


First let me thank you all for maintaining such an excellent forum. Through it I've found such a number of great programs (such as mbam) that have helped me. It's also great to see such friendly, helpful people.

Unfortunately, now I think I may need help of my own, but I'm not sure! Let me explain;

Recently I was infected with what Spybot referred to as Zlob.DNSchanger, just 2 infections. It was causing redirects and popups, etc. It was also stopping me from updating my software or visiting the homepage. After clearing that stuff and restarting, I was able to update Spybot and everything seemed a lot better. However, on another scan it found Win32.TDSS.rtk, I think 10 infected files, mostly registry keys. It removed those threats and everything seemed a lot better.

I've since done online scans with Kaspersky & Trend Micro Housecall as well as discovering mbam, ATF-Cleaner and SUPERantispyware, all of which showing little else but a few tracking cookies. My antivirus, Avast, was also coming up clean and updating correctly. Everything all seemed fine up until this morning when http://www.safer-networking.org/en/home/index.html wouldn't load in Firefox specifically. I obviously got a little scared because I thought I was infected again. However, Every single other page on http://www.safer-networking.org/ was loading, and everything was working perfectly in IE7 too. So I naturally just tried clearing all the private data in firefox. Lo and behold, http://www.safer-networking.org/en/home/index.html was loading again. This lead me to believe my cache was causing the problem or something similar.

However, I just can't shake the feeling that there are some files laying dormant ready to download and infect my machine again, and being far from an expert when it comes to this stuff I'm not sure what I can do to ensure it's fully removed short of just biting the bullet and formatting my machine, which I don't really want to do under these circumstances.

I suppose to cut a long story short, I wondered if there was anyone here who'd be willing to guide me through the best way to completely strip the malware from my machine, if indeed some files remain.

Thank you so much in advance!

Edited by MillerWakka, 13 March 2009 - 09:50 AM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,490 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:12:14 PM

Posted 13 March 2009 - 02:42 PM

Hello, let's run 2 items. Tell me if things are better.

Atf Cleaner For Windows
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users