Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ran spywarebytes Now what ?


  • Please log in to reply
22 replies to this topic

#1 lolokittyy

lolokittyy

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 01 April 2009 - 03:17 PM

So all you computer smartys I got a problem that won't resolve itself




Heres all the info I can give you

We got all weirdness pop ups on our computer and my dad cant read email or whatever so I followed instructions and downloaded malewarebytes and superanti spyware

I ran them and removed threats

When they are removed my computer tells me it cant start up regularly

So after that I clicked the start with last working thing

I then got messages telling me about files that were missing
I went and unquarintined the viruses so the computer will work

My question is how do I remove these viruses without messing up the computer
r

Im running another scan right now and will remove what I need to but first I must ask....
What do I do after theyre removed ?
How do I get the computer to start normal

If you can walk me through this STEP BY STEP Id really appreciat it
Keep in mind though Im a 17 year old

I dont have a disk but I think I want to just completely redo the computer

Theres nothing Important that needs backing up

Our computer has crashed befor and we have the steps for reinstalling

Will they be the same now ?
How do I get to reinstall without it crashing first /



Here is the scan log



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2009 at 03:19 PM

Application Version : 4.26.1000

Core Rules Database Version : 3821
Trace Rules Database Version: 1775

Scan type : Quick Scan
Total Scan Time : 00:15:50

Memory items scanned : 522
Memory threats detected : 5
Registry items scanned : 470
Registry threats detected : 16
File items scanned : 9186
File threats detected : 26

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\DIZIGIRO.DLL
C:\WINDOWS\SYSTEM32\DIZIGIRO.DLL
C:\WINDOWS\SYSTEM32\KIBELUWE.DLL
C:\WINDOWS\SYSTEM32\KIBELUWE.DLL
C:\WINDOWS\SYSTEM32\WISEPALE.DLL
C:\WINDOWS\SYSTEM32\WISEPALE.DLL

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\VEKOBIPU.DLL
C:\WINDOWS\SYSTEM32\VEKOBIPU.DLL
C:\WINDOWS\SYSTEM32\TEZIHALU.DLL
C:\WINDOWS\SYSTEM32\TEZIHALU.DLL
C:\WINDOWS\SYSTEM32\BEYAVUWO.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01cfaa52-e959-40d6-b3aa-373e792c9c3d}
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}\InprocServer32
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FIYOBUBI.DLL

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\logan\Cookies\logan@homestore.122.2o7[1].txt
C:\Documents and Settings\logan\Cookies\logan@3260.807.clickshield[1].txt
C:\Documents and Settings\logan\Cookies\logan@tracking.realtor[1].txt
C:\Documents and Settings\logan\Cookies\logan@doubleclick[1].txt
C:\Documents and Settings\tom\Cookies\tom@ad.yieldmanager[2].txt
C:\Documents and Settings\tom\Cookies\tom@at.atwola[2].txt
C:\Documents and Settings\tom\Cookies\tom@advertising[2].txt
C:\Documents and Settings\tom\Cookies\tom@apmebf[1].txt
C:\Documents and Settings\tom\Cookies\tom@atdmt[2].txt
C:\Documents and Settings\tom\Cookies\tom@cb.adbureau[1].txt
C:\Documents and Settings\tom\Cookies\tom@doubleclick[1].txt
C:\Documents and Settings\tom\Cookies\tom@fastclick[2].txt
C:\Documents and Settings\tom\Cookies\tom@msnportal.112.2o7[1].txt
C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt
C:\Documents and Settings\tom\Cookies\tom@tacoda[1].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKU\S-1-5-21-623124788-812476261-628475140-1008\Software\Microsoft\FIAS4057

Adware.Vundo/Variant-81K
C:\WINDOWS\SYSTEM32\FEKOJIHI.DLL
C:\WINDOWS\SYSTEM32\WEMETUVI.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\POWAMAHE.EXE
C:\WINDOWS\SYSTEM32\TOROMUZI.EXE

Edited by lolokittyy, 01 April 2009 - 03:34 PM.


BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 01 April 2009 - 03:30 PM

Guessing you are running an XP computer as you have this duplicate thread in the XP section http://www.bleepingcomputer.com/forums/ind...=215924&hl=

could you fully update, reboot and run both the Malwarebytes and Superantispyware programs you mention you have installed and post the scan reports for someone to check for you :thumbsup:


It would be handy to know what your antivirus program is and if you Service pack 3 installed

Also,

Im running another scan right now


It is, I suggest, a good practice to get into the habit of running scans OFF line and while the computer is doing nowt else :flowers:

Let us know how you get on ???

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 01 April 2009 - 03:56 PM

Hello please run these next...
ATF and SAS

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Then Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 01 April 2009 - 04:55 PM

I did what you said
Here is the log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2009 at 05:36 PM

Application Version : 4.26.1000

Core Rules Database Version : 3821
Trace Rules Database Version: 1775

Scan type : Quick Scan
Total Scan Time : 00:19:22

Memory items scanned : 224
Memory threats detected : 3
Registry items scanned : 489
Registry threats detected : 16
File items scanned : 9186
File threats detected : 26

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\DIZIGIRO.DLL
C:\WINDOWS\SYSTEM32\DIZIGIRO.DLL
C:\WINDOWS\SYSTEM32\KIBELUWE.DLL
C:\WINDOWS\SYSTEM32\WISEPALE.DLL

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\VEKOBIPU.DLL
C:\WINDOWS\SYSTEM32\VEKOBIPU.DLL
C:\WINDOWS\SYSTEM32\TEZIHALU.DLL
C:\WINDOWS\SYSTEM32\TEZIHALU.DLL
C:\WINDOWS\SYSTEM32\BEYAVUWO.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01cfaa52-e959-40d6-b3aa-373e792c9c3d}
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}\InprocServer32
HKCR\CLSID\{01CFAA52-E959-40D6-B3AA-373E792C9C3D}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FIYOBUBI.DLL

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\logan\Cookies\logan@homestore.122.2o7[1].txt
C:\Documents and Settings\logan\Cookies\logan@3260.807.clickshield[1].txt
C:\Documents and Settings\logan\Cookies\logan@tracking.realtor[1].txt
C:\Documents and Settings\logan\Cookies\logan@doubleclick[1].txt
C:\Documents and Settings\tom\Cookies\tom@ad.yieldmanager[2].txt
C:\Documents and Settings\tom\Cookies\tom@at.atwola[2].txt
C:\Documents and Settings\tom\Cookies\tom@advertising[2].txt
C:\Documents and Settings\tom\Cookies\tom@apmebf[1].txt
C:\Documents and Settings\tom\Cookies\tom@atdmt[2].txt
C:\Documents and Settings\tom\Cookies\tom@cb.adbureau[1].txt
C:\Documents and Settings\tom\Cookies\tom@doubleclick[1].txt
C:\Documents and Settings\tom\Cookies\tom@fastclick[2].txt
C:\Documents and Settings\tom\Cookies\tom@msnportal.112.2o7[1].txt
C:\Documents and Settings\tom\Cookies\tom@realmedia[1].txt
C:\Documents and Settings\tom\Cookies\tom@tacoda[1].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKU\S-1-5-21-623124788-812476261-628475140-1008\Software\Microsoft\FIAS4057

Adware.Vundo/Variant-81K
C:\WINDOWS\SYSTEM32\FEKOJIHI.DLL
C:\WINDOWS\SYSTEM32\WEMETUVI.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\POWAMAHE.EXE
C:\WINDOWS\SYSTEM32\TOROMUZI.EXE

When I booted normally windows told me it was unable to
So I selected the start with last working thing

It then told me Files were missing and to check with diskette [I dont have a diskette]

How do I get my computer to run normally ?

#5 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 01 April 2009 - 05:44 PM

I restarted again and it ran good
Except it tells me about three missing files because theyre in quarantine

IDK if that even matters

Thanks everyone who helped or even actually bothered reading my dumb posts :]]]

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 01 April 2009 - 08:07 PM

Hello,did the Mbam scan find anything as you did npot post that log. Are you getting an error message of what is missing? If so post that message please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 01:37 PM

I completely forgot to do malwarebytes scan
I'll reboot in safemode in a second and do that
I used that befor sas the first time but superantispyware found more


Anyways Ill have the log in a secong

Im including a screenshot of the missing file messages

Posted Image

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 02 April 2009 - 01:44 PM

Run MBAM from normal mode,it's stronger.


we'll fix those errror messages after the MBAM log.

Edited by boopme, 02 April 2009 - 01:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 02:01 PM

Okay done
Heres the log

alwarebytes' Anti-Malware 1.35
Database version: 1934
Windows 5.1.2600 Service Pack 2

4/2/2009 2:52:45 PM
mbam-log-2009-04-02 (14-52-32).txt

Scan type: Quick Scan
Objects scanned: 99677
Time elapsed: 18 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01cfaa52-e959-40d6-b3aa-373e792c9c3d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01cfaa52-e959-40d6-b3aa-373e792c9c3d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b87d9bdf (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sodugizoba (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbb4ea843 (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\puzuhahi.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sewadojo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\_avast4_\unp180489215.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\_avast4_\unp73085932.tmp (Trojan.Vundo) -> No action taken.



When I restarted after running and removing those threats there wasnt a missing file message

Im going to restart again right now and see if theres a error

Thanks so much for all your help
The computer is runnning so much better now :]

#10 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 02:12 PM

Now there is only one error
This is it
Posted Image

#11 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 02:33 PM

Wait I made that up
I cant even type from the infected computer
It went crazy and Im running malwarebytes again
It did that desktop take over that says I need to scan and flashes warning :[
IDK what happend

#12 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 03:09 PM

Okay I removed the 30 new threats malewarebyts detected but now I can not acsess anything on the computer

Its a weird sign in screen that asks for a password [wich I dont have]
So I left it blank but as soon as I go to sign in it signs me right out

IDK what to do :[[

#13 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 02 April 2009 - 07:36 PM

OKAY

i restore my computer back to default because I had no other choice lol


Thanks for the help though :]

I really appreciat it

Why did it get worse when I removed things ? lol

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 PM

Posted 02 April 2009 - 08:18 PM

Sometimes malware corrupts so many things the PC cannot function normally. Did you format or do a system restore?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 lolokittyy

lolokittyy
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:new jersey
  • Local time:07:44 PM

Posted 03 April 2009 - 09:13 AM

Im not sure


All I did was select restore to origional something


It was the same thing we did when my computer crashed itself

It deleted everything that was on my computer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users