Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware 2009 removal


  • This topic is locked This topic is locked
19 replies to this topic

#1 Dan1001

Dan1001

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 05 April 2009 - 08:13 AM

:thumbup2: HI! I am trying to find a way to remove this malware. It has slowed down my computer so slow that I have not been able to try downloading any free trail versions of spyware programs to try and got it out of my system.

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:44 PM

Posted 14 April 2009 - 11:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 08:18 PM

Hello,

I was able to download the free copy of Malwarebytes' Anti-Malware on to a flash drive from another computer and install it on my computer. It took a while but I got it to install, and was able to run it.

This program was able to clean most of the malware out of my machine (Malware Defender 2009). I do not get the false Security Center and false virus program popping up all the time now.

All the malware is not out of my machine. I still get a voice popping up while I am in some program telling me "Congradulations you have quailfy to win.................. or Congradulations you are a winner". I still get IE opening up and trying to connect to sites if I am on line or not.

And my computer is still slower than when I first got this problem.

I have run Malwarebytes' Anti-Malware a number of times and it continues to find a few files from time to time. I have been told that I should continue to run updates on this software and continue to run it on my computer to try and find all the files that were missed early on during my previuos scans.

I am appreciative for the advise given on this site, and the responce by moderators. I would love any advise on taking further actions to remove the remaing files and get it back to speed.

Dan1001

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 18 April 2009 - 10:59 AM

Hello.

I still see a few remaining pieces of malware left in the log.

Sometimes infections does damages that can't be fixed. For example: Speed or performance or just general internet surfing. We can take care of any infections that remain but sometimes things like speed can't always be fixed.

let's see what we can do.

Please run the following tool.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

May I see the MBAM log as well?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 April 2009 - 08:05 AM

Guys,

Thanks for the replies! I am going to attatch the reqested files at the end of this message.

Through out this process, it seems that the trojans and "bad boys" have be self regenerating in my system. Malwarebytes Anti-Malware did worlds to clean up Malware Defender 2009, but as I continue to run the Malwarebytes Anti-Malware program, I continued to find more infected files or settings that were missed on previous scans. It was suggested that I continue to update Malwarebytes Anti-Malware and run scans until there were a series of scans that have not turned up any new listings or problem areas.

I have dowloaded combo fix and the Windows program and allowed it to run it's scan. I have just rebooted so i will observe how my unit runs and go from there.

I am not sure how many of the logs you where hoping for , so I am going to post them all.

I was not able to go to the log files and copy them as I had hoped. I can copy only one at a time and post them. I have posted what is called "changes" from the choices I was given. If this does not provide you with enough info, I can send the logs some way else.

Thanks for the help.

Dan1001

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 19 April 2009 - 09:31 AM

Hello.

That log file you attached was the "updates" definition and bug(s) that were updated/fixed. It's not the actual log itself.

Anyways, I would like to see the Combofix log as requested in my previous post.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 April 2009 - 09:59 AM

I am attaching the requested log from Combo Fix.

Thanks,

Dan1001

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 19 April 2009 - 10:24 AM

Hello.

I like to see the MBAM log now. Please follow the instructions below and post the log once it's done.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post that log here in your next reply please
Post back with:
-MBAM log
-Rooter Log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 April 2009 - 11:41 AM

Attached are the requested logs!

Dan1001

Attached Files



#10 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 April 2009 - 11:45 AM

Both requested logs!

Dan1001

Attached Files



#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 19 April 2009 - 12:43 PM

Hello.

Both logs were clean. What seems to be the problem right now? What symptoms do you still have?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 April 2009 - 06:43 PM

Since updating Malwarebytes Anti-Malware last night and scaning my system (it found 8 files with trojan or malware signatures) I have had better performance. Since running the programs you guys suggested today, I have not seen any sythoms like those I stated in early posts on thi s subject. I have actually seen my email download properly, connected to sites faster and been able to download updates properly today.

At the present time I am not seeing any of the symthoms I had posted in earlier posts.

Thanks for all your help! It has been my first experience with Malware infections. I never thought a problem like this could cause so many headaches.

Dan1001

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 19 April 2009 - 07:18 PM

Hello.

Let's run an online scan to make sure if everything is okay :thumbup2:

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with a new DDS log as well. Attach attahced as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Dan1001

Dan1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 20 April 2009 - 04:38 AM

Morning Guys!

I tried dowloading Java updates last night but something happened before it was totally downloaded and failed to take.

I got up early this morning to try again before I left for the day, but my computer has gone back to slow mode. Took 20 minutes to get cranked up to where I ccould download email or get on net.

I noticed lastnight that McAffe did not load as it should have. Even tho I had run all my updates yesterday and my Security center was in great shape. It did not want to load this morning and told me I was not protected. I went in and looked around to see if it had cut itself back on or off, but did not change any settings. Then it was OK, then it sent up a ballon telling me there was a problem, then it disapeared again.

After all this time, 40 minutes or so, my computer seems to be back to a semi normal speed and fuctionality.

Can Malware cause these types of problems? I have been disapointed in McAfee's ability to deal with this problem to any degree.

Dan1001

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 20 April 2009 - 02:45 PM

Hello.

Can Malware cause these types of problems? I have been disapointed in McAfee's ability to deal with this problem to any degree.

Slowness can be caused by malware but not always. I have a computer upstairs that I never use other than doing some storage. It's free from malware and has an anti-virus and firewall but it's incredibly slow for some reason.

I never tried McAfee before so I do not know how it works. It may be some kind of bug, you might want to reinstall it or contact them. Let's make sure we are free from malware first.

See if Java can install now, if not and you can't run Kaspersky try the following online scan instead.

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Remember to post back with a new set of DDS log after the scan is complete as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users