Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PeerGuardian constantly blocking "ZlKon Exploits in Vista


  • Please log in to reply
10 replies to this topic

#1 crazymangabriel

crazymangabriel

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 27 April 2009 - 12:29 PM

Hello Bleeping Computer community!

I am running Windows Vista on a laptop, but then I noticed that peerguardian had started blocking something before I opened up any kind of p2p program or internet browser. It is blocking something called "ZlKon Exploits" constantly. I googled this and eventually made it another post that suggested first running super-antispyware, next running malwarebytes anti malware, then combofix, and one other. I read on your site not to run combofix without guidance, but I did try to run both the first two programs. Super-Anti only asked for UAC permission and then that "stopped working" box came up. Next, the malwarebytes seemed to install but when I click "Finish" with "Start" and "Update" checked it simply does nothing. I go to a school, and we're required to run one of the worse McAfee version I've ever seen, so I only expect problems with subsequent scans. Hmm... I also have two external hard drives that I can use to back up all of my data, but my concern is of course saving the infection, and I would appreciate some guidance here. Thank you so much! I hope to hear from you soon. Ciao for now.

Gabriel

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:23 PM

Posted 10 May 2009 - 12:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 crazymangabriel

crazymangabriel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 10 May 2009 - 12:57 PM

I thought I attached it in my first post, and if that is not it than I guess I did not understand the program. Could you please double-check that my attachment is not it? Thanks so much.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,944 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:23 PM

Posted 10 May 2009 - 01:12 PM

Hello there,

Two things.

1) We need an updated log.

2) The log you attached is the extra log. Yours starts like this:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2009 12:33:14 AM
System Uptime: 4/27/2009 1:01:50 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 7.711 GiB free.
D: is CDROM ()
E: is CDROM ()


We need the main log that starts something like this and won't have that alert on the top.


DDS (Ver_09-03-16.01) - NTFSx86
Run by CookieMonster at 23:37:44.40 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3061 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe


Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 crazymangabriel

crazymangabriel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 10 May 2009 - 01:49 PM

Figures it would be something obvious like that, sorry about that.

Attached Files



#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:23 PM

Posted 10 May 2009 - 09:46 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Rename mbam.exe to ncbc.exe and then reboot to safe mode and run the renamed file. Then save the log to the desktop, and then reboot to safe mode and post the log here.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 crazymangabriel

crazymangabriel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 11 May 2009 - 02:25 AM

Hello Hoov! I will do my best to follow your instructions exactly, but unfortunately the first instruction is beyond my grasp. I have done nothing to attempt to alleviate the problem myself other than what I described in my initial post, but I think that what you are asking me to do is download Malware Bytes Anti-Malware and rename it, but I wanted to check in before I did anything. Talk to you soon! Ciao.

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:23 PM

Posted 11 May 2009 - 08:28 PM

I thought you already had downloaded it, but if you have not then please do so, and rename mbam.exe after installing it. Then reboot to safe mode and do the scan.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you uncheck both of these
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
When you reboot to safe mode and run it,
[*]Make sure the "Perform Full Scan" option is selected.
[*]Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.[/list]Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:23 PM

Posted 16 May 2009 - 09:06 PM

crazymangabriel, do you still need help?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:23 PM

Posted 23 May 2009 - 12:22 AM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.


Thread reopened at the request of the originator.

Edited by Hoov, 07 June 2009 - 01:56 AM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 crazymangabriel

crazymangabriel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 08 June 2009 - 12:59 AM

Hoov,

I am sorry I took so long, but since we last discussed my computer I have graduated from college and moved from PA to CA and unfortunately my computer concerns had to take a back step. I would still appreciate your help. I have never successfully started mbam, though I have tried to install it several times. The first thing I tried was running it in safe mode as you suggested, and nothing happened. In task manager, a new process didn't appear to begin. I also tried starting it in normal mode, after installing it in safe mode, etc. until I had tried every combination. If you need anything else from me, please let me know. I am home now, so I should be able to respond much more quickly and, again, I'm sorry for the delay. Ciao for now.

Gabriel




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users