Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very low tech user


  • Please log in to reply
4 replies to this topic

#1 J3RUSAL3M

J3RUSAL3M

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 05 May 2009 - 11:44 AM

i have this thing on my machine and mcafee cant remove it. i have windows xp service pack 3. mcafee secruity suit through bt broadband which im not happy with as i have never ever had a trojan while using norton or zonealarm but mcafee seems to invite virus on my machine

im very low tech but quick in learning so if anyone can tell me how to remove this virus i would sure appreciate it

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:44 AM

Posted 05 May 2009 - 02:18 PM

Try this low tech solution.
Scan your computer with Super Antispyware free. Download link and instructions in link below.
http://www.bleepingcomputer.com/forums/ind...t&p=1040160

Be sure to update SAS after downloading, installing and before rebooting into safe mode. Scan is best
run in safe mode.

Post back with the log from SAS and for further instructions.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 J3RUSAL3M

J3RUSAL3M
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2009 - 04:17 AM

Thank you for your swift reply i followed your instruction but came up on the problem that the virus wouldnt let me down the program so i used my daughters laptop to download put on key but virus wouldnt let me up pack it so i renamed it and finally got it installed here are the results im not happy with mcafee at all or btbroadband who provided me with it as part of my package or maybe its just down to me i think the virus came from a torrent???


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2009 at 10:10 AM

Application Version : 4.26.1002

Core Rules Database Version : 3868
Trace Rules Database Version: 1816

Scan type : Quick Scan
Total Scan Time : 00:06:18

Memory items scanned : 442
Memory threats detected : 1
Registry items scanned : 357
Registry threats detected : 13
File items scanned : 3766
File threats detected : 11

Trojan.Agent/Gen-FXSTALLER
D:\WINDOWS\FXSTALLER.EXE
D:\WINDOWS\FXSTALLER.EXE
[Windows UDP Control Center] D:\WINDOWS\FXSTALLER.EXE
D:\WINDOWS\Prefetch\FXSTALLER.EXE-28ED83DD.pf

Rootkit.Agent/Gen-GAOPDX
HKLM\system\controlset001\services\gaopdxserv.sys
D:\WINDOWS\SYSTEM32\DRIVERS\GAOPDXBIMXFQSE.SYS
HKLM\system\controlset002\services\gaopdxserv.sys
HKLM\system\controlset003\services\gaopdxserv.sys
HKLM\system\controlset004\services\gaopdxserv.sys
D:\WINDOWS\SYSTEM32\GAOPDXXTPDWYKR.DLL

Adware.Tracking Cookie
D:\Documents and Settings\General\Cookies\general@serving-sys[1].txt
D:\Documents and Settings\General\Cookies\general@doubleclick[2].txt
D:\Documents and Settings\General\Cookies\general@bs.serving-sys[2].txt
D:\Documents and Settings\General\Cookies\general@imrworldwide[2].txt
D:\Documents and Settings\General\Cookies\general@ads.pointroll[2].txt
D:\Documents and Settings\General\Cookies\general@atdmt[1].txt

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET015\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5C30D651-D1A6-4F88-9B1D-85760AFFA06B}#NAMESERVER
HKLM\SYSTEM\CONTROLSET015\SERVICES\TCPIP\PARAMETERS\INTERFACES\{63B4A756-5520-4630-9AD2-631DAB954882}#NAMESERVER
HKLM\SYSTEM\CONTROLSET016\SERVICES\TCPIP\PARAMETERS\INTERFACES\{3B8023F4-FA8B-4953-98D5-D7781509BE71}#NAMESERVER
HKLM\SYSTEM\CONTROLSET016\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5C30D651-D1A6-4F88-9B1D-85760AFFA06B}#NAMESERVER
HKLM\SYSTEM\CONTROLSET016\SERVICES\TCPIP\PARAMETERS\INTERFACES\{63B4A756-5520-4630-9AD2-631DAB954882}#NAMESERVER
HKLM\SYSTEM\CONTROLSET017\SERVICES\TCPIP\PARAMETERS\INTERFACES\{3B8023F4-FA8B-4953-98D5-D7781509BE71}#NAMESERVER
HKLM\SYSTEM\CONTROLSET017\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5C30D651-D1A6-4F88-9B1D-85760AFFA06B}#NAMESERVER
HKLM\SYSTEM\CONTROLSET017\SERVICES\TCPIP\PARAMETERS\INTERFACES\{63B4A756-5520-4630-9AD2-631DAB954882}#NAMESERVER

Trojan.Agent/Gen-LSPHack
D:\WINDOWS\SYSTEM32\LSPYWG.DLL

#4 J3RUSAL3M

J3RUSAL3M
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 08 May 2009 - 05:18 AM

Well i must say im impressed very impressed indeed that program did it all with in 20 mins it scanned cleaned rescanned next thing my mcafee came alive updated its self my windows updater is still down loading up dates im so happy.. :thumbsup: :trumpet: :flowers: If there is somewhere i can rate ur site then let me know cos believe i tryed loads of forums before i found you people thanks a millon

#5 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:44 AM

Posted 08 May 2009 - 06:45 AM

It would be a good idea to run SAS again for a day or two. Be sure to UPDATE it before scanning.

you need to delete the existing "restore points" as some are infected. Deleting all is the
only option. Info on how to do that if needed is in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Cleanup your temporary files and logs.
Double-click ATF-Cleaner.exe to run the program.
http://www.atribune.org/ccount/click.php?id=1
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

Use Secunia online scanner to check for missing security updates. http://secunia.com/vulnerability_scanning/online/
After updating Java (if you haven't done so already) go to Add/ Remove and remove ALL old Java programs.
IE browser, Adobe Reader, Adobel Flash and Java have all been exploited recently. Important to get the latest updates to avoid malware exploiting those programs.

You can block the Ad/ tracking cookies from ever installing on your computer by following the steps below.
This applies to Internet explorer browsers.
Click on tools
click on internet options
click on privacy tab
click on advanced button
put a check in the box next to override automatic cookie handling
put a check in the box next to first party accept
put a check in the box next to block third party cookies (those are the ad/ tracking cookies that AVG deletes)
Click OK to exit
Then just run another quick scan with SAS to remove the third party cookies that were installed before changing the settings.

Edited by buddy215, 08 May 2009 - 06:53 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users