Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Virus (unknown) infected my PC


  • This topic is locked This topic is locked
10 replies to this topic

#1 Elpianista

Elpianista

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 26 May 2009 - 01:31 AM

Hello:
Before starting I must say that I'm a spanish speaker, so excuse me if I make mistakes with the language.

I ran Adaware and Spybot and they removed trojan agents and threats. AVG also remove things but the result was many programs broken, including Internet Explorer (I canīt run the Kaspersky online), Notepad (I don't know how the DDS.txt opens itself), winamp, eMule, Imgburn (Now I don't have a burn software), WinRar, etc.

Mozilla canīt come in some Sites, like Superantispyware, Malwarebytes, Trend Micro, Mc Afee, most Antivirus sites.
(The virus put a list of sites to block, including Banks, that I removed).

In Safe Mode my account desappears, and I canīt come in as Administrator because the virus puts a password.

To change users asks for a password.

AVG removed a dll (rundll32) from System 32. This prevents me from go in Add/Remove Programs, System (I can't restore system in normal mode), Windows Help, etc. (I think I found how fix this but better I wait for your help).

Many error messages occured during this infection:
Trying to run I.E. when it wasnīt competely disabled yet: "Access violation al address 6CB616B7 in module 'AVGTOO 1.DLL'. Read of address 00000004".

"Generic Host Process for Win32 Services has found a problem and must close". (This one appears always at starting).
"VRT2 has found a problem and must close"
"VRT49.tmp has found a problem and must close"

Firewall blocked various VRT processes, (unknown application is trying to access Internet).
Adaware blocked VRT1...
"Ad watch live blocked the process bn1b.tmp (6336) in order to do not start in your System. The process has benn identified as Win32 TrojanDownloader Agent" (The same for bn1.tmp (1180) and bn9.tmp (660)).

Now I only have Spybot.

Well, the log is:


DDS (Ver_09-05-14.01) - NTFSx86
Run by GONZALETE ETE TETE at 1:49:51,95 on 26/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.991.530 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\GONZALETE ETE TETE\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.ar/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://avg.urlseek.vmn.net/search.php?tbn=avg&type=dns&lg=ww&q=www%2Ekaspersky%2Ecom
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\archiv~1\avg\avg8\AVGTOO~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [BitTorrent] "c:\archivos de programa\bittorrent\bittorrent.exe"
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Notify: aaabeomj - aaabeomj.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: zclrdtp - zclrdtp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gonzal~1\datosd~1\mozilla\firefox\profiles\cx4g86y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1896539&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://es-AR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-AR:official
FF - component: c:\archivos de programa\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\archivos de programa\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\documents and settings\gonzalete ete tete\datos de programa\mozilla\firefox\profiles\cx4g86y3.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFAlert.dll
FF - plugin: c:\archivos de programa\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-8 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-8 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-8 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-6 159600]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\archiv~1\avg\avg8\avgwdsvc.exe [2009-2-13 298776]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-6 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\archivos de programa\pc tools firewall plus\FWService.exe [2008-9-2 146800]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-6 95640]
R3 Ptserlv;PCTEL Serial Device Driver for VIA;c:\windows\system32\drivers\ptserlv.sys [2008-9-9 130942]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ethatbtz;ethatbtz;c:\windows\system32\drivers\ethatbtz.sys --> c:\windows\system32\drivers\ethatbtz.sys [?]
S1 ethehgnh;ethehgnh;c:\windows\system32\drivers\ethehgnh.sys --> c:\windows\system32\drivers\ethehgnh.sys [?]
S1 ethhuwpz;ethhuwpz;c:\windows\system32\drivers\ethhuwpz.sys --> c:\windows\system32\drivers\ethhuwpz.sys [?]
S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2009-3-11 34816]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2009-3-11 34816]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-7 58288]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-6 83344]
S3 pcm1394;pcm1394;c:\windows\system32\pcm1394.sys [2009-5-18 136192]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\archivos de programa\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sndintd;sndintd;c:\windows\system32\sndintd.sys [2009-5-24 2304]

=============== Created Last 30 ================

2009-05-25 21:14 1,707 a------- c:\windows\system32\49.tmp
2009-05-25 21:14 1,707 a------- c:\windows\system32\47.tmp
2009-05-25 18:24 44,032 a------- c:\windows\system32\2A.tmp
2009-05-25 18:24 40,449 a------- c:\windows\system32\reader_s.exe
2009-05-25 18:24 120 a------- c:\windows\system32\6.tmp
2009-05-25 14:25 664 a------- c:\windows\system32\d3d9caps.dat
2009-05-25 13:17 58,880 a------- c:\windows\system32\27.tmp
2009-05-25 13:17 120 a------- c:\windows\system32\1E.tmp
2009-05-25 11:53 16,896 a------- c:\windows\system32\zclrdtp.dll
2009-05-25 09:54 58,880 a------- c:\windows\system32\23.tmp
2009-05-25 09:54 44,032 a------- c:\windows\system32\22.tmp
2009-05-25 09:54 120 a------- c:\windows\system32\1D.tmp
2009-05-25 09:54 58,880 a------- c:\windows\system32\18.tmp
2009-05-25 09:54 44,032 a------- c:\windows\system32\C.tmp
2009-05-25 09:54 120 a------- c:\windows\system32\3.tmp
2009-05-24 21:17 70,144 a------- c:\windows\system32\17.tmp
2009-05-24 21:16 44,032 a------- c:\windows\system32\D.tmp
2009-05-24 21:16 120 a------- c:\windows\system32\A.tmp
2009-05-24 21:04 <DIR> --d----- c:\archivos de programa\Spybot - Search & Destroy
2009-05-24 19:46 2,304 a------- c:\windows\system32\sndintd.sys
2009-05-24 11:28 1,707 a------- c:\windows\system32\1A.tmp
2009-05-23 06:29 44,032 a------- c:\windows\system32\B.tmp
2009-05-23 06:29 120 a------- c:\windows\system32\4.tmp
2009-05-22 19:29 44,544 a------- c:\windows\services.ex_
2009-05-22 19:28 65,536 a------- c:\windows\system32\aaabeomj.dll
2009-05-22 19:28 44,544 a------- c:\windows\system32\F.tmp
2009-05-22 19:28 156 a------- c:\windows\system32\8.tmp
2009-05-22 18:32 65,536 a------- c:\windows\system32\aaabeomj.dl_
2009-05-22 01:29 120 a------- c:\windows\system32\2.tmp
2009-05-21 21:55 44,032 a------- c:\windows\system32\2C.tmp
2009-05-21 21:55 120 a------- c:\windows\system32\28.tmp
2009-05-21 21:41 44,032 a------- c:\windows\system32\29.tmp
2009-05-21 21:41 120 a------- c:\windows\system32\26.tmp
2009-05-21 21:26 <DIR> -cd-h--- c:\docume~1\alluse~1\datosd~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-21 21:19 <DIR> --d----- c:\archivos de programa\Lavasoft
2009-05-20 20:04 178,176 a------- c:\windows\system32\wtukd32.exe
2009-05-20 20:03 120 a------- c:\windows\system32\21.tmp
2009-05-20 19:59 120 a------- c:\windows\system32\E.tmp
2009-05-20 19:59 179,200 a------- c:\windows\system32\tpsaxyd.exe
2009-05-20 19:59 61,440 a------- c:\windows\system32\dpcxool64.sys
2009-05-20 18:25 1,706 a------- c:\windows\system32\1C.tmp
2009-05-20 13:06 70 a------- c:\windows\EPSON C43 Installer.ini
2009-05-20 12:33 84 a------- c:\windows\system32\9.tmp
2009-05-20 12:17 84 a------- c:\windows\system32\42.tmp
2009-05-20 01:10 563,401,216 a------- C:\Mozart,.Schumann,.Rachmaninov.(Argerich,.Economou,.Freire,.Maisky).avi
2009-05-20 01:10 <DIR> --d----- C:\Gold - Calicoba
2009-05-20 01:09 <DIR> --d----- C:\Chopin - Partituras (Scores) Obras Completas para piano en pdf
2009-05-19 21:11 120 a------- c:\windows\system32\7.tmp
2009-05-19 18:56 120 a------- c:\windows\system32\5.tmp
2009-05-19 10:20 291,840 a------- c:\windows\AV.EX_
2009-05-19 10:20 31,232 a------- c:\windows\hh.exe
2009-05-19 10:20 347,648 a------- c:\windows\IsUn040a.exe
2009-05-19 10:20 327,168 a------- c:\windows\IsUninst.exe
2009-05-19 10:20 90,624 a------- c:\windows\notepad.exe
2009-05-19 10:20 119,296 a------- c:\windows\sed.exe
2009-05-19 01:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-19 01:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 01:17 <DIR> --d----- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-05-18 20:07 120 a------- c:\windows\system32\13.tmp
2009-05-18 17:33 120 a------- c:\windows\system32\15.tmp
2009-05-18 02:10 83,344 a----r-- c:\windows\system32\drivers\k510obex.sys.bak
2009-05-18 02:10 58,288 a----r-- c:\windows\system32\drivers\k510bus.sys.bak
2009-05-18 02:09 136,192 a------- c:\windows\system32\pcm1394.sys
2009-05-18 02:01 423,936 a------- c:\windows\system32\cmd.execf
2009-05-17 21:03 <DIR> --d----- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
2009-05-16 20:00 <DIR> --d----- c:\windows\dhcp
2009-05-16 03:23 120 a------- c:\windows\system32\20.tmp
2009-05-15 22:17 120 a------- c:\windows\system32\1F.tmp
2009-05-15 21:13 120 a------- c:\windows\system32\19.tmp
2009-05-15 20:31 120 a------- c:\windows\system32\16.tmp
2009-05-15 20:22 120 a------- c:\windows\system32\12.tmp
2009-05-15 16:58 84 a------- c:\windows\system32\2F.tmp
2009-05-15 12:29 53,283 a------- c:\windows\system32\paso.el
2009-05-15 12:29 0 a------- c:\windows\ynh.dx
2009-05-15 10:19 120 a------- c:\windows\system32\10.tmp
2009-05-15 02:30 <DIR> --d----- c:\windows\system32\Kaspersky Lab
2009-05-15 02:04 120 a------- c:\windows\system32\1B.tmp
2009-05-14 19:25 <DIR> --d----- c:\windows\system32\3361
2009-05-14 19:25 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-05-14 19:24 0 a------- c:\windows\system32\14.tmp
2009-05-14 19:23 120 a------- c:\windows\system32\11.tmp
2009-05-13 03:15 <DIR> --d----- c:\windows\system32\Nueva carpeta
2009-05-13 02:26 0 a------- c:\windows\system32\76.tmp
2009-05-13 02:26 84 a------- c:\windows\system32\74.tmp
2009-05-09 14:53 <DIR> --d----- C:\DVD de Datos Clásico

==================== Find3M ====================

2009-05-24 19:46 22,016 a------- c:\windows\system32\Iasv32.dll
2009-05-19 10:26 34,816 a------- c:\windows\system32\svchost.exe
2009-05-19 10:26 78,336 a------- c:\windows\system32\spoolsv.exe
2009-05-19 10:26 106,496 a------- c:\windows\system32\pctspk.exe
2009-05-19 10:26 147,456 a------- c:\windows\system32\UAService.exe
2009-05-19 10:26 1,056,768 a------- c:\windows\Explorer.EXE
2009-05-19 10:26 192,000 a------- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-05-19 10:20 789,504 a------- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-05-19 10:20 764,928 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-05-19 10:20 120,320 a------- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-05-19 10:20 171,520 a------- c:\windows\pchealth\uploadlb\binaries\uploadm.exe
2009-05-19 10:20 55,808 a------- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-05-19 10:20 38,912 a------- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-05-15 22:14 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-15 22:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-15 22:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-13 02:33 182,656 ac------ c:\windows\system32\drivers\ndis.sys
2009-04-25 19:48 458,402 ac------ c:\windows\system32\perfh00A.dat
2009-04-25 19:48 78,556 ac------ c:\windows\system32\perfc00A.dat
2009-03-28 00:25 86,327 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 16:23 410,984 ac------ c:\windows\system32\deploytk.dll

============= FINISH: 1:51:41,19 ===============

With Regards, Elpianista.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 26 May 2009 - 01:40 PM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 02 June 2009 - 03:34 PM

Hello miekiemoes:
Thanks for answer me and excuse my delay. The reason for that is: a week ago the PC couldnīt start anymore, so Iīm trying to get a boot disk for my Windows XP SP3. (I donīt remember if I have Professional or Home Edition) Iīm searching the Installer for Windows XP SP3 too.

About the behavior of the Virus; some Installers seem to be well, because I execute them and appears the windows prompt, everything normal (I think). But I have programs inside Winzip, for example a Installer with 6 files (txt, keygen, etc.). And next to this the extracted 6 files, but when I look better I see only 4 files. Why? Because AVG previously remove them. So, I extract the files again and again AVG remove them. Some Installers like ATF Cleaner were removed.
Anyway I can forget them.

But I wish to preserve my ".htm" and ".html" files, so I appreciate if you can explain me how to clean this files or remove the script. I read your Blog but I canīt go to the links inside it, because the virus blocked most of Antivirus Sites. If you can copy and paste, better. Anyway I have friends.

The last thing is the rar and zip with music, may be ".ape" or ".flac" with a ".cue", or some text. Should I record them or extract them and record?
Can I trust WinZip? Because WinRar was removed by AVG.

Thankyou and Regards, Elpianista.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 02 June 2009 - 03:52 PM

Hi,

Not sure if you have read my blogpost about Virut, but a format and reinstall is the only option I recommend. This has nothing to do with installers only. This is about every exe file. It doesn't mean because the files run that it's not infected.
I really can't help/guide you if you attempt to clean this up manually, because it's a real waste of time. :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 07 June 2009 - 05:39 PM

Hello miekiemoes:
Sorry again, I write when I can. I am learning how to use the Boot disk, now I have Internet access.

I have read your blog after your first post, but may be I could not express myself very well.

I am convinced about format and reinstall (I never did it). But before format: I want to save some files, so, having in mind your list (.exe/.scr/.htm/.html/.xml/
.zip/.rar) many questions emerge.

1) I would remove the iframe script from the .htm and .html if it is relatively easy as you say in the Blog, or do not take much time. This is a waste of time?

2) About the WinZip and WinRar files: if they have music or books, could I decompress the files and then backup?

P.S.: You are pretty.

With regards, Elpianista.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 08 June 2009 - 02:00 AM

Hi,

Yes, you can desinfect the html/htm/asp files manually. Make sure you don't launch them, so rightclick and edit before launching them.
For the rar/zip files, if they contain music and books, then there's nothing to worry about :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 08 June 2009 - 01:54 PM

Hi miekiemoes:

Thans for the information about the Rar/Zip files, is a relief.

About the html/htm/asp, can you explain me how to desinfect step by step or give a link?

With regards, Elpianista.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 08 June 2009 - 01:59 PM

About the html/htm/asp, can you explain me how to desinfect step by step or give a link?

Are you a webdesigner?
I cannot tell you what code it has injected on your htm/html/asp pages - IF it has infected them - but you can find out if you rightclick the file, select to edit in notepad and delete all iframe references in it that you didn't add.
In case you're not a webdesigner and don't need the hml files - I suggest not to backup the infected webpages, because it's better to take no risks.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Elpianista

Elpianista
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 09 June 2009 - 06:53 PM

Hi miekiemoes:

Your are right, is better to take no risks. Video files (mpeg, avi, asf, etc.) are safe?

Thanks, Elpianista.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 10 June 2009 - 02:03 AM

Hi,

Yes, video files are safe. :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:57 AM

Posted 15 June 2009 - 10:53 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users