Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing virus


  • Please log in to reply
4 replies to this topic

#1 Jerry_03

Jerry_03

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 28 May 2009 - 08:50 PM

Trying to help my brother remove a virus from his computer. He got it by downloading a program that ended up containing a trojan horse virus. He is using Windows XP Home Ed.

Symptoms of the virus includes not being able to access some AV sites. Mostly the free ones like AVG, Avast and NOD32 (i can however access the ones that arnt free like Norton and McAfee). As a result i cant update the definitions on AVG free. also theres some "pop-ups". its attempting to use IE (My brother uses Firefox) to show pop-ups but these errors are being shown instead:

Posted Image

When the IE popup script errors came on screen i checked task manager and the following processes was the virus running in the background:

msb.exe and 17067.exe

by ending it in task manager the popup script errors went away but they would return every 30 minutes or so. also the 17067.exe process tookup a lot of memory usage, around 200,000 K.

I ran a AVG scan and found out the name of the virus is Trojan horse Downloader.Generic8.APEH. I typed the name of the virus in google to find some solutions to removing it and couldn't really find anything useful.

I used AVG to move it virus vault and delete it but apparently it didnt work cause its still having the symptoms like not being able to access the AV sites and the popup scripts errors.

However AVG did show the location of where the virus had been installed to and i went to that directory:

C:\Documents and Settings\Username\Local Settings\Temp

i found these files here and deleted it:

Posted Image

Im still getting the virus symptoms but when the pop-up script occurs there is no 17067.exe in the task manager, just the msb.exe. as before ending it closes the popup script error box but it shows up again every 30 mins.

if anyone knows of a solution or program that i can use to remove the virus then it would be greatly appreciated. Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 AM

Posted 28 May 2009 - 11:18 PM

Hello, Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll

****

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

***
Try this random renamer for MBAM
http://kixhelp.com/wr/files/mb/randmbam.exe
****
Try using a System Retore Point prior to the date of infection. You may be able to update and run MBam. Note this did not remove the malware.
Windows XP System Restore Guide
>>>>>>>>>>>>>>>>>>

Now run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 compternoob

compternoob

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 28 May 2009 - 11:32 PM

Hello Jerry_03... well I'm going to give some pointers even though I am a complete noob at computers but it's alright I'll try my best =] Sorry for the grammar mistakes or the mispelled things I'm only 15 ;)
Okay... so let's see first off NEVER USE COMBOFIX!!! unless you are with a supervisor that acctually knows what s/he is doing...
next I'm going to suggest MalwareBytes google it it is a very useful program to use especially for detecting malware/adware/spyware. There is also AVG anti virus those are all free, scan with AVG.
The last one is Dr web google that aswell and download this thing called drweb and 500 something and scan your whole computer with it and then tell me hows it going I prefer private messages.
Well good luck! hope this helps.

#4 Jerry_03

Jerry_03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 30 May 2009 - 12:31 AM

thanks for the replies. i ran both malwarebytes and spybot search and destroy. either one of them removed the virus. thanks again.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 AM

Posted 30 May 2009 - 10:56 AM

Hi Jerry..
either one of them removed the virus
just want to be sure that it is gone..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users