Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected with Fast Antivirus, and rogue related.


  • This topic is locked This topic is locked
9 replies to this topic

#1 offspringaddict

offspringaddict

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 June 2009 - 11:35 AM

Hello, okay so last night i was surfing on the web, and i must have accidently clicked this site and all of a sudden all these windows start popping up saying i have very negative scorings of viruses, and right away i try denying them because im expierianced enough with computers, i knew right away it was a scam. But! It wouldn't let me get out of it, so now its stuck on my computer, my icons flash and reload every 10 seconds, i try to get on the internet and it just smashes it away real fast, then there is this warning that comes up and it says "how many" viruses i have and if you accept it, it wants you to pay. Of course I dont pay cuz i know better, but then it just removes all yoru stuff off yoru screen but your background, and it takes off everything. I have tried Norton; Spyware Doctor; and malwarebytes. Malwarebytes seemed to work at first it said it got rid of the rogue roaming infections but it wants me to restart it, so i restart it then again its on my desktop. Fast Antivirus 2009, thats what it is called. So basically, i've tried everything. Ive ran very many scans to fix it, and my computer used to run PERFECT before this. Ive gotten a lot viruses off of it with norton and all that. But it dosent make a difference. I tried everything to get rid of the program and it says its gone but it still runs the same way. then if i restart it, it comes back!! pleeeeeease, i ask you. Please give me some help, this is my work this computer. Please as fast as you can get to me.
Thank you, and if so is there any way to find the people who made this and get them in trouble? cuz i think it is VERY unacceptable that they could do this.
Thank you for your consideration, hope to be hearing from you soon.
I thank you again!!!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Laura at 8:38:21.44 on Fri 06/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.445.64 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\ProgramData\58b4a17\EX58b4.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Laura\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5082
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.134\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.134\coIEPlg.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [cdloader] "c:\users\laura\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_SE119.tmp" /EF "HKCU"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Fast Antivirus 2009] "c:\programdata\58b4a17\EX58b4.exe" /s /d
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.134\CoIEPlg.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-19 08:06 61,440 a------- c:\windows\system32\drivers\qrwikef.sys
2009-06-19 03:41 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys.old
2009-06-19 03:01 <DIR> --d----- c:\users\laura\appdata\roaming\Malwarebytes
2009-06-19 02:59 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 02:59 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-19 02:59 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-19 02:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-19 02:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 00:47 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-19 00:46 <DIR> --d----- c:\programdata\PC Tools
2009-06-19 00:46 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-19 00:46 <DIR> --d----- c:\progra~2\PC Tools
2009-06-18 23:07 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-18 23:07 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-18 23:07 <DIR> --d----- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-18 23:07 <DIR> --d----- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-18 23:06 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-06-18 23:03 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-18 23:03 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-18 23:03 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-18 23:03 <DIR> --d----- c:\program files\Symantec
2009-06-18 23:03 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-18 22:59 <DIR> --d----- c:\windows\system32\drivers\N360
2009-06-18 22:59 <DIR> --d----- c:\programdata\Symantec
2009-06-18 22:59 <DIR> --d----- c:\program files\Norton 360
2009-06-18 22:59 <DIR> --d----- c:\progra~2\Symantec
2009-06-18 22:59 <DIR> --d----- c:\programdata\Norton
2009-06-18 22:59 <DIR> --d----- c:\progra~2\Norton
2009-06-18 22:56 <DIR> --d----- c:\programdata\NortonInstaller
2009-06-18 22:56 <DIR> --d----- c:\program files\NortonInstaller
2009-06-18 22:56 <DIR> --d----- c:\progra~2\NortonInstaller
2009-06-18 21:40 <DIR> --dsh--- c:\programdata\SysFld
2009-06-18 21:40 <DIR> --dsh--- c:\progra~2\SysFld
2009-06-18 21:38 <DIR> --dsh--- c:\programdata\58b4a17
2009-06-18 21:38 <DIR> --dsh--- c:\progra~2\58b4a17
2009-06-18 21:15 <DIR> --d----- c:\programdata\Google Updater
2009-06-11 20:35 <DIR> --d----- c:\programdata\Electronic Arts
2009-06-11 20:35 <DIR> --d----- c:\progra~2\Electronic Arts
2009-06-11 20:16 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-11 20:16 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-06-01 13:42 96,704,698 a------- c:\windows\MEMORY.DMP

==================== Find3M ====================

2009-06-19 08:06 1,284 a------- c:\program files\ylise.txt
2009-06-18 23:05 51,200 a------- c:\windows\inf\infpub.dat
2009-06-18 23:05 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-18 23:05 86,016 a------- c:\windows\inf\infstor.dat
2009-06-01 18:36 3,534 a------- c:\users\laura\appdata\roaming\wklnhst.dat
2009-04-24 09:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 09:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 06:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-10-10 03:35 174 a--sh--- c:\program files\desktop.ini
2008-10-10 03:20 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-22 16:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-22 16:44 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-22 16:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-05-14 13:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007051420070515\index.dat
2008-05-27 19:06 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-05-27 19:06 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-05-27 19:06 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 9:00:28.76 ===============

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 19 June 2009 - 01:04 PM

Hi offspringaddict,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 23 June 2009 - 03:56 PM

Are you still there?

#4 offspringaddict

offspringaddict
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 25 June 2009 - 11:27 PM

I am on a different computer right now. My computer that i ran that combo fix on,
it didnt work. All it did was change my backround, but it was strange cuz
when i was running it through the fix, it said it deleted the virus. I read exactly what it was
and when it was done it didnt delete it.
So i am not quite sure to do with it now. i am thinking of buying a flash drive and just
putting all my stuff on it.
I am really upset about this, my computer ran perfect before this.
Is there any other ways to kill the virus?




Are you still there?



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 26 June 2009 - 04:54 AM

A possible solution is to take the computer to a local computer shop and get it fixed.

#6 offspringaddict

offspringaddict
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 26 June 2009 - 08:53 PM

Yeah, I know I would.
But im afraid i dont have the money,
is there any ways that i can reboot my computer without loosing my stuff?
and if i were to buy a flash drive ( a big one) would i be able to put all my stuff on it
without getting the virus in it; after that would i be able to restore my computer take everything
off then put my flash drive stuff on it?




A possible solution is to take the computer to a local computer shop and get it fixed.



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 27 June 2009 - 04:12 AM

Seems this is all new to you. You might need someone to do this for you.

#8 offspringaddict

offspringaddict
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 29 June 2009 - 11:05 PM

Yeah i have never had a virus. Its a first for me. Im good at just other things on
the computer but for viruses and broken computers. I dont know much.
I think im just gonna have my brothers do it.


Seems this is all new to you. You might need someone to do this for you.



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 30 June 2009 - 12:53 AM

Im good at just other things on
the computer but for viruses and broken computers.

Why didn't you posted the ComboFix log and go on with the topic you started? The people who ask assistance here don't know much about viruses, but they provide the log and information to the trained helpers and stick to the topic until they resolve the issue. They might learn something for the future too.

I think im just gonna have my brothers do it.

In case your brothers need my assistance please let them post the log ComboFix created and I will help them remove the malware.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:58 AM

Posted 03 July 2009 - 11:19 AM

This thread will now.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users