Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

serious problem..help!!


  • Please log in to reply
7 replies to this topic

#1 Maria260390

Maria260390

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Athens, Greece
  • Local time:06:00 PM

Posted 23 June 2009 - 02:01 AM

I believe my computer is at risk + I definately need your help, because I've never faced such a problem in the past...
here it goes:

I have an AVG anti-virus program..
The other day I stumbled on a web-page (apparently full of viruses) and ever since it's been sending me alerts:

Multiple threat detection

File_________________________Infection________________________Result
C:\Windows\msa.exe__________Trojan horse Generic13.BLMW______Infected

(previous line repeated about 20-30 times)

when I run the AVG scan, there is no problem with the results..
but these alerts keep popping up and when I press "remove all unhealed infections" another window opens :
"Do you want to force the threat removal?
Forced removal can cause system unstability or even crash"
and when I press YES there comes a third window: "some files cannot be healed-the action was interrupted by user"

I am in deep s_ _ t...that's an understatement...could you please help me fix (not exactly) my (but more like my father's) PC (before he kills me)??? what can I do to salvage it??? :thumbsup:

Edited by Maria260390, 23 June 2009 - 02:14 AM.


BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:00 AM

Posted 23 June 2009 - 04:29 AM

If you can, download Malwarebytes from

Malwarebytes.org

Update it, then run a quick scan with it and copy the results and paste them into a post here

#3 Maria260390

Maria260390
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Athens, Greece
  • Local time:06:00 PM

Posted 23 June 2009 - 07:32 PM

I believe this is what you asked me for:


Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

6/24/2009 3:30:46 AM
mbam-log-2009-06-24 (03-30-46).txt

Scan type: Quick Scan
Objects scanned: 87037
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\Users\Maria\AppData\Roaming\Zango (Adware.Zango) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:00 AM

Posted 23 June 2009 - 08:34 PM

Did that make the computer run better?

I do not see anything in that log that, to the best of my knowledge, would explain those symptoms.

I am hoping that a staff member will come along soon and give you more help.

In the meantime, if the computer is not running better, you could download SuperAntiSpyware, update it and run a scan with it and post those results here. It can be downloaded from...

SuperAnitSpyware.com

That scan can take quite a while so before you run it, please post whether or not the computer is running any better, or worse, or no change. If worse, please describe the new problems.

Edited by Stang777, 23 June 2009 - 08:35 PM.


#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:00 AM

Posted 23 June 2009 - 08:57 PM

Let's see what they say in response to your last question.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 Maria260390

Maria260390
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Athens, Greece
  • Local time:06:00 PM

Posted 24 June 2009 - 02:01 PM

well.. although I'm not the perfect judge of it, there haven't been any alerts today + this must be a good sign..

actually I ran the scan twice.. after the first one there were many more threats, but I pressed "clear" + most of them were supposedly deleted.. including the Trojan horses that AVG couldn't erase..
on the second time that I ran the test, I copied the result-log + pasted it above..apparently Trojans are nowhere to be seen..

I'm still afraid, though, that the threat ain't over yet, because I know Trojans are not so easy to get rid of..

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:00 AM

Posted 24 June 2009 - 02:14 PM

I am glad it is running better, as in, having no alerts. I wish you had posted that first log instead of the one you did though, as that was the one we needed to see. Knowing that there were other things including trojans does help as that does explain the symptoms better.

You should still have that first log in the section of Malwarebytes titled something like logs and you could still post that. I would like to see that first log and just to make sure all is well, I would also like to see a log from SuperAntiSpyware. If you run that program, post the log from the first scan you run.

I won't be able to check back until late tonight but maybe someone else will pop up with other ways to make sure all damage is gone before then.

Edited by Stang777, 24 June 2009 - 02:17 PM.


#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:00 AM

Posted 24 June 2009 - 03:32 PM

well.. although I'm not the perfect judge of it, there haven't been any alerts today + this must be a good sign..

actually I ran the scan twice.. after the first one there were many more threats, but I pressed "clear" + most of them were supposedly deleted.. including the Trojan horses that AVG couldn't erase..
on the second time that I ran the test, I copied the result-log + pasted it above..apparently Trojans are nowhere to be seen..

I'm still afraid, though, that the threat ain't over yet, because I know Trojans are not so easy to get rid of..



Ok, let's do the following:


Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



When you have did that then open MBAM and update it. Run it again and let's see the latest log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users