Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help in removing worm


  • Please log in to reply
1 reply to this topic

#1 conall88

conall88

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 23 June 2009 - 11:59 AM

Hello everyone,

Ive been trying to help a neighbour remove a worm from his machine. The problem began after a web browsing session by his son. The sites in question did not seem to be malicious, however the popups did. I think he has a worm of some sort, which may have damaged mscvrt.dll which I believe is a redistributable app DLL. This has caused the following problems:

All programs suffer from an error (and the error report popup), errors reports point to the relevent program, or to mscvrt.dll
these problems do not occur in safe mode


msconfig had one of the worm files ( a randomly generated name.exe) in a cache in %APPDATA% /GOOGLE/temp

while this was deleted , the problems have persisted, leading me to believe there are other copies elsewhere.

Whats the best way to:

a) identify the worm
:thumbsup: remove it?



machine has AVG 7.5 on it ( I had 8.5 on hand but cannot update because of the worm).
machine has spybot (latest) installed.
xp sp2


is it worth my while getting HJT and getting a log? are there any diagnostic tools which would be of use for finding the worm? ( avg can't find a thing, and the registry seems clean)

help would be great as there is important information on said machine.

Edited by Pandy, 23 June 2009 - 12:55 PM.
Moved from Win XP Home and Pro ~Pandy


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:13 PM

Posted 24 June 2009 - 10:06 PM

Hello and :thumbsup: to Bleepingcomputer.

Let's see if we can find out what we're dealing with here.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include the following:
Malwarebytes log

Edited by Blade Zephon, 24 June 2009 - 10:33 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users