Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus messing up my internet connection


  • Please log in to reply
28 replies to this topic

#1 carsrus

carsrus

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 03 July 2009 - 12:57 PM

I think i have a virus that is limiting my internet connectivity. it started out in mozilla as "proxy refused to connect", so someone helped me fix that, now it is saying "connection interrupted" and "connection has been reset". i can see it connecting to the site but its not letting me go all the way. The thing is, i am in safe mode because i have another virus thats telling me i need to register windows and that it has been activated by another user when i start normally, so i have no choice but to run in safe mode. Also, when i try to turn my phishing filter on, it is grey and wont let me turn it on. i have downloaded some antivirus softare like avira and avast but it wont let me download the files because it says im behind a firewall or something. so spyware terminator is my primary antivirus, but it wont connect to get the updates so it is a couple of months out of date. So i need some serious help.

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2009 - 05:07 AM

Hi,

Let's take a look.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

#3 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 July 2009 - 09:17 PM

ok i downloaded it and tried to run it but it wouldnt let me open it to install it. but i did run a quick scan with spyware terminator and restarted normally, it seemed to help a little. i didnt have to reconnect but a few times. but it still says "connection has been reset" a lot, and in normal windows mode, i still cant get in and it gives me a message saying"code oxoobd0683 couldnt be referenced and couldnt be written" or something like that. so what do i do now that malwarebytes wont install?

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 08 July 2009 - 02:43 AM

Hi,

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.


Let me know if this works.

#5 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 09 July 2009 - 09:49 PM

wow thanks a lot for the info, i did all of that and after it was done, started windows normally and it didnt show the error message. started great, but it wouldnt let me surf and webpages, it said server not found and not a valid address and the like, so i restarted in safe mode again and it is working in safe mode. im not sure if you want me to post what was found though, 2217 infected. so im going to post the top part and if you want the rest then i will post it, but its going to take up a lot of space here.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

7/9/2009 10:38:28 PM
mbam-log-2009-07-09 (22-38-27).txt

Scan type: Quick Scan
Objects scanned: 96132
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 25
Registry Data Items Infected: 14
Folders Infected: 6
Files Infected: 2217


oh and now the system protection thing is popping up again wanting me to install the software, is this normal?

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 10 July 2009 - 02:57 AM

Hi,

That can be normal.
Please, do a new, full scan with MBAM, and post the logfile.
Remove everything found.

#7 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 10 July 2009 - 09:39 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

7/10/2009 10:25:16 PM
mbam-log-2009-07-10 (22-25-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 154330
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Infected: 5
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 12
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 34

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\91456866\91456866.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\HP_Owner\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\temp\wpv271245771011.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\smss.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11446874 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\91456866 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4 (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Heuristics.Reserved.Word.Exploit) -> Data: c:\windows\system32\drivers\smss.exe -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\11446874 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\91456866 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\11446874\11446874.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\11446874\11446874.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\91456866\91456866.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\local settings\Temp\911.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\local settings\Temp\~TM16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\local settings\Temp\~TM71.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\local settings\temporary internet files\Content.IE5\P1LUR5WY\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\start menu\Programs\Startup\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8f7a5040-9305-4bda-a5ee-e7ee68e6a93b}\RP42\A0021683.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\24OXGMJJ\click[1].jpg (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\24OXGMJJ\mal[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\c6i0nitll0.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\wpv271245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\wpv521246736802.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\wpv791245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.


when i start windows normally now, it says "data execution prevention" and doesnt load anything at all on the screen. and in safe mode, the system protection popup is still driving me crazy

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 11 July 2009 - 03:28 AM

Hi,

Please do this is Safe Mode with network:

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#9 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 July 2009 - 10:00 PM

i cannot load this page, it wouldnt even let me load this site when i wasnt infected. are there any alternatives?

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2009 - 07:27 AM

Hi,

Yes try this online scanner please: http://www.bitdefender.com/scan8/ie.html
Post the results here. :thumbsup:

#11 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 13 July 2009 - 05:09 PM

no go on that one either. i dont know why i cant go to online scanners

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 July 2009 - 04:29 AM

Hi,

Please do a Quick Scan with MBAM, and post the results. :thumbsup:

#13 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 July 2009 - 01:03 PM

ok well i would like to be able to do that, but i did a scan with avg and restarted. now it wants to install something on my computer on startup, has a desktop screen saver that started appearing, has a black screen that pops up and says
access denied
access denied
access denied
deleted my browsers so i cant get on the internet, will not start in safe mode now, and has a blue screen that comes up a minute after startup and starts dumping my physical memory. the other thing is that i dont have a windows xp disk to install windows back on with.

I think that it might be time for more drastic measures. Would it be better to upgrade my computer? build a brand new one? or get a laptop? the thing is that i would like to have quality parts by building or upgrading, but i would like to save energy too like a laptop does. any ideas?

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 July 2009 - 01:10 PM

Hi,

I think it's the best to reinstall your computer, yes. This is too much, and I can't promise/say your system will be running good again after removal (if we can remove it...).
You don't have to buy a new computer, you only have to reinstall it. But if you want a new computer, then this is the time to buy it.

I'm sorry I have to say it. :thumbsup:

#15 carsrus

carsrus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 14 July 2009 - 09:56 PM

where would i start? replacing the hard drive?

Edited by carsrus, 14 July 2009 - 09:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users