Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Advanced Antivirus 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 aljohri

aljohri

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 08 July 2009 - 03:32 PM

Hi, I've had this virus for two days now and I have attempted a number of fixes which have all given the semblance of a virus free computer; however, the problem arises once again upon restart. After the last few fixes I've applied, I believe that nothing else is wrong with my computer but if someone could double check my DDS log it would be very kind of them. Also, if anyone has a link or some information as to where I can learn how to recognize/analyze the logs created by these programs it would be great.

As I stated before, I've used a number of programs to diagnosis this issue and I'll list what I remember below:
  • Malwarebytes' Anti-Malware - Fixed numerous spyware/adware issues and usually left one file, "winupdate.exe" for deletion upon restart or something to that effect.
  • SpyHunter - Removed Trojan.Vundo and then did not detect any other viruses even though they were obtrusively visible as my desktop was locked etc.
  • CleanUp! - I read this program might help in this forum I believe. I'm not sure if it did but it cleared up 1 gig of space on my computer
  • Spyware Doctor - This program worked just as well as Malwarebytes and the one persisting file that it did not delete was "winupdate.exe."
  • DelDomains.inf - After this problem persisted for a day, I tried to access certain websites and was surprised to find it say "Restricted Site" , "Your system is infected. Please activate your antivirus software." I tried to use this inf file to fix it but it did not work.
  • Spyware Blaster - I believe this program was more for prevention than actual virus removal. It did not have any direct affect.
  • SmitfraudFix - Fixed the problem with the "Restricted Site". I performed all the operations I found.
  • Silent Runners.vbs - I actually have no idea what this does/did.
  • AboutBuster - Read about it in some forum. It scanned my computer for viruses and found absolutely nothing
*Note I may have performed these scans after using Malware/SpyHunter so the virus could still be hidden on the computer? I am hoping the DDS/HiJackThis/SilentRunners/Malwarebytes' Logs that I am attaching will tell you if there are any hidden processes which will bring the virus back upon restart.

The logs attached have been taken AFTER these scans/fixes have been applied where my desktop, taskbar, and internet are all intact -> thus, the semblance of a fixed computer. To my remembrance, I have restarted this computer several times and have seen that the virus reappars HOWEVER the last time I restarted the computer, I do not think that any issues arose but I still would like you to double check the logs.

EDIT: At 5:04 on July 7th 2009, I re-performed the Spyware Doctor scan and it came up with one result, "winupdate.exe" so the problem still does exist.
(I am not sure if it removed the file and if it did whether it will come up again at restart because it stated Infections Found: 1, Infections Removed: 1, Infections Ignored: 1. <- not exactly sure what that means..)

Attached Files


Edited by aljohri, 08 July 2009 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 09 July 2009 - 02:03 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 20 July 2009 - 04:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users