Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OMG crazy virus/malware stuff


  • Please log in to reply
5 replies to this topic

#1 moliwo

moliwo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 23 July 2009 - 12:44 PM

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ESMSHII1\jiansheng[1].exe (Trojan.Proxy) -> No action taken.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\ESMSHII1\wow[1].exe (Trojan.GamesThief) -> No action taken.

like, malwarebytes scans dont remove these, ummmm, what do i do? i tried avg first, then malwarebytes, and now im holding at gmer. i'm lost.

Someone please help!

Edited by Pandy, 23 July 2009 - 01:37 PM.
Moved from Breaking Virus & Security News


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:53 PM

Posted 23 July 2009 - 02:50 PM

Please try running malwarebytes using these directions...

On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 moliwo

moliwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 23 July 2009 - 08:44 PM

Thanks so much Rigel, but your reply came too late!
I have already completed it by logging into safe-mode and doing it from there-I did this based on other posts that I have seen pertaining to these trojans and malwares.

Thanks a bajillion,
Moliwo

#4 moliwo

moliwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 23 July 2009 - 08:48 PM

Oh, and by the way, I used combofix, and then I logged in as normal, out of safe-mode, and I clicked on some .exe-which I don't remember what it was, and it deployed yet another trojan on my computer. Logged in to safe mode, Malwarebytes antimalwaredized that little babe, and it was eradicated after computer restart.

Thanks!

#5 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:53 PM

Posted 23 July 2009 - 09:20 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Choosing a security protection toolkit is a matter of personal preference, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular combination that works well for one person may not work as well for another. You may need to experiment and find the ones most suitable for your use.

The three programs you have running are all good, although I have heard that Spyware Doctor has become resource heavy. However, you probably have other programs and services set to run at startup and some of them may not be needed.

Read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Safe surfing!

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#6 moliwo

moliwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 23 July 2009 - 09:26 PM

Well generally, I like Avast most-more because it seems like it does something (and it looks slick)-however, most people say that AVG is for some reason the best... And I think I'm just going to backup and reformat with a new fresh and clean windows install.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users