Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Im almost clear, I think

  • This topic is locked This topic is locked
2 replies to this topic

#1 DonV


  • Members
  • 1 posts
  • Local time:10:04 AM

Posted 10 August 2009 - 12:43 PM

Well this has been a treat, I was on my favorite Wiki site and some how I managed to catch a nasty bug. It started as a request by acrobat to access the internet, then a windows update, then a random_name.tmp. I okay-ed everything but the tmp which was a mistake because something had snuck in already.

At first I contacted Symantec and paid them some money for new definitions, however that was a complete waist of time, and the information on this website seems to be the most useful. So far I have removed by hand SystemSecurity, some thing similar called AdvancedVirusDefense and SDRA64.exe, that allowed me to install antivirus again. Housecall, found a bunch of virus for me, and then I installed SuperAntiSpyware, which has found quite a few trojans and variations of system securty. now everything I run tells me I'm clean. however I am still noticing aberrant behavior.

symptoms list.

MaulwareBytes, has not been able to run since I got it to install, it crash's (error code 5) in the first few seconds of a scan, usually i see a system dll, relating to zip folders as the current scan file.(some times it doesn't even start listing files before crash tho)

Windows Genuine advantage is claiming I'm not activated any more, I thought this might be cuebot-k, but I don't have any of the known cuebot-k files or reg entries. Also the computer is a factory built workstation and the hardware has not changed since day one, its 2yrs old now.

Firefox redirects to random shopping and anti virus websites.

once since the first clean bill of health I have been locked out of taskmgr, however smitfraudfix.exe was able to kill whatever process did it and supperantispyware, found a new virus and removed it.

I haven't tried today yet, however since first infection I can not boot into safemode, as it will cause a bluescreen.

Previously one of the virus's made a new admin user account which blocked me from taking normal action, and made a lot of web tutorials on removal useless. luckily I was able to make my own new admin account which was what let me get my computer back under control. but I haven't seen any mention of that function in the virus's I have found and deleted.

Well if anyone can detect any signs of a name or anything for me to research I'd sure appreciate it. I've tried googling my tasklist services to hunt down a possible virus, and also I've been combing through hijackthis reports, but I can't come up with anything.

I uploaded both hijackthis and dds repots.

Attached Files

BC AdBot (Login to Remove)


#2 DocSatan


    Bleepin' Wanna-Be

  • Members
  • 2,156 posts
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:11:04 AM

Posted 21 August 2009 - 07:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,111 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:04 AM

Posted 27 August 2009 - 09:06 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users