Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo & PlatinumAdvertiser can't be removed


  • This topic is locked This topic is locked
3 replies to this topic

#1 kittikatt

kittikatt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:03:49 PM

Posted 20 August 2009 - 01:09 PM

Hi Folks,

I'm praying someone might be able to assist me, I've been
working on this for two weeks now, and it's worse not
better. I've encountered issues in past and now know

enough to be dangerous and make it worse... LOL That's the

last thing I want to do...

My System:
Windows XP PRO SPK2 (can't get SPK3 to install - fails)
Partitioned HD on MacBook Pro (nothing going on with MAC
side of system)

Using Kaspersky Anti-Virus 2010


Symptoms:

1. system freezes and on re-boot to normal and safe mode I
receive white screen with fuschia (yep, fuschia) squiggle
lines then they were there if and when windows would boot,
or if the screen is black (like in safe mode)
they're a neon green. - Believe this may have to do with a
an issue coming up as...

PlatinumAdvertiser: Bookmark (Firefox:Sunny (default))
index.asp (http://reversephonesite.com/index.asp?revid=andrewheil&gid=1060417256&ovid=none&sub=reversephones_com&bid=&domain=)

NOTE: Spybot S&D is the only one that locates this file. Yet it can't remove it.
So also tried Live Chat with Mozilla Firefox - they had no clue or advise, as you can't locate it within the bookmarks on Firefox either...

2. Trojan.Vundo - located by Malware-bytes

3. Quick question... Found something called PROR do I need
this or can I uninstall it? Googled and not really finding
any applicable answers...

4. I notice I have a back up folder in my C Drive that
says MYCYCLE which is were it appears a lot of serious
vulnerabilities are registering with Kaspersky but not
sure what to do with this folder. Whether its my actual
back up or if it's something I can get remove with Secure
File Shredding. - Please advise...

-------------------------------------------------------

Previous Programs Ran to try to resolve the issues &

created Logs:
SuperAntispyware - Free Edition
ad-Aware
CCleaner
Sbyboot S&D
Malwarebytes
Trojan Remover
smithfaudfix
RootRepeal
MGtools
DDS.scr
Added & Installed Recovery Console


----------------------------------------------------------
In following the steps this is what I was able to accomplish while logged onto Safe Mode with Networking...
(Normal Mode would only freeZe - not to mention the fuschia squiggles on the screen, even at re-boot, the
usual white screen had the fuchia squiggles, though I found that this would be lime green ones in Safe Mode - it
comes and goes...)


Step 1.
Emptying Kaspersky Quarantine Files:
This is where I noticed I have a back up folder in my C

Drive that says MYCYCLE which is were it appears a lot of
serious vulnerabilities are registering with Kaspersky but
not sure what to do with this folder. Whether its my
actual back up or if it's something I can get remove with
Secure File Shredding. - Please advise...

for Kaspersky 2009 on Windows XP:
C:\Documents and Settings\All Users\Application

Data\Kaspersky Lab\AVP8\QB
and did a secure shred of these 14 files.

Step 2.
Ran CC Cleaner:
CLEANING COMPLETE - (1512.464 secs)
57.1 MB removed.

Now attempting to re-boot into normal mode to continue...
Was able to reboot in normal mode:

Step 4.
Uninstalled all other software that I no longer needed or
wanted.

Quick question... This is where I found something called
PROR do I need this or can I uninstall it? Googled and not
really finding any applicable answers. TY

Step 5.

1. Disabled Spybot S&D Teatimer - then rebooted
At 1st re-boot Windows opened Windows XP Professional
Setup, which had not displayed before and had to re-boot
again and select Windows XP Professional to boot into.
Another Note: Recovery Console no longer appears, though I
previously installed.

Once properly re-booted, Adobe Updater immediately started
to run wanting to install updates - which all failed
(again - haven't been able to update)
Then received the error: Adobe Set Up Encountered a
Problem and needs to Close. Report to Microsoft...
Another Update for Microsoft appeared (not service pack 3)
but for Windows Defender - not sure whether that update
completed successfully, it disappeared from the task bar.

So back to Windows XP Cleaning...

Step 1. Download Tools:

SuperAntispyware - Free Edition
Malwarebytes Anti-Malwared
RootRepeal
MGTools: saved to c:/

Step 2: Installing Tools and Running Scans

SUPERAntiSpyware: have log

After running superantispyware for almost an hour after
following all installation and configuration instructions
it located two trojans (unknown locations) and the fuschia
distortion started again and then the system completely
froze.

Also, Mozilla had an error message that appeared very
briefly that stated that there was an error with
0x00012dde8

Hard shutdown and reboot completed and following the next
set of instructions to try and re-scan to get a log... but
noticed that my clock had been changed on my task bar to
military time. Not a good sign...

It found a trojan - but not the one that
Spybot S&D had found. So unfortunately, after the reboot -
the system froze when trying to get the log(s); the
fucshia came back to the screen again and froze the
system, so another hard shutdown and reboot into Safe Mode
to try and get the log for superantispyware, but already
know that the main issue on my system isn't resolved...

----------------------------------------------------------
Now on to Malwarebytes - have log

In Safe Mode Successfully installed and updated. (I'm stuck in Safe Mode at this point)
Going to attempt to reboot into normal mode and run the scan.

Successfully was able to run malwarebytes and it found 1 more trojan, Trojan.Vundo

---------------------------------------------------------

After re-boot the system immediately went into Windows Pro Startup - not Windows XP Professional
so had to do second re-boot to select this...

This has not been on my system previously, the Startup setting is new and what the system is
trying to automatically re-boot into each time I have to boot.

MGTools: Ran fine - have log

Ad-Aware: Ran fine - have log

DDs: Ran fine - have logs

RootRepeal: Ran fine - have logs

Re-Ran Spybot S&D again to see if it still picks up having PlatinumAdvertiser...
It does, among other things still... I have the log...

Any assistance to remove all of this stuff and figure out
what MYCYCLE & PROR are and whether I can remove all of
that too would be a massive life saver so I could get back
to work.

Thank you so much for all of you who volunteer your time and expertise in advance...


Morning,

Hi,

Really needing some assistance as I was online and opened a live chat that was web based for chatting on Bleeping Computer that uses Java and all of a sudden the fuschia squigglies came back again, froze the screen and then shut down on its own and started to re-boot, but when re-booting, it went to the white screen but with the fuschia squigglies back, then when the screen went into the black screen with the neon green squigglies all over the screen, then a beautiful rainbow of clorored blocks all over when it was going to the black screen where you would select either the recovery console or Windows XP Pro - but it will automatically go into Windows XP Pro Setup now (how do I get rid of that or change it?). Then it shut itself down automatically again and re-booted to a normal white screen, then the black screen without any squigglies on either and I was able to select the normal Windows XP Pro and now I am back here, praying someone can assist me.

Thank you in advance for any responses and/or suggestions...

Kitti

PS. should I also be running and then attaching a HiJackThis Log as well?
Thanks again...

Attached Files


Edited by kittikatt, 21 August 2009 - 10:31 AM.

Kitti

BC AdBot (Login to Remove)

 


#2 kittikatt

kittikatt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:03:49 PM

Posted 23 August 2009 - 12:40 PM

Morning,

I'm back to getting freezes on the system and the white and fuschia lines on the screen at re-boot. Not sure if I've included too much information or not enough to be able to get assistance, but would tremendously appreciate any thoughts, suggestions, anything as I'm at a loss and have no idea why I can't get this stuff off my system and that is affecting it this way...

Please help...

:thumbup2:
Kitti

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:49 PM

Posted 31 August 2009 - 05:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:49 PM

Posted 05 September 2009 - 05:49 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users