Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Haunted by past AntiSpy Protector 2009


  • Please log in to reply
8 replies to this topic

#1 Sticky Wheel

Sticky Wheel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 22 September 2009 - 12:23 PM

AntiSpy Protector 2009

Thanks for reading this post. A few weeks back the above virus attacked me. But due to some luck mouse movements I was able to restart in safe mode and run Malwarebyte. Which found a assortment of problems in my pc. All were found and killed. The pc has not had a reissue with “AntiSpy Protector 2009. But since then Firefox has had some redirect thru Google. And the biggest pain is a “really slow running” machine while on the net. Or it just does not respond.

I have kept Malwarebyte, Avira, and SUPERAntispyware up to date and I run them all often. No more infections or viruses have been found.

If you can help me do a deeper search/scan on my pc to help it return to the Internet speed it once way.

Thanks for your help

BC AdBot (Login to Remove)

 


#2 Skydie

Skydie

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 22 September 2009 - 02:19 PM

Can you use task manager? Also do any pop ups ever appear or is it just that your being redirected? Which sites do you get redirected to?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 22 September 2009 - 04:12 PM

Also please run this.
Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Sticky Wheel

Sticky Wheel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 22 September 2009 - 06:51 PM

Skydive----Yes I can use Task Manager. No Pop Ups appear and when I get a redirect it is to a new off brand site search engine. But it still has my topic of search.

boopme---- Thanks you for your input the log you ask for is below. I now will sit back and await your followup.

GooredFix by jpshortstuff (12.07.09)
Log created at 19:43 on 22/09/2009 (RU Ready)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{78FF9E27-4CB8-4B33-A2E2-E15F492259E8} -> Success!
Deleting C:\Documents and Settings\RU Ready\Local Settings\Application Data\{78FF9E27-4CB8-4B33-A2E2-E15F492259E8} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:32 16/06/2006]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [01:46 24/07/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [02:04 24/11/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [13:27 24/05/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [15:33 05/09/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [15:09 13/12/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [15:20 21/06/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:08 13/12/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:37 22/08/2009]

-=E.O.F=-

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 22 September 2009 - 08:22 PM

How is it running now?


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Sticky Wheel

Sticky Wheel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 22 September 2009 - 11:02 PM

How is it runnning, you ask. Its not running, its more like flying again. There is no more stalling on page loading or jumping from one web site to another. I ran several searches and none were redirected. So far things are 100% better. Below is the Malwarebyte scan you ask for.

Thanks for your help (hope you hear that from everyone).

Malwarebytes' Anti-Malware 1.41
Database version: 2846
Windows 5.1.2600 Service Pack 3

9/22/2009 11:43:35 PM
mbam-log-2009-09-22 (23-43-35).txt

Scan type: Quick Scan
Objects scanned: 108024
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 23 September 2009 - 11:17 AM

:thumbsup: great news..
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Sticky Wheel

Sticky Wheel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 23 September 2009 - 12:20 PM

New restore point has been created and disk clean has been done.

Now I know there are two great things from New Jersey------You and cheap Gas :thumbsup:

Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 23 September 2009 - 02:16 PM

Hey thanks a lot,I appreciete that. Please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users