Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is: fb_reg20091107?


  • Please log in to reply
1 reply to this topic

#1 beth&jeff

beth&jeff

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 November 2009 - 11:35 PM

Hello! I'm new here, so I hope this is in the right location..
Recently my fiance opened a video on facebook which prompted him to update adobe viewer or something, and it ended up being a virus. He also installed a toolbar for MafiaWars, and I think we got more infections from that. I wish he wouldn't do things like that without my consent, because I'm just a bit more computer savvy than he is....just a bit. lol. Anyhow!

I found this thread earlier this afternoon; http://www.bleepingcomputer.com/forums/lof...hp/t259599.html and found the first part of it helpful. I downloaded the two programs, and it seemed to get rid of whatever avg didn't find. I no longer see fioo32 in my task manager, and it got rid of fdgg34353edfgdfdf, which is what I used in the google search that lead me to that thread. But now I am unsure if both those programs worked to clear all the harmful content. However, my task manager still shows 77-78 processes running, which before getting infected, there were far less, and some look like duplicates? Also, I just found a .txt file which is fb_reg20091107. I have no clue if it is a concern or not, but the contents of the file are questionable.

20091107 13:11:23 ThreadID:1748 ProcID: 1788 reg build 0010
20091107 13:11:23 ThreadID:1748 ProcID: 1788 FB reg start
20091107 13:11:23 ThreadID:1748 ProcID: 1788 IE VERSION=8.0.6001.18828
20091107 13:11:23 ThreadID:1748 ProcID: 1788 C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies
20091107 13:11:23 ThreadID:1748 ProcID: 1788 get work domain
20091107 13:11:23 ThreadID:1748 ProcID: 1788 create browser thread
20091107 13:11:23 ThreadID:1748 ProcID: 1788 Create google browser
20091107 13:11:24 ThreadID:1748 ProcID: 1788 Create main browser
20091107 13:11:24 ThreadID:1748 ProcID: 1788 getactivedomain
20091107 13:11:24 ThreadID:1748 ProcID: 1788 check inet
20091107 13:11:24 ThreadID:1748 ProcID: 1788 inet ok
20091107 13:11:24 ThreadID:1748 ProcID: 1788 trying
20091107 13:11:24 ThreadID:1748 ProcID: 1788 nippontrading.se
20091107 13:11:25 ThreadID:1748 ProcID: 1788 valid domain
20091107 13:11:25 ThreadID:1748 ProcID: 1788 nippontrading.se
20091107 13:11:25 ThreadID:1748 ProcID: 1788 work domain
20091107 13:11:25 ThreadID:1748 ProcID: 1788 nippontrading.se
20091107 13:11:25 ThreadID:1748 ProcID: 1788 wait inet begin
20091107 13:11:26 ThreadID:1748 ProcID: 1788 Request params
20091107 13:11:28 ThreadID:1748 ProcID: 1788 switch to confirm mode
20091107 13:11:28 ThreadID:1748 ProcID: 1788 checking login
20091107 13:11:28 ThreadID:1748 ProcID: 1788 C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies
20091107 13:11:45 ThreadID:1748 ProcID: 1788 trying to login
20091107 13:12:29 ThreadID:1748 ProcID: 1788 confirm acc start
20091107 13:12:34 ThreadID:1748 ProcID: 1788 ERROR: skip step link not found
20091107 13:12:34 ThreadID:1748 ProcID: 1788 login ok
20091107 13:12:38 ThreadID:1748 ProcID: 1788 friend request confirm begin
20091107 13:12:44 ThreadID:1748 ProcID: 1788 friend request confirm end
20091107 13:12:44 ThreadID:1748 ProcID: 1788 scan friend begin
20091107 13:12:54 ThreadID:1748 ProcID: 1788 scan friend end
20091107 13:12:54 ThreadID:1748 ProcID: 1788 Stats: added 0
20091107 13:12:54 ThreadID:1748 ProcID: 1788 /.sys/?action=grgen&a=res&soft=ADD&status=na&added=0&friends=0&id=3193&v=02
20091107 13:12:55 ThreadID:1748 ProcID: 1788 /.sys/?action=grgen&a=res&soft=ADD&status=na&added=0&friends=0&id=3193&v=02
20091107 13:12:55 ThreadID:1748 ProcID: 1788 finished


How can I tell if I am still infected, and is this something to be concerned about? Should I delete it? I have no idea what to do. I've been trying to fix this problem since the 7th! Any help is much appreciated!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:44 PM

Posted 17 November 2009 - 10:16 PM

Submit the file for a jottiscan
http://virusscan.jotti.org/en
and/or
http://www.virustotal.com/

See what they have to say about it
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users