Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware disaster?


  • This topic is locked This topic is locked
20 replies to this topic

#1 weside

weside

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 17 November 2009 - 06:20 PM

On my windows xp HP, there are three icons "nudetube.com" "pornotube" "youporn"
The webpage is hijacked and it runs realy slow.
this is all when it first happened.
i took the windows recovery tools cd and tried to re-install that. It worked fine for a couple hours and then of course went back into crazy mode.
i have since ran the recovery cd twice so the computer would work long enough for me to try to work on it.
but now...
its gone to the blue screen


Please help me!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:20 PM

Posted 17 November 2009 - 06:51 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:20 AM

Posted 17 November 2009 - 08:32 PM

On my windows xp...
its gone to the blue screen

Please describe what happens when you attempt to start the system normally.
(you see the xp logo with blue scrolling bars and then black screen and then blue screen ... is that correct?)
Are you looking at a blank blue screen, and do you have a movable mouse pointer?

At this point, press Ctrl+Shift+Esc (all together at the same time).
What happens? Do you see the Task Manager window? (OR ... do you see a message?)

If the Task Manager window opens, on the Applications tab, click on "New Task".
In the "Run" box that opens, type "explorer.exe" and press <ENTER>
What happens? Do you see the Windows Explorer window? (OR ... do you see a message?)
Do you have your Desktop, icons/taskbar/start button back again?
Can you then use your computer normally?

Please post the results of the above tests.
--------------------------

You said: "windows recovery tools cd"
Is this CD a Windows XP installation disk?
Or .. is it a HP recovery disk?
Please identify the CD as fully as you can.

Edited by AustrAlien, 17 November 2009 - 08:35 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 20 November 2009 - 04:10 PM

it is a hp recovery disk
and my dad ran it again so the blue screen is gone. the icons are gone too but the internet explorer wont navigate past page one.
the task manager test worked
im scared in a few days it will go back to the icons on the desktop and then blue screen again..

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:20 AM

Posted 21 November 2009 - 05:10 AM

Please visit the following link and follow the instructions provided by garmanma in post #2:
http://www.bleepingcomputer.com/forums/ind...t&p=1499922

Post the requested logs (3 of them) here, in this (your own) thread.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 02 December 2009 - 03:35 PM

mbam-


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/30/2009 9:48:41 PM
mbam-log-2009-11-30 (21-48-41).txt

Scan type: Quick Scan
Objects scanned: 100039
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.







super-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/30/2009 at 10:04 PM

Application Version : 4.31.1000

Core Rules Database Version : 4304
Trace Rules Database Version: 1978

Scan type : Quick Scan
Total Scan Time : 00:07:54

Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 367
Registry threats detected : 0
File items scanned : 7115
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\WINDOWS\MSDRV32.EXE










drweb-
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
CWSInstall.exe\data001;C:\Program Files\InterMute\SpySubtract\CWSInstall.exe;Probably BACKDOOR.Trojan;;
CWSInstall.exe;C:\Program Files\InterMute\SpySubtract;Container contains infected objects;Moved.;
ssengine.dll;C:\Program Files\InterMute\SpySubtract;Probably MULDROP.Trojan;Incurable.Moved.;
A0000279.exe\data001;C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1\A0000279.exe;Probably BACKDOOR.Trojan;;
A0000279.exe;C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1;Container contains infected objects;Moved.;
firstopt.js;D:\I386\APPS\APP04000;Probably SCRIPT.Virus;Incurable.Moved.;
SpyInstall_HPPre.exe/CWSInstall.exe\data001;D:\I386\APPS\APP27993\src\SpyInstall_HPPre.exe/CWSInstall.exe;Probably BACKDOOR.Trojan;;
CWSInstall.exe;D:\I386\APPS\APP27993\src;Container contains infected objects;;
SpyInstall_HPPre.exe\ssengine.dll;D:\I386\APPS\APP27993\src\SpyInstall_HPPre.exe;Probably MULDROP.Trojan;;
SpyInstall_HPPre.exe;D:\I386\APPS\APP27993\src;Archive contains infected objects;Moved.;
A0000280.exe/CWSInstall.exe\data001;D:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1\A0000280.exe/CWSInstall.exe;Probably BACKDOOR.Trojan;;
CWSInstall.exe;D:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1;Container contains infected objects;;
A0000280.exe\ssengine.dll;D:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1\A0000280.exe;Probably MULDROP.Trojan;;
A0000280.exe;D:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1;Archive contains infected objects;Moved.;

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 PM

Posted 02 December 2009 - 03:36 PM

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 03 December 2009 - 08:54 PM

when i ran mbam the first time and tried to reboot to fully remove the stuff, it went straight to a black screen when it turned back on that said somthing like tnjdr is missing
and it wouldnt do anything else
so i ran the recovery cd again

#9 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 03 December 2009 - 08:58 PM

and when i tried to update mbam it said error code 732 (0,0)
so i submited a ticket to their email telling them

Edited by weside, 03 December 2009 - 09:00 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 PM

Posted 03 December 2009 - 10:56 PM

MBAM 732 error (from MBAM)

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 12 December 2009 - 04:56 PM

I was able to update MBAM and no objects infected were found..
do I still need to download the MBAM clean utility?
everything on my computer is back to normal now except the internet
I have dial up connection and its speed since this all happened has dropped to 31.2 kbps

#12 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 22 December 2009 - 09:00 PM

Is it possible whatever happened effected my modem too?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 PM

Posted 23 December 2009 - 11:27 AM

Possible, not probable.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Malleus Maleficarum

Malleus Maleficarum

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 23 December 2009 - 11:36 AM

I had the same problem. It's a trojan that displays fake security risks. The program Malware Defense is what's causing the problem. It's all a scam to get you to buy the program.

Follow this guide verbatim: [post="http://www.bleepingcomputer.com/virus-removal/remove-malware-defense"]http://www.bleepingcomputer.com/virus-removal/remove-malware-defense[/post]

#15 weside

weside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 29 December 2009 - 06:53 PM

Possible, not probable.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.


I dont think I have a router..
I went to control panels network and internet connections and it says modem type PCI Soft Voice SoftRing Modem with SmartSP attached to: COM3

is there a way I can reset that?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users