Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

been hijacked by trojans/internet security 2010/fakeralert-ks.a


  • Please log in to reply
19 replies to this topic

#1 pepperonione1

pepperonione1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 06 January 2010 - 02:58 PM

I ran malwarebytes in save mode/it stated it removed and deleted the trojan internet security 2010, after reboot it's back, it duplicated itself somehow and is still in the recycle bin. Mcafee states it has fakealert-ks.a and fakealert-la.dll quarantined but nothing is working. I still have the big box with the spyware detected my desktop is highjacked and the red x in the lower right toolbar and constant popups with fake warnings of losing my data. I cannot access my taskmgr. or registry.
I did all that was required with Mcafee in unchecking the system restore so it could find it all, however I am finding mcafee supplied by comcast to be just about useless. I now have another icon in my lower right tray stating it is internet security with microsoft settings? I do not know what else to do to fix this, I had deleted the files etc. in safe mode ran malwarebytes which stated it got rid of it, but it replicated itself because it's back in the search files and folders.

Please help, not a total newbie but could use some help, please.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:54 AM

Posted 06 January 2010 - 07:06 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 06 January 2010 - 07:35 PM

What logs do you require and how to them to you? What programs should I download to give this to you, the virus seems to block the two downloads on the beginning page, it will not allow me to back up my computer either.

#4 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 06 January 2010 - 07:37 PM

Please just give me some instructions on how to get rid of this thing, I have cleaned the computer in safe mode, nothing shows in Mcafee virus or in malwarebytes, shows it's clean until I reboot. The virus will not let me use my task mgr or regedit and will quickly hijack my typing of this message to it's website.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 07 January 2010 - 07:40 AM

Please post the results of your last MBAM scan for review (even if nothing was found).
It would also be helpful to post the log prior to that where malware was detected.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 07 January 2010 - 11:57 AM

I cannot access the computer any longer, it is on a loop that says a hardware change or bad shutdown willnot allow it to start. Ivan get in via recovery via comma d prompt in dos of which I am illiterate. Ifound the video listed in my startup menu via msconfig, unchecked it and the program stated access denied and will not allow me to change it to normal boot, it went to diagnostic and bogged down all systems. Mcafee deleted said Trojans and all went haywire. Mcafee stated to disable restore point to scan, now there isn't one. I have a partioned hard drive to do a destructive reformat but hesitate. I could do temp files and give commands if someone walked me thru it. It wont boot only goes in a loop, however I can get into beginning setup, computer would not let me backup or download fixes to combat Trojans. Win32.netsky fakealerts and imbedded into DLL and helper files under the guise of ie 5. Please someone help.

#7 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 07 January 2010 - 12:04 PM

I had malwarebytes already on the computer, last run it did not find files but then McAfee deleted them and not a true reboot to reload virus again thru start menu. Am on phone for website and don't have anot
her computer or boot disc. HP desktop pavillion m 7567c . Just got a new monitor for Xmas,what luck or shall we say stupidity?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 07 January 2010 - 12:05 PM

It can be difficult to determine what exactly caused this problem. Bootup failure can be due to a variety of issues to include application faults, hardware failures, loose pin connections or malware infestation. Startup failures that occur before the OS loader (Ntldr) starts could indicate missing or deleted files, or damage to the hard disk master boot record (MBR), partition table, or boot sector. If a problem occurs during startup, the system might have incompatible software or drivers, incompatible or improperly configured hardware, or corrupted registry/system files. However, from what you describe, this problem appears to be malware related.

If you cannot bootup or logon in normal or safe mode, then your options are limited.If you choose Hiren's, please be aware:

While this collection of tools can be very useful, potential users should note that many of the tools are commercial applications that have not been legally licensed for redistribution, and so download/use/sharing of Hiren's BootCD may be illegal (depending on your legal jurisdiction).

http://en.wikipedia.org/wiki/Hiren%27s_BootCD

Another option is to create a Bootable CD:These are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Note: In order to use a rescue disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computerís BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:If at some point, you are able to boot up but have difficulty running programs, you can try using VIPRE PC Rescue. This is a utility designed to scan and clean a computer which is so badly infected that most programs cannot run. Virus definitions are included and the program is self-running once executed. All scans include Rootkit Detection. Be sure to print out and follow the instructions provided on the same page for running under Windows or with the Command Line option.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 11 January 2010 - 08:06 PM

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\273.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\274.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\275.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\278.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\27B.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\27E.tmp (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\bhbF.exe (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\qwtlfc.exe (Rootkit.MBR) -> No action taken.
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\SSIPDZL5\eH9880b369V03f01030002Rc7eb242b102Td3c3297aQ0000004c901807F0020000aJ0a000501l0409Kbde1b5a0316P000800070[1] (Rootkit.MBR) -> No action taken.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> No action taken.

#10 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 11 January 2010 - 08:07 PM

removed the infected files, mcafee found one file still getting my browser hijacked and will not allow download of rkill to any drive or desktop.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:54 AM

Posted 11 January 2010 - 09:34 PM

I have closed the other topics you have on this issue. Please continue here and not consume our voluteers resources.
XP http://www.bleepingcomputer.com/forums/ind...p;#entry1570175
AII http://www.bleepingcomputer.com/forums/t/284913/multitude-of-trojanscant-get-rid-of-them-even-with-malwarebytes/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 12 January 2010 - 07:48 AM

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please post a complete MBAM log to include the top portion which shows the program/database version, operating system, date of scan and scan type.

It's possible that you have an infected Master Boot Record so lets check it to be sure.

Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Posted Image > Run..., and in the open box and type: cmd
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 January 2010 - 10:27 AM

will not work, states inoperable batch file not recognized as an internal or external command,operable program orbatch file

However I did follow the directions for removal of is 2010 on here and am still having residual problems, some websites are continuing to be redirected, mc backup exe is running full out taking up 50% cpu usage, it did not before, also discstreamhub.exe and discupd.mgr.exe. Th computer would not start normally, had to still use xp boot disc, any change I make it still states access denied. It will not allow me to download any files, I am doing so by using my usb flash drive with mozilla on it to download. Any suggestions would b greatly appreciated.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 12 January 2010 - 10:37 AM

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 pepperonione1

pepperonione1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 January 2010 - 02:31 PM

I have re run rkill and malwarebytes, so far no virus showing up, I want to backup my computer, however when it asks for a drive in backup for xp, it will not list my cd rom drive? It lists all other drives that are not the 2 cds? that would be the smart media compact flash mmc/sd and memory stick pro, g-L being usb flash drive. I want E, cd drive which is not the dvd which is f, can anyone help me?
I finally got the is 2010 virus off my computer I think, but I want to save all my data, pics and if it goes bad or is not fixed I want to do a destructive recovery and then put my pics and items back on, can that be done?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users