Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection of some sort- no programs will run


  • Please log in to reply
3 replies to this topic

#1 simmersc2008

simmersc2008

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 11 January 2010 - 12:56 PM

Just started today. I can run Firefox but am unable to run the dds or rootrepeal or any of my other necessary work programs (including Office). I am also unable to open any windows system things like add or remove programs, windows security, windows backup... Below are the pop-ups that are associated with this.

I receive a small security warning box that contains a large white x in a red circle. The message says: "Application cannot be executed. The file dds.scr (in this case though it changes based on what I try to open) is infected. Do you want to activate your antivirus software now?" There are Yes and No buttons and you cannot select the close "x" in the corner.

There is also a white box with a red banner at the top that say Antivirus software alert. It also contains a white exclamation point surrounded by a red circle and a black circle. The box says: " INFILTRATION ALERT Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan- dropper or similar. DETAILS Attack from: 92.138.210.227, port 34726 (this changes each time it pops up) Attacked port: 63439 (this also changes). Threat: Win32/Nuqwl.E (this also changes.) Do you want to black this attack?" Yes and No boxes at bottom. Upon clicking either box Internet Explorer opens (not default browser) to porno.org or a website about erectile dysfunction or something similar.

A Windows Security balloon also opens from a blue and white striped shield (Antivirus Live - which was never downloaded onto the computer). It says " Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses andd other security threats. Click here for the scan you computer. Your system may be at risk!"

A large red box right in the center of the screen. It is titled Spyware Alert! Inside a grey box it says "Vulnerabilities found Your computer is infected by spyware- 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate Realtime secure protection against future intrusions." There is then a link Why do you need spyware protection? There is the a diamond with an i inside next to "Upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks. You will be able to download daily upgrades and get online protections against internet attacks." Your choices are Activate your antivirus or Stay Unprotected.

Please help if you can. I am not sure what to do to get rid of this stuff. Can dds and rootrepeal run in safemode? I apologize for the complicated explanations but am unable to get a screen shot for whatever reason.

Thanks

BC AdBot (Login to Remove)

 


#2 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 11 January 2010 - 11:25 PM

Try using the following guide
http://www.bleepingcomputer.com/virus-remo...-antivirus-live

#3 simmersc2008

simmersc2008
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 12 January 2010 - 09:48 AM

Thanks. This solved the problem.

#4 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 12 January 2010 - 11:03 PM

Can you post the log from Malwarebytes to verify that you are clean? You should also run a scan at http://www.eset.com/onlinescan/ to be on the safe side.
Trev




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users