Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid of Facebookgallery Skype Virus


  • Please log in to reply
5 replies to this topic

#1 shadowboxin

shadowboxin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 January 2010 - 01:17 AM

Thanks to all for any help ... I am running Vista on my PC (Acer Aspire 4810T).

In a sleepy late-night stupor last week, I clicked on a link sent by a friend via Skype ... without looking at the link first. Good work; now I have a virus.

You gurus out there are probably familiar with this virus that's going around. The message I received said something like, "You sent me this picture a while ago. Do you know when it was taken?" and then a link that looked something like http://srv06.facebookgallery.info:89/archi...ure0035.JPG.zip. I know, so many red flags in that link if I had bothered to look closely.

Once I clicked on it, it began sending similar messages to my Skype contacts.

First, I ran a virus scan with McAfee. It didn't delete any viruses. However, it will identify variations of the following two files whenever I reboot:

Name: flashp.exe
In Folder: c:\users\alisha\appdata\localtemp
Detected As: W32/IRCbot.gen.aj
Detection Type: Virus
Status: Moved (Clean failed)

Name: 1x8[1].zip
In Folder: c:\users\alisha\appdata\local\microsoft\windows\temporary internet files\content.ie5\4oaz5qk8
Detected As: W32/IRCbot.gen.aj
Detection Type: Virus
Status: Moved (Clean failed)

I enlisted the help of our IT guy. He made sure my antivirus software was updated. We ran it and ran C Cleaner to get rid of temp files. Upon rebooting, the above files still show up.

Then we tried the steps outlined in this post, running ComboFix: http://bluescreensolutions.blogspot.com/20...ally-sends.html. Still not fixed. Note that there was no "garbled text" in my host file, and I did attempt to create a new one using HostXpert as well.

We tried running Malware Bytes' anti-malware software in safe mode, also saving the program files under different names as in the instructions above. The final scan report didn't show any viruses identified or deleted. The above files still pop up upon rebooting.

I attempted to reset my system restore point using the instructions from this post: http://www.bleepingcomputer.com/forums/lof...hp/t274250.html. Still not fixed.

I am out of ideas and IT guy is shipping off to Haiti in 48 hours. I would really appreciate any helpful tips you all might be able to offer. Please let me know if I can provide more information or logs from virus scans - I have them saved. Thank you so much!

Edited by shadowboxin, 27 January 2010 - 01:24 AM.


BC AdBot (Login to Remove)

 


#2 shadowboxin

shadowboxin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 January 2010 - 12:16 PM

bump ... thanks.

#3 shadowboxin

shadowboxin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 28 January 2010 - 12:23 AM

bumping again ...

#4 shadowboxin

shadowboxin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 04 February 2010 - 02:27 AM

anyone? please?

#5 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:01:23 PM

Posted 04 February 2010 - 02:55 AM

Have you tried spybot search & destroy?

download from here if not.

http://www.safer-networking.org/en/ownmirrors1/index.html
Update before scanning.

Also try this program from Norman Malware remover.
http://www.norman.com/support/support_tools/58732/

Good luck!

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:


#6 shadowboxin

shadowboxin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 04 February 2010 - 03:31 AM

Thanks for the suggestion ... I downloaded Spybot but I think the virus prevents it from running. I attempted to change the program file names so it wouldn't recognize it, but it's still not running.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users