Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus - "Internet Survey"


  • This topic is locked This topic is locked
32 replies to this topic

#1 gfife

gfife

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 05 February 2010 - 09:56 AM

I keep getting pop-ups with an audible voice saying I have been chosen to take an internet survey. Obviously some type of spyware or virus. Here is my log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Greg Fife at 8:49:52.79 on Fri 02/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.78 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\nd\Tomcat4.1\bin\tomcat.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg Fife\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DellNSCST_GRNCH] "c:\program files\dell\dell laser mfp 1815\networkscan\DNSCST.exe" /HIDEUI
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spyware doctor\SDTrayApp.exe"
mRun: [kumigamer] Rundll32.exe "c:\windows\system32\nudubiva.dll",a
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\nd\apache2\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\photo loader\Plauto.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://esis.leeca.org/forms/jinitiator/jinit.exe
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxp://esis-app4.mesd.k12.or.us:7777/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\windows\system32\nudubiva.dll,rezaguye.dll
SSODL: molemogip - {b2b28e4e-c972-4794-8c95-3531ff2c5b1e} - c:\windows\system32\nudubiva.dll
STS: jugezatag: {b2b28e4e-c972-4794-8c95-3531ff2c5b1e} - c:\windows\system32\nudubiva.dll
LSA: Notification Packages = scecli suyifiko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gregfi~1\applic~1\mozilla\firefox\profiles\9wr6w6e2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 IKFileFlt;File Filter Driver;c:\windows\system32\drivers\ikfileflt.sys [2007-8-8 39376]
R1 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-8-8 53840]
R1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-8-8 57424]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-8-8 83024]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 Apache Tomcat 4.1;Apache Tomcat 4.1;c:\nd\tomcat4.1\bin\tomcat.exe [2003-10-27 65536]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-6-2 239216]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070601.032\naveng.sys [2007-6-1 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070601.032\navex15.sys [2007-6-1 852824]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-5-29 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-5-29 73856]

=============== Created Last 30 ================

2010-02-01 14:26:32 96768 --sh--w- c:\windows\system32\nudubiva.dll
2010-02-01 14:26:32 61440 --sh--w- c:\windows\system32\namegele.dll
2010-02-01 14:26:32 53248 --sh--w- c:\windows\system32\zajihezo.dll
2010-02-01 14:26:32 42496 --sh--w- c:\windows\system32\wewosaze.dll
2010-01-29 22:06:41 42496 --sh--w- c:\windows\system32\yujimoju.dll
2010-01-13 15:14:27 127 ----a-w- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-28 19:18:03 4 ----a-w- c:\docume~1\gregfi~1\applic~1\avdrn.dat
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-11-25 22:41:11 38 -c--a-w- c:\documents and settings\greg fife\jagex_runescape_preferences.dat
2009-11-23 21:41:57 26436 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2007-09-10 23:57:20 12483 -c--a-w- c:\program files\hijackthis.log
2007-09-09 21:58:33 401720 -c--a-w- c:\program files\seek.exe
1601-01-01 00:03:28 61440 -csha-w- c:\windows\system32\biginuwi.dll
1601-01-01 00:03:28 54272 --sha-w- c:\windows\system32\jifujeme.dll
1601-01-01 00:03:28 96768 -csha-w- c:\windows\system32\jujifoso.dll
1601-01-01 00:03:28 40960 --sha-w- c:\windows\system32\kawijewu.dll
1601-01-01 00:03:28 40960 -csha-w- c:\windows\system32\kugatugi.dll
1601-01-01 00:03:28 53248 -csha-w- c:\windows\system32\nokiwogi.dll
1601-01-01 00:03:28 93184 --sha-w- c:\windows\system32\redorabu.dll
1601-01-01 00:03:52 53248 --sha-w- c:\windows\system32\rezaguye.dll
1601-01-01 00:03:28 42496 -csha-w- c:\windows\system32\rozemapu.dll
1601-01-01 00:03:52 53248 -csha-w- c:\windows\system32\rudatonu.dll
1601-01-01 00:03:28 95232 -csha-w- c:\windows\system32\sogufoye.dll
1601-01-01 00:03:28 61440 -csha-w- c:\windows\system32\suyabiye.dll
1601-01-01 00:03:52 53248 --sha-w- c:\windows\system32\suyifiko.dll
1601-01-01 00:03:28 93184 -csha-w- c:\windows\system32\tadaperu.dll
1601-01-01 00:03:28 42496 -csha-w- c:\windows\system32\veyutiwa.dll
1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\wetelumo.dll
1601-01-01 00:03:28 94720 --sha-w- c:\windows\system32\wigusife.dll
1601-01-01 00:03:28 94720 --sha-w- c:\windows\system32\wiwedino.dll
1601-01-01 00:03:28 95744 -csha-w- c:\windows\system32\yegewuge.dll
1601-01-01 00:03:28 61440 -csha-w- c:\windows\system32\yepofara.dll
1601-01-01 00:03:28 40960 --sha-w- c:\windows\system32\yotokira.dll
1601-01-01 00:03:28 39424 -csha-w- c:\windows\system32\yuwabuga.dll
2009-07-06 15:46:56 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070620090707\index.dat
2008-07-16 12:10:09 32768 -csha-w- c:\windows\temp\history\history.ie5\mshist012008071620080717\index.dat

============= FINISH: 8:51:27.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 06 February 2010 - 07:26 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 08 February 2010 - 12:43 PM

Thanks, but now I can't even get to the internet. I constantly receive a pop-up for "Your PC Protector".

I can't get internet access and i can't even open my "Add or remove Programs" folder.

I use Ctrl + Alt + Delete to end the program, but as soon as I try to open a browser, the "Your PC Protector" program opens instead. I am using a different computer to make these posts on BleepingComputer.

Please help!!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 08 February 2010 - 01:08 PM

Hi,

What instructions have you done so far?
You can transfer the installer for malwarebytes from the computer you are currently using to the infected computer.
If malwarebytes won't run, use this version instead and transfer it to the infected computer: http://mbam.malwarebytes.org/program/random-installer.php
Save it on your desktop. You'll see it will have a random name, and will look similar like this:
Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
In case the installer (random named file) won't run either, rename it to firefox.exe and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).
After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 03:38 PM

Thanks, but It has completely locked up the computer. I can't get an internet browser to open at all, (Mozilla, IE, Safari),

And I can't open my "Add or Remove Programs" folder.

I transferred the malwareBytes file via thunb drive, but when I try to open it, Iget a message saying I can't open it.

I can't get inside to do anything.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 11 February 2010 - 03:41 PM

Hi,

Did you read the additional steps in my previous post about the renaming?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 03:48 PM

OK, I did that but I get a box called "vbAccelerator SGrid II Control" That says "Run-time error 'O'

#8 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 03:50 PM

I have to keep my Task manager open and Hit Ctrl + Alt + Delete every 30 seconds or so because the "Your PC Protector" spam keeps opening


#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 11 February 2010 - 03:52 PM

Hi,

Please reboot in Windows safe mode and try there.
To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 04:03 PM

Still doing the same thing. First I get the "Run-time error" then I get one that says Run-time error '440': Automation Error

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 11 February 2010 - 04:06 PM



* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
Also try from safe mode.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.



AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 04:24 PM

I tried to shut down all of the security software, but it still says that Symantec Client Firewall is running. I can't figure out how to turn it off, because it does not appear in my task tray because I am in Safe Mode

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 11 February 2010 - 04:27 PM

Hi,

Just ignore that in Windows safe mode and proceed with Combofix.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 gfife

gfife
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 February 2010 - 04:30 PM

Now it's saying that I need to install some Microsoft software, but I don't have an internet connection. I can't connect to the internet with this virus

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:02 PM

Posted 11 February 2010 - 04:34 PM

Hi,

You can choose safe mode with networking support. That option is also present when you use F8.
If that doesn't work or gives too much hassle, just proceed with combofix without installing the Recovery console for now.

By the way, since it's already late here and I need my bed, I won't be on from now on, but I'll reply as soon as I'm awake.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users