Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS Prompt window pops up on boot // msn spam virus


  • Please log in to reply
5 replies to this topic

#1 paN!cker

paN!cker

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:03:22 PM

Posted 12 February 2010 - 07:47 AM

Hi everyone,

Recently for no reason whatsoever a DOS prompt window popped up out of nowhere, with the following path "C:\Documents and Settings\User\Start Menu\Programs\Startup\[random link]. The last part always changes when the window pops up again. Not too sure if it's something wrong I typed or clicked or a more serious issue. Everytime I closed the window, it would pop up again with another ending link. This coincides with the dreaded MSN virus that has started bugging me and sending itself to my contacts. I have taken the action of changing my MSN password, but don't really know what else to do.

Now, when I boot up, the window only pops up once. Once I close it, it goes away until I reboot the com again. Thanks in advance for your help.

Cheers
Christopher


EDIT: Moved to a more appropriate forum-MG

Edited by garmanma, 12 February 2010 - 11:16 PM.


BC AdBot (Login to Remove)

 


#2 joseibarra

joseibarra

  • Members
  • 1,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:02:22 AM

Posted 12 February 2010 - 08:42 AM

Please run these scans, then we'll fix the leftovers.

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#3 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:03:22 PM

Posted 13 February 2010 - 02:31 AM

I ran the anti-malware scan first. this is the log.

Malwarebytes' Anti-Malware 1.44
Database version: 3732
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/13/2010 2:09:47 PM
mbam-log-2010-02-13 (14-09-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 203665
Time elapsed: 1 hour(s), 22 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\paN!cker\Local Settings\Temp\InstModule.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\paN!cker\Local Settings\Temp\dllhosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------------------------------------------------

I then ran the superantispyware scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2010 at 03:00 PM

Application Version : 4.33.1000

Core Rules Database Version : 4583
Trace Rules Database Version: 2395

Scan type : Complete Scan
Total Scan Time : 00:44:44

Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 4667
Registry threats detected : 0
File items scanned : 24021
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\paN!cker\Cookies\pan!cker@adbrite[2].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@content.yieldmanager[3].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@content.yieldmanager[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@ad.yieldmanager[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@atdmt[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@apmebf[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@ad.wsod[2].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@1067766890[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@pointroll[2].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@serving-sys[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@mediaplex[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@fastclick[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@bs.serving-sys[2].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@doubleclick[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@ads.pointroll[1].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@interclick[2].txt
C:\Documents and Settings\paN!cker\Cookies\pan!cker@msnportal.112.2o7[1].txt

Spyware.RelevantKnowledge
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1EA692EF-C778-47F3-ACC2-ADC4F5C77680}\RP65\A0017843.DLL


So far, so good! The dos prompt window has stopped popping up. Would you like me to do anything else? Thanks for your help. :thumbsup:

Cheers
Christopher

#4 joseibarra

joseibarra

  • Members
  • 1,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:02:22 AM

Posted 13 February 2010 - 06:28 AM

Good job and I hope that does it.

With MBAM and SAS you have a good combination of free, respectable detection and removal software.

SAS does turn up cookies, but it is good at that and cookies are not too bothersome.

You may want to run them again to make sure they run clean and then periodically update/run just for the heck of it. I run each once or twice a week and switch back and forth since no single program seems to know about everything. They get updated with new stuff every day it seems like.

Since SAS found something in one of your System Restore points, if it was me, I would suspect my System Restore points had been compromised. It may be an old RP that you will never need to use, maybe not. I am not really sure what SAS does - fix it, delete it?

Me..., since I am not sure and want to be sure, I would delete all but the last RP using CCleaner or delete all the RPs by manually turning off SR and then turning SR back on, and then manually make a new RP on the clean system - just to be sure it all works. SR is a popular malware target!

If you need help with any of that, holler.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#5 paN!cker

paN!cker
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:03:22 PM

Posted 13 February 2010 - 12:12 PM

Thanks Jose, I've switched my SR off and on again. We'll see how things go hey?

#6 joseibarra

joseibarra

  • Members
  • 1,304 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:02:22 AM

Posted 13 February 2010 - 12:39 PM

:thumbsup:

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users