Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fix not working - spyware alert - worm.win32.netsky


  • This topic is locked This topic is locked
7 replies to this topic

#1 brigg

brigg

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:56 PM

Posted 25 February 2010 - 12:53 PM

I've had this "rogue" virus for several days and it just keeps getting worse.
I've tried the different variations posted here using MBAM (malwarebytes..)
right now I've booted in safe mode with networking, run the Iexplore thing successfully. That's about all
I can do.

I did the proxy fix in tools, Lan settings, I still can't get to any sites like bleeping computer, or a proxy sit.
Now it looks like I don't have internet connection at all. I'm at the library doing this with my laptop with me.

I did "sucessfully" run the mbam fix a few days ago. It seemed to work. I had all the files on my computer.

This am I uninstalled mbam, rebooted. I deleted the old rkill and explorer files and re-downloaded them to the library computer and copied them over to mine. I ran the rkill okay.
After completing that, I copid a new mbam-set up to my desktop. when I click on it I just get an hourglass for about 10 seconds, then right to the arrow for a while, then to the hour glass for about 10 seconds, then to the arrow for a long time, back to hourglass for 10 seconds.
TAsk manager is working.
Without IE or Firefox running, I have 3 instances of iexplore running.

Sounds simple, but I've been at it for an hour and a half.
I am running ad-aware now. I haven't always been able to run it the last few days, but when I do, it does find problems and then quarantines them. Never seems to solve the problem.

I think I need another solution. I'm desperate.
I've purchased PC Tools for other problems with my computer in the past and and it hasn't worked.

Please help! :thumbsup:

also might mention that avast won't run because I've exceeded my trial period. Sprybot doesn't run. I can sometimes get a-squared to run. It ran today. Yesterday I tried to download Avira. I could get it on the desktop but but run it. I'll try that again.

Edited by Pandy, 25 February 2010 - 01:25 PM.
Moved from Windows XP Home and Pro ~Pandy *and merged*

Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

BC AdBot (Login to Remove)

 


#2 stven71

stven71

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 25 February 2010 - 01:31 PM

Does 'XP Antivirus 2010' pop up and register a scan, telling u yor machine is infected?

#3 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:56 PM

Posted 25 February 2010 - 01:48 PM

Yes. I also get Warning, application cannot be executed. the file is infected. please activate your antivirus.

Avira won't run because it need an internet connection - I"m in safe mode with networking but somehow I don't have my internet connection.
I rebooted to regular mode and tried Avira - it still won't run - I can select the menu option, but nothing happens.
I can only get to bleeping computer through a proxy on my computer (the Use a Proxy is not checked under Tools, Connections, Lan settings).
I get sound only commercials every so often - nothing shows up in the task manager under applications.
If I leave my computer running and don't work on it, it locks up.

Edited by brigg, 25 February 2010 - 03:53 PM.

Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#4 stven71

stven71

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 25 February 2010 - 05:37 PM

http://www.bleepingcomputer.com/forums/t/297796/av-protectcom/

Might be what i just fixed for a friend. read whole thread...maybe it will help you

there were two variations of same malware.

#5 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:56 PM

Posted 27 February 2010 - 09:41 PM

I've been working some on this problem.
Sometimes I have trouble getting to this site even when I access it through www.freetoview.net.
Last time I was on this site it wouldn't let me reply.

I went through the posts you recommended, and I just didn't see the files I was supposed to work with.
Our symptoms seem the same though, but I might have more symptoms than you.
Not sure if you were getting the "worm.win32.netsky detcted on your machine", but I get that sometimes as well.

Also, "Attention, system detected a potential hazard (TrojanSPM/LX on your cmputer that may infect executable files."

Only once or twice does the background color change to gray.
I would not be able to use my computer without the rkill/iexplore file that kills some processes.

Any other ideas?
I'm not able to run Spybot or the mbam executable I have on my desktop.
I have the Hijack This log if that would help anyone.
I am wondering if I should open a different thread for one of the other errors I'm getting and just attack it symptom by symptom.

By the way, the internet connectivity issue was related to the virus - it Forces the LAN setting in Tools, Internet OPtions, Copnnects to go to a proxy and then blocks all sites.

Edited by brigg, 27 February 2010 - 09:43 PM.

Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:56 PM

Posted 28 February 2010 - 04:55 PM

Hello brigg,

I suggest you follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:56 PM

Posted 28 February 2010 - 05:33 PM

Thanks.

I've done what I could (I already found that guide you suggested).
the new post is security essentials 2010, TrojanSPM/LX, worm.win32.netsky detcted

I've uploaded a few logs.
I hope the logs and the additional information provide you with what you need.
Thanks so much for your help.
I have been down a few working days now, and I'm in dire need of assistance.

Edited by brigg, 28 February 2010 - 05:34 PM.

Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:56 PM

Posted 28 February 2010 - 06:08 PM

Hello,

Good work. Now for the frustrating part: waiting.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/299259/security-essentials-2010-trojanspmlx-wormwin32netsky-detcted/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users