Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus XP2010,SmitFraud, and Hiloti and trojans!


  • Please log in to reply
3 replies to this topic

#1 OreoCakesters

OreoCakesters

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 01 March 2010 - 10:51 PM

OK so about 2weeks ago I was searching the web for tabs and when I came to this one website a sudden pop up came up on my screen saying that its downloading Anti-virus XP 2010 /Update I tried to click cancel but it wouldn't let me!
After that Incident My internet explorer wasn't working and there were constant pop-ups
So I Figured out a way to use the internet to find out how to get the rogue scanner out and got Anti-malawarebytes after it scanned and did its thing the antivirus XP 2010 stopped popping up but my internet explorer still wasn't working because every time I double clicked it it would give me a window that say "Open program with " So I decided to ignore it and just use FireFox as my normal browse.
As Normal I would just leave my computer on 24/7 and then in a few days or the next day(I kinda forgot) I got to my computer and my AVG Anti-Virus Detected Hiloti Trojan Horse and there would be alerts on my screen when it gave me the choice to heal it , it said that it might cause system instability or somthing if i did, so I didnt want to take the chance.



After that my Computer started slowing down DRASTICALLY it would take like 5minuites to refresh 30mins-1 hour to reboot and when I went on youtube or
watched any video it would be very choppy even though the bar says its loaded.

My CPU usage would jump to high 60%+ from like 3%

I also have Spy-bots search and destroy, SuperAntiSpyware, Malawarebytes,AVG,

My scanned a bunch of times but I couldn't find the virus anymore

My latest scan is by SAS I can only find track cookies now...


ALSO MY SPYBOT SEARCH AND DESTROY REMOVED



Win32.ciadoor.cj Microsoft.WindowsSecurityCenter.Firewall Override Microsoft.Windows.AntivirusOverride Microsoft Windows Securit Internet Explorer

By the way all of these are In a file called HKEY or somthing <<< My SSD made backup files so Idk what to do with it i found these in recovery)








PLEASE!!! HOW DO I GET RID OF THIS MALWARE OR

WHATEVER AND GET MY COMPUTER BACK TO NORMAL!!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2010 at 11:38 AM

Application Version : 4.33.1000

Core Rules Database Version : 4623
Trace Rules Database Version: 2435

Scan type : Complete Scan
Total Scan Time : 04:04:53

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 6675
Registry threats detected : 0
File items scanned : 38171
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt





Malwarebytes' Anti-Malware 1.44
Database version: 3722
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/10/2010 5:02:43 PM

mbam-log-2010-02-10 (17-02-43).txt

Scan type: Quick Scan
Objects scanned: 117588
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\NSCPMgC7.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: nscpmgc7.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\NSCPMgC7.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\pubiqp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ornnqqhwbd.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\xwoenamrcs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\spool.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\pjthqw.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\serr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:18 AM

Posted 07 March 2010 - 02:58 PM

Hello,

Here is a removal guide for Antivirus XP 2010: http://www.bleepingcomputer.com/virus-remo...irus-vista-2010

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 OreoCakesters

OreoCakesters
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 07 March 2010 - 08:34 PM

Well Back then When I got the virus I fiddled around and when I got Malawarebytes I think I destroyed the virus without having to download it from another computer All I did was install the program and I let it scan and do its thing I also had Eusing Free Registry cleaner to help

I THINK ANTIVIRUS XP 2010 is off my computer Since it doesnt show any more pop ups or anything but my computer is still super slow!

What do I do now? Should I try using internet explorer again?

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:18 AM

Posted 07 March 2010 - 09:32 PM

Hello,

The computer issues you are experiencing are likely the result of lingering infection. Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users