Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

right media and 1572419169.tmp error


  • This topic is locked This topic is locked
16 replies to this topic

#1 lavisbre

lavisbre

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 04 March 2010 - 12:00 PM

My Norton antivirus and spyware finds nothing.
Adware finds nothing but cookies.
My spybot S&D finds Right media all the time, however cant remove it as it keeps coming back.
I get an Error 1572419169.tmp says it cant access?
When im on the internet and im searching for things in a second browser window im often diverted from say a known site to one that sells items linked to the question typed in browser.
Every so often something trys to tell me im infected and wants to do a scan, however with my fire wall turned on again as it was disabled it doesnít get far.
Can you help me please?

Thank you in advance for your time

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 05 March 2010 - 06:15 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by miekiemoes, 18 March 2010 - 01:29 PM.
instructions deleted to submit the file since I get overwhelmed with submissions that look similar but are harmless

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 06 March 2010 - 12:33 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3825
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/5/2010 10:22:45 PM
mbam-log-2010-03-05 (22-22-45).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 639328
Time elapsed: 6 hour(s), 57 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\winipseec.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{55ed4edb-48c6-5f34-0d5e-4f3b164e6131} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55ed4edb-48c6-5f34-0d5e-4f3b164e6131} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55ed4edb-48c6-5f34-0d5e-4f3b164e6131} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winipseec.dll (Trojan.BHO) -> Delete on reboot.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 06 March 2010 - 01:56 AM

Hi,

Malwarebytes already removed the culprit here...
I assume you rebooted afterwards?

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 06 March 2010 - 10:49 PM

Thank you so much
I will keep testing as soon as I get time off work.
I donít know what happened to my malwarebytes as it scanned and didnít get anything before. I also noted it didnít load from my desktop so I had to reload it.. only it gave some error with a dll file and some hidden folder for itÖ so I deleted it all and did a fresh install to a new folder and it worked. I havenít had time to play as im working right now.. I will try when I get home.

Thank you in advance and as soon as i get paid I shall donate to your worthy cause.


#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 07 March 2010 - 07:56 AM

Hi,

Normally everything should be OK now.

Glad I could help. smile.gif

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 08 March 2010 - 08:54 PM

ok malware said no infections after a scan but i still got a error as before
C:\DOCUME~1\Osborne\LOCALS~1\Temp\WEReaa5.dir00\1572419169.tmp.mdmp
and i still have right media in spybot?


#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 09 March 2010 - 01:58 AM

Where does spybot find this "Rightmedia" file? Some files may indeed be locked in your temp folder, so that's why some scanners may have problems with scanning them. This is nothing to worry about though.
Try ATF-cleaner to empty your tempfolder: http://majorgeeks.com/ATF_Cleaner_d4949.html
Then reboot afterwards.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 March 2010 - 09:49 AM

will clean my temp folder, i also had an alert from my norton that a trojan.gen was stopped.
it was c:\windows\temp\1572419169.tmp
atf has cleaned my folder and spybot has no threats found.
i hope this was the end of the little monster ...

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 09 March 2010 - 10:03 AM

Yes, it's normal that there are still leftovers in the tempfolder, but they can't do anything since they don't have any loading points.
That's why I always post a note in my prevention speech how to improve system performance after malware removal, because it's described in there to clean temp files etc as well smile.gif

Anyway, good to hear things are OK again. smile.gif
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 March 2010 - 10:08 AM

I just searched for the file on my system and found somethingÖ
1572419169.TMP-02DD00BC.pf c:\windows\prefetch

What is this and how do I remove it?




#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 09 March 2010 - 10:17 AM

That's in your prefectch cache, but really don't worry about your prefetch cache. Those are not really files but prefetch files. It works as an index. You can delete that file in there manually if you want, but if you leave it there, it's fine as well as it can't/won't do anything.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 March 2010 - 10:24 AM

i just went through my internet settings and noticed my norton intrution was disabled?
iv turned it back on again, do you think the virus/adware thing did this?
is there a reset i can do and more to the point why didnt norton tell me?

Thank you so much Miekiemoes for all you have done.
my girlfriend has an infected system as well ... shall i ask her to make an account or can i post her logs here? am asking as i dont think she can get on the internet too well as everything goes to adverts lol

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:21 PM

Posted 09 March 2010 - 10:43 AM

Hi,

Yes, it's possible that the malware disabled your Norton previously, however, this may also happen when no malware is present either.
If your Norton works fine now, then no worry - otherwise you can just reinstall your Norton again, this to make sure.

As for your girlfriend, yes, she can post the logs in this thread as well. Let's start with a HijackThis log and a log from Malwarebytes.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 lavisbre

lavisbre
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 March 2010 - 09:16 PM

ok just got home from work and norton has blocked trojan.gen and it's linked to the 1572419169.tmp
it went off three times today?
iv just looked for the file on my system and nothing....
iv looked in the registry and in a folder in hkey current user microsoft is a folder called "search assistant" is a sub folder called "ACMru" and the is two values 1572419169 & 1572419169 temp
this is the gen can i deleat it?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users