Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Blocking Virus


  • Please log in to reply
9 replies to this topic

#1 Whirly

Whirly

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 19 March 2010 - 11:47 AM

I was trying to watch a movie online when i accidentally clicked one of the divx ads, which started the download which i accidentally confirmed.

I ran malwarebytes and SAS and they removed oodles of things, but whenever I boot up after a scan, these two items will not get deleted.

C:\PROGRAM FILES\INTERNET EXPLORER\WMPSCFGS.EXE
C:\WINDOWS\Prefetch\WMPSCFGS.EXE-2DC2A9E2.pf


After removal, whenever I try to use an internet browser, it gives me a usp10.dll error. This happens when I use windows explorer as well. My wireless adapter can connect to the family router, but it says there is no connection regardless. I can't run system restore either, as when i do it in regular mode, it says it is disabled by group policy, and when tried in safe mode it says i should try outside of safemode.

Malwarebytes was fine before removing, but after the mbam.exe did not work anymore even though it was named something else, and when i tried installing again, the mbam.exe did not appear. SAS works fine though.

Using Windows xP Home SP3

BC AdBot (Login to Remove)

 


#2 Whirly

Whirly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 21 March 2010 - 09:28 AM

bump

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:39 PM

Posted 21 March 2010 - 08:57 PM

Hello let's try this..

Open Task Manger (ctrl+shift+esc) then click on the Processes tab
If there are any of these running
WMPSCFGS.EXE
Highlight them and click End Task
Close


Show hidden files and then update and rescan with MBAM.(see below)

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.


Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

MBAM
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray. (DO NOT run Yet)


Now Run RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.


    Run MBAM (MalwareBytes) like this:

    Open MBAM in normal mode and click Update tab, select Check for Updates,when done
    click Scanner tab,select Quick scan and scan (normal mode).
    After scan click Remove Selected, Post new scan log and Reboot into normal mode.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Whirly

Whirly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 22 March 2010 - 07:37 AM

how should I update Malwarebytes if I don't have internet access?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:39 PM

Posted 22 March 2010 - 09:59 AM

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.
***
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware[/color]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Whirly

Whirly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 24 March 2010 - 09:37 PM

This virus is annoying me, i tried many things in what you suggested but

-The folder options option is not there in the tools menu, and when i try to enable it via regedit, it says it is blocked by admin
-I get an error code 0 when trying to run mbam clean
-When I try to manually delete malwarebytes, some files just will not delete
-Upon reinstall of malwarebytes, the mbam.exe file still does not show up
-The system restore and internet/browser problems still exist
-When booting up, theres a screen where it says autocheck not found skipping autocheck

ill probably end up re-installing the OS to see if I can fix something/anything

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:39 PM

Posted 24 March 2010 - 09:51 PM

Was that a Runtime Error 0 ?

We need a deeper look,please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic from step 9.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Whirly

Whirly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 24 March 2010 - 10:02 PM

I'll get on it, I assume you don't want me to start a new topic though

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:39 PM

Posted 24 March 2010 - 10:28 PM

Yes we need a new topic as you will see in step 9. We use a separate forum with those logs.
You can include a link back to here, it's http://www.bleepingcomputer.com/forums/ind...03&t=303580
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Whirly

Whirly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 24 March 2010 - 10:39 PM

Link to Other Thread




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users