Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop is infected with some nasty bleep... Help please


  • This topic is locked This topic is locked
11 replies to this topic

#1 eriathwen

eriathwen

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 11:38 AM

Hi everyone

I started having problems with my new Laptop a while ago, and Ive been trying to fix it several times, but it keeps coming back :flowers:

Im beeing bombarded with nasty ads and pop-ups, and my internet is extreemly slow

Ive tried numerous programs (like: AntiMalewarebites, Superantispyware, SpybotS&D, f-secure++ to get rid of the problem, and I thaugt I did several times, but the problems keep coming back.
I'm scanning my computer now with superantispyware, and will post the results when its done.
Spybot S&D found Virtumonde a couple of days ago, and I then thaugt that my computer got rid of it, but the problem is still remaining.

Can someone help me please?

It's an Acer Aspire one 751

Windows XP Home
Microsoft security essentials
SuperAntiSpyware
Ccleaner

PS: Im dyselectic and English is not my maine languish, so if something is hard to understand, please ask :thumbsup:
SpybotS&D

BC AdBot (Login to Remove)

 


#2 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 11:56 AM

One question.... How do I post the result of Superantispyware searc??
And is there other things I need to do (other logs I need to post?


Eriathwen

#3 roadclosed

roadclosed

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 12:20 PM

One question.... How do I post the result of Superantispyware searc??
And is there other things I need to do (other logs I need to post?


Eriathwen




To retrieve the Superantispyware log report >>>

Open the program and go to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe Note Pad ; you need to copy and paste that log for checking;

hope that helps?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 AM

Posted 12 May 2010 - 01:40 PM

Yes also run...
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 03:53 PM

Hi again
Sorry for a bit late reply, I got cauht up with something..
Thank you for helping me post the log :thumbsup:
Well this is the latest log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2010 at 06:42 PM

Application Version : 4.37.1000

Core Rules Database Version : 4914
Trace Rules Database Version: 2726

Scan type : Complete Scan
Total Scan Time : 00:52:27

Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 5081
Registry threats detected : 0
File items scanned : 17071
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@atdmt[2].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@track.adform[3].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@track.adform[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@collective-media[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@ads.vg.basefarm[2].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@kontera[2].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@content.yieldmanager[2].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@revsci[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@eas4.emediate[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@e2.emediate[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@content.yieldmanager[3].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@www.googleadservices[1].txt
C:\Documents and Settings\Monica Aakvik\Cookies\monica_aakvik@tribalfusion[2].txt

I'll try TFC and what you told me boopme
What does reboot mean? .....restart?

#6 HijackMeThis

HijackMeThis

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, US
  • Local time:11:13 AM

Posted 12 May 2010 - 04:26 PM

What does reboot mean? .....restart?


Reboot means to restart, yes

#7 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 04:38 PM

Hi again

I've done what you told me to boopme, and according to the log Im now clean, and Its a messege I've seen before without being clean, but I really hope It is clean :thumbsup:
I'll surfe a bit and see what happens
And thank you so much for your help

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversjon: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.05.2010 23:29:46
mbam-log-2010-05-12 (23-29-46).txt

Skanntype: Hurtigsøk
Objekter skannet: 115051
Tid tilbakelagt: 11 minutt(er), 5 sekund(er)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0

Minneprosesser infisert:
(Ingen skadelige objekter funnet)


SatNam
Minnemoduler infisert:
(Ingen skadelige objekter funnet)

Registernøkler infisert:
(Ingen skadelige objekter funnet)

Registerverdier infisert:
(Ingen skadelige objekter funnet)

Registerfiler infisert:
(Ingen skadelige objekter funnet)

Mapper infisert:
(Ingen skadelige objekter funnet)

Filer infisert
(Ingen skadelige objekter funnet)

#8 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 12 May 2010 - 04:47 PM

Hi again, that did not take long....hmmm
No still got fake message allerts..

Like I said I got a hit on trojan VirtuMonde a couple of days ago by spybots&d and "got rid" of it, ... but I have a feeling it did not!
Any other idea (s)


SatNam

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 AM

Posted 12 May 2010 - 07:50 PM

Hi, do you know if Spybot's Teatimer app is running?

Let's try an online scan
ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 13 May 2010 - 05:41 AM

Hi again

No I turned of the tea-timer, and I scaned my computer with the scanner you are presenting (eset) last night after you helped me, when my computer started to be funny again, no viruses... I tried a few other onlinescans as well....
Another symptom is that on and of I cant scroll with my pad, If I cleen out the computer with f.ex superantispyware It works fine again.
This is not a problem im experiense every day, but a few times a week. And its slow, and my internett is wery slow, Ive notised that my cpu is giong crazy.

Ive just scanned with mbam now, no hits, not eaven a coockie. But SuperAS is always finding something if I have open my browser before the scan... So something is very strange..

This is the last log from mbam:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversjon: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.05.2010 12:35:26
mbam-log-2010-05-13 (12-35-26).txt

Skanntype: Hurtigsøk
Objekter skannet: 114994
Tid tilbakelagt: 14 minutt(er), 38 sekund(er)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0

Minneprosesser infisert:
(Ingen skadelige objekter funnet)

Minnemoduler infisert:
(Ingen skadelige objekter funnet)

Registernøkler infisert:
(Ingen skadelige objekter funnet)

Registerverdier infisert:
(Ingen skadelige objekter funnet)

Registerfiler infisert:
(Ingen skadelige objekter funnet)

Mapper infisert:
(Ingen skadelige objekter funnet)

Filer infisert
(Ingen skadelige objekter funnet)

Edited by eriathwen, 13 May 2010 - 05:46 AM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 AM

Posted 13 May 2010 - 09:27 AM

OK, perhaps there is a protected or hidden malware. We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:13 AM

Posted 13 May 2010 - 08:19 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/316677/ive-been-infected-with-something-nasty/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users