Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dangerous Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 fyasko

fyasko

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 May 2010 - 02:33 PM

My computer just got infected by a virus like a few hours ago. It cancels any application i try to run claiming that its infected and i have to activate an anti-virus. I have an antivirus norton 360 and did a full scan nothing was detected the virus still keeps popping up and it wont let me run anything it closes the applications. please help

Edited by Orange Blossom, 22 May 2010 - 03:42 PM.
Move to AII forum as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 22 May 2010 - 04:15 PM

Hello and welcome... It sounds like your infection is this or similar.
You need to do all the steps.
Please follow our Removal Guide here Remove Data Protection (Uninstall Guide)

You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 May 2010 - 04:23 PM

My computer just got infected by a virus like a few hours ago. It cancels any application i try to run claiming that its infected and i have to activate an anti-virus. I have an antivirus norton 360 and did a full scan nothing was detected the virus still keeps popping up and it wont let me run anything it closes the applications. please help

hey i cant boot into safemode my keyboard wont work in boot... i cant select safemode so it just boots normally....

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 22 May 2010 - 04:27 PM

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection.

Please download SUPERAntiSpyware Free
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
may as well scan with it also as I would have used it later.

If things are still screwy but you can scan in Normal do so..Just let me know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 May 2010 - 04:36 PM

SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection.

Please download SUPERAntiSpyware Free

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.
may as well scan with it also as I would have used it later.

If things are still screwy but you can scan in Normal do so..Just let me know.

I cant install it... damn it!! now it wont let me install anything.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 22 May 2010 - 05:48 PM

Can you try opening a different user account and then proceed/

Or you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.
***
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 May 2010 - 06:30 PM

i managed to create another account and install superantispyware but under the repairs tab i cant find 'repair broken safeboot key' option help?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 22 May 2010 - 09:19 PM

Will it run in Normal Mode?
Can you run mBAM from that account?

Edited by boopme, 22 May 2010 - 09:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 23 May 2010 - 04:08 AM

hey i managed to run malwarebytes in normal mode on the guest account and got rid of the malware. Thanks.

#10 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 23 May 2010 - 04:09 AM

but now one of my games wont connect to the internet... the patcher doesnt work..

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 23 May 2010 - 02:22 PM

Can you post the MBAM log,please.

Can you run SAS in safe or normal?

We should also run this Temp file cleaner.
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 24 May 2010 - 11:07 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4131

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/05/2010 01:57:27
mbam-log-2010-05-23 (01-57-27).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Objects scanned: 448949
Time elapsed: 1 hour(s), 23 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{86wu36um-sq20-1134-kj6g-e3dm3v04g2d1} (Generic.Bot.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\477eo4 (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8af2c76a-8ad6-e7a9-c82f-e2f0b909130c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8af2c76a-8ad6-e7a9-c82f-e2f0b909130c} (Adware.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\Cerberus (Infostealer.Lineage) -> No action taken.

Files Infected:
C:\Windows\System32\Cerberus\server.exe (Generic.Bot.H) -> No action taken.
C:\Users\RaFiKi\AppData\Local\hhvbeejhs\cylmhvltssd.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\RaFiKi\Downloads\install_flash_player.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\477EO4.exe (Adware.Adrotator) -> No action taken.
C:\Windows\SysWOW64\477EO4.exe (Adware.Adrotator) -> No action taken.
C:\Windows\System32\Cerberus\logs.dat (Infostealer.Lineage) -> No action taken.
C:\Windows\System32\Cerberus\plugin.dat (Infostealer.Lineage) -> No action taken.
C:\setup.exe (Trojan.Agent) -> No action taken.
C:\Windows\SysWOW64\KFCZ5Ss0_iInW.dll (Adware.BHO) -> No action taken.

the log

I ran TFC i still have the problem my patcher wont work steam wont work even msn wont work but AIM works. All these worked perfectly before the virus.
DO i need to run SAS?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 PM

Posted 24 May 2010 - 12:13 PM

Hello yes run SAS. Did you click Remove Selected in the MBAM scan?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 24 May 2010 - 12:51 PM

Hello yes run SAS. Did you click Remove Selected in the MBAM scan?

Yes i did currently running sas

#15 fyasko

fyasko
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 24 May 2010 - 02:10 PM

Hello yes run SAS. Did you click Remove Selected in the MBAM scan?

Finished running it i still have the same problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users