Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a nasty virus


  • Please log in to reply
13 replies to this topic

#1 HelpDan

HelpDan

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 June 2010 - 10:48 AM

Yesterday I was browsing the web. I was looking at legit forums because the WOT and the AVG page status said they were find. Anyways When I entered one page on a forum(forgot the forum) AVG popped up and it said: "Exploit Neosploit Toolkit (type 1126)";"dfgysdfgfdd.info/cgi-bin/001";"Object was blocked";"11/06/2010, 11:15:10 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"

Now it said object was blocked so I turned off my computer. This morning I was thinking maybe the virus isnt gone and I need to clean it.

Any help?

BC AdBot (Login to Remove)

 


#2 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:05:49 PM

Posted 12 June 2010 - 11:24 AM

If AVG cleaned it and you have no problems. There's no need to worry about. Continue with what you want to do.
If not, boot the computer in safe mode, and run a full computer AVG scan. Sometimes, AVG does wonders in safe mode.

If any problem persists, download the free version of - Malwarebytes Anti-Malware and conduct a full computer scan.

As I said above, if AVG blocked it and you have no problems, there's nothing to worry about. :thumbsup:
SYSTEM SPECS.
Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#3 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 June 2010 - 11:26 AM

Ok I'll just do a full MBAM scan then cause my computer wont let me go to safe mode..
Since day one
Thanks a lot :D

#4 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 June 2010 - 11:29 AM

Just in case can I get a member that deals with this stuff a lot to confirm this?
No offense Alvas Rawuther.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 AM

Posted 12 June 2010 - 04:42 PM

Please post the MBAM log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 12 June 2010 - 05:19 PM

I didn't pick up anything..
I also have a SAS scan that just finished with stuff in it though if you want to see it.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4191

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/06/2010 2:27:36 PM
mbam-log-2010-06-12 (14-27-36).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 303550
Time elapsed: 1 hour(s), 58 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 AM

Posted 12 June 2010 - 10:24 PM

Go ahead and post the SAS log.

Also, has AVG given you any more alerts?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:05:49 PM

Posted 13 June 2010 - 02:20 AM

Just in case can I get a member that deals with this stuff a lot to confirm this?
No offense Alvas Rawuther.


Believe me, I have had a nightmare of viruses before.
So, I have some good experience with them now. :thumbsup:

If MBAM doesn't detect anything, AVG doesn't alert you about anything, and you have no problems. There is nothing to worry about. :flowers:
SYSTEM SPECS.
Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#9 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 13 June 2010 - 11:03 AM

SAS log. Only found tracking cookies.
I think Alvas is right, I'm fine.

Thank you both Alvas Rawuther and Orange Blossom for helping me :thumbsup:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/12/2010 at 05:59 PM

Application Version : 4.39.1002

Core Rules Database Version : 5061
Trace Rules Database Version: 2873

Scan type : Complete Scan
Total Scan Time : 02:10:23

Memory items scanned : 794
Memory threats detected : 0
Registry items scanned : 7803
Registry threats detected : 0
File items scanned : 177428
File threats detected : 16

Adware.Tracking Cookie
C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Cookies\daniel@doubleclick[1].txt
C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Cookies\daniel@bellcan.adbureau[2].txt
media.ign.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
media.mtvnservices.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
media1.break.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
mediacloud.whirled.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
naiadsystems.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
secure-us.imrworldwide.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
udn.specificclick.net [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]
widgets.cracked.com [ C:\Users\daniel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZPUU4W6A ]


Adware.Flash Tracking Cookie
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\MEDIA1.BREAK.COM
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\MEDIACLOUD.WHIRLED.COM
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\UDN.SPECIFICCLICK.NET
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\WIDGETS.CRACKED.COM
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\NAIADSYSTEMS.COM
C:\Users\daniel\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZPUU4W6A\SECURE-US.IMRWORLDWIDE.COM

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 AM

Posted 13 June 2010 - 02:48 PM

Hello HelpDan,

I think the AVG alert was simply a notice saying it blocked an exploit from the website from getting into your computer. I am not entirely certain of this however.

Do you know how to see the extensions and add-ons in Firefox? If so, please navigate there and see if there is something there you don't recognize. If there is, please post the entire name in your next reply.

As for the SAS log, you are right, simply tracking cookies. Some of them, however, are of the sort you might not want installed in the first place.

Some suggestions:

Install Spywareblaster. It blocks a lot of cookies and other spyware from getting on your computer in the first place. It does not run actively, so it won't reduce computer performance any. Update it once a week and make sure you enable all protection.

[*]Spywareblaster - prevents spyware from being installed on your PC. - Tutorial: Using SpywareBlaster

Macromedia flash stores cookies and content on your computer, but the settings to control that are NOT on the computer. To control what gets stored or not stored, and to remove what IS stored, you need to go here: http://www.macromedia.com/support/document..._manager07.html

Overview of the various aspects is here: http://www.macromedia.com/support/document...gs_manager.html

I see that you use FireFox, so I would suggest installing the Extension NoScript. You can read about it here: http://noscript.net/

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 13 June 2010 - 03:19 PM

Ok I'll use the spywareblaster.
As for the Add-ons and the extensions all of them are the same, and I do have no script already.
Another questions though, are any of the tracking cookies harmful?

Cheers Orange Blossom thank you so much for the help.

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 AM

Posted 13 June 2010 - 03:27 PM

Hello,

Tracking cookies are not a threat, but there are privacy concerns. Tracking cookies are a kind of third party cookie, and most are completely unnecessary. You can read more about the kinds of cookies and how to block unwanted cookies in IE in the in this post: http://www.bleepingcomputer.com/forums/ind...st&p=702871

The links he provides will tell you how to block third party cookies in IE.

You can set up Firefox to block unwanted and unneeded cookies this way:

Click on Tools --> Options --> Privacy

Make sure there is a check mark by "Accept Cookies from Sites." Then in the box just below, make sure the window says "Ask me every time."

What this will do is that every time a site wants to put a cookie on your computer, a little window will pop up asking you if you want to accept it. The first time it shows up, click on "Show details". From then on, except when you reinstall Firefox or in some instances update it, the details will always be shown. There you can see who wants to put it on your computer and whether it is a session cookie or a permanent cookie.

You can add the site to your black list or white list by putting a check mark Use my choice for all cookies from this site and clicking on Deny which adds it to the black list or Allow for session or Allow. The latter choice means that any permanent cookies will stay on your computer until they expire or you delete them. The former choice means that the cookies will always go away when you close your browser. Either way, the sites will be added to the white list.

You can see what cookies are installed by clicking on the Show Cookies button on the privacy screen where you set the cookie options. When you click on Exceptions you will see the list of sites blocked from or permitted to set cookies. You can manually add sites to the block or allow list here, and you can also remove sites from the list.

Spywareblaster will add a large number of sites to the block list.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 HelpDan

HelpDan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 13 June 2010 - 03:35 PM

Ok Orange Blossom I did what you told me.
One last question you think I'm safe to surf and log in to stuff now?
Thanks :D

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 AM

Posted 13 June 2010 - 03:47 PM

I don't see anything that would indicate a problem, though that doesn't necessarily mean that there isn't one. Go ahead and navigate the web for a while and see what happens.

If you notice pop-ups, redirections, or anything else wonky, please post back with a clear description.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users