Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird virus?


  • Please log in to reply
2 replies to this topic

#1 empath

empath

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 18 June 2010 - 02:59 PM

On June 6th, I suddenly got a popup from Stopzilla saying that my computer was infected with various viruses. I was suspicious of this because I hadn't initiated the scan and didn't know the product- was just doing regular computer work involving online sites that have never given me problems in the past. I also started to get tabs opening in Firefox like crazy. So, I kept clicking the red "X" at the top to prevent installation of Stopzilla... but, it ended up installing, anyway. I didn't pay for it, though. It just self-installed despite my pressing "no", "cancel", and the red "x". And, a bunch of tabs were popping up without me clicking on anything. So, I quickly installed a trial version of Kaspersky to check if I'd just gotten a virus. It found a few things: (1) a phishing URL (2) Trojan.Win32.Autorun.kt and so I also installed Malwarebytes to see if it would find anything after that, which it did not. Everything appeared to be working alright and the opening of random windows had stopped.

However, whenever my computer would restart, Stopzilla would open itself. Stopzilla would open and I'd right click in the system tray to "exit". Very annoying. So, I uninstalled Stopzilla but the file sziebho.dll would not uninstall because it says another file is using it. Then, on June 13, Malwarebytes detected "Files Infected:C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP138\A0017394.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully." and on June 15, Kaspersky detected "Trojan-clicker.JS.Iframe.ea". The site listed was fembolly.com, which is a bollywood site that I have never visited. But, it's possible it was opened during the earlier incident.

Then, yesterday evening, June 17th, I was at a friend's home and accessed her wireless network to get some work done. Her sister was apparently "downloading movies" at the same time. I suddenly got a popup message that Kaspersky's blacklist was corrupted. I tried to choose the option to fix it but that wouldn't work (I forget what the message was). The screen for the Kaspersky messages also didn't look normal- it was all whitish as if the graphics had been damaged. I also could not access task manager- I could not access it through Ctl-Alt-Delete and couldn't do Run-> taskmrg because it would say that the file was not found. Then, I noticed that all the ".exe" files were not working. One was renamed from file.exe to file.exe.mui and another was renamed file.exe.manifest. Any .exe file that I tried to select would not work and the icon would change and the shortcut would become linked to unins000.exe, in other words, clicking on any program would only lead to a prompt to uninstall the program. An error message said the iexplorer.exe was not a valid win32 application. Mbam.exe was not in the directory folder and clicking on its icon only lead to the prompt to uninstall. However, I could get to regedit just fine and Windows did load. I could also access Firefox, though I would get an error about not being able to find jqsnotify.exe.

I went into Safe mode and it was all the same, couldn't access task manager or any exe files. So, I ran online Panda virus check and then ESET but neither showed any virus! I finally thought to do a system restore, so I went back to an earlier point- Wed, the 16th because it was before the ".exe" problems and was when Kaspersky and Malwarebytes appeared to be working normally. However, now I wonder... but, at this point, my computer is running okay. But, the sziebho.dll file is still there and Kaspersky and Malwarebytes say the computer is "clean". But, they said that before and yet something happened.

Any ideas about what occurred? I'm concerned that I still have a latent virus on this computer and I want to get it taken care of ASAP! Could this have been caused by whatever caused my earlier problem with rampant pop-ups and Stopzilla that couldn't be fully uninstalled? Or could this have been caused by my friend's sister downloading and opening something with a virus while I was connected to their wireless network? Whatever it was disabled Kaspersky, appeared to have deleted some files including taskmgr.exe, and only a system restore to an earlier point resolved the problem. The odd part was that the online anti-virus sites didn't find anything even though there clearly was a problem! I'm not as surprised they didn't find anything after the system restore, but I still don't trust that my computer is in the clear, particularly because I just ran SuperAntiSpyware Free Edition and found 11 Adware.Flash tracking cookies and 54 Adware.Tracking cookies... and this was after I'd removed all cookies via the program options in Firefox and IE and had scanned with Malwarebytes and Kaspersky.

Thanks for any help!!!

Edited by empath, 18 June 2010 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 VoidX789

VoidX789

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 19 June 2010 - 06:44 PM

Some staff members should show up shortly. Just be patient. These guys are the best, but a lot of people need help, so just be patient.
Remember to try to post as much info as possible. One way to make everything get done faster is to make a post telling the staff about your computer's hardware info, what operating system you use, what antivirus you use, and what the virus does and when it first showed up.

You have posted some good information already as well. Thank you for providing information.
Welcome to the Void of Insanity
Posted Image

#3 empath

empath
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 June 2010 - 07:35 PM

Thanks, VoidX789! I know that the staff are busy, busy on this site. I'm running Win XP Media Center Edition, Version 2002, Service Pack 3 on a Toshiba Satellite with Intel Core 2 CPU T5500 at 1.66GHz, 1.99 GB RAM. After using the system restore point, I now have Kaspersky Trial Edition running (continuous scan), Malwarebytes Free Version (on demand scan), and SuperAntiSpy free version (continuous scan). I also installed the "No Scripts" and "Ad Block Plus" add-ons for Firefox to minimize the likelihood of getting a web-based virus in the future. I'm willing to purchase an antivirus program but was surprised/disappointed that I got the virus that I wrote about while having Kaspersky installed and running on my system. So, now I'm not sure that I'm virus free and not sure which program to purchase since Kaspersky had never failed me in the past when I had the paid version. Hope all of this info helps!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users