Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networking Problems


  • This topic is locked This topic is locked
10 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 25 June 2010 - 05:33 PM

I am having some problems with my network! I am almost for sure that it is hacked or just plain trojans are present! When I start my computer up I get two messages: Please wait or Configuring Updates!! I have so many fail updates I don't know what to do. So this is fake and has always been fake, because when it says configuring updates I can go to the updates and nothing has been updated but all updates have failed. Can someone please help me get this resolved. I have restored my system over 20 times and still the same problem. I dont know if the disk are infected or what! But before I restored I downloaded Dr. WebCureIt- and it found something on my D:\ preload

EDIT: Moved from Networking to Am I Infected ~ Hamluis.

Edited by hamluis, 29 June 2010 - 09:43 AM.


BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:49 PM

Posted 27 June 2010 - 07:07 PM

Hi,
Maybe it would help if you posted the Dr. Web Cureit log? It is in .csv format, but it can be opened and viewed with notepad, so you can cut and paste the contents. I forget the exact directory, but it is somewhere within the program folder. But updates failing is not a good thing. I've never had it happen to me personally, but I've seen it, and it's usually not pretty. But even so, that doesn't mean you're hosed either. I believe that with a bit more information, we can get this one out of the way. Do you by any chance remember when this started, and what you were doing or attempting to do at the time? Let us know when you get a chance.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 28 June 2010 - 03:07 PM

Hi,
Maybe it would help if you posted the Dr. Web Cureit log? It is in .csv format, but it can be opened and viewed with notepad, so you can cut and paste the contents. I forget the exact directory, but it is somewhere within the program folder. But updates failing is not a good thing. I've never had it happen to me personally, but I've seen it, and it's usually not pretty. But even so, that doesn't mean you're hosed either. I believe that with a bit more information, we can get this one out of the way. Do you by any chance remember when this started, and what you were doing or attempting to do at the time? Let us know when you get a chance.

Regards,
Chromebuster


It has been going on for a while! I just use the disk that came with my system and I have done this about 20 or more times! Still the same thing! I am getting fake updates and I will explain that to you! I get a window stating it needs to restart system and you can't postpone the updates. A normal windows update you can either restart and update or post pone it! (That's the real one) The fake one shuts my system down, restart my computer, capture screen shots and stalls my computer with a screen where I can't move my mouse at all! Also when I start my computer up it states one or two things: Please Wait or Configuring Updates!! all the time! With that being said that is not normal!

SlgClientServicesRedists.exe\1.file;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Container contains infected objects;Cannot delete.;
acssetup.exe\setup.exe;C:\Program Files\Online Services\Aolca\comps\acs\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Online Services\Aolca\comps\acs;Container contains infected objects - unpack error - unpack error;Cannot delete.;
Setup.exe\wab.api;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;;
Setup.exe;C:\Program Files\Online Services\Netscape_ca;Container contains infected objects;Cannot delete.;
cakemania-setup.exe/SlgClientServicesRedists.exe\1.file;D:\hp\apps\APP21351\src\install\games\cakemania-setup.exe/SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;D:\hp\apps\APP21351\src\install\games;Container contains infected objects;;
cakemania-setup.exe;D:\hp\apps\APP21351\src\install\games;Container contains infected objects;Cannot delete.;
73NAv3PrA123.wim/data001\setup.exe;D:\PRELOAD\73NAv3PrA123.wim/data001;Probably BACKDOOR.Trojan;;
data001;D:\PRELOAD;Container contains infected objects;;
73NAv3PrA123.wim;D:\PRELOAD;Container contains infected objects - unpack error - unpack error;Cannot delete.;
73NAv3PrA125.wim/data001/data003\wab.api;D:\PRELOAD\73NAv3PrA125.wim/data001/data003;Trojan.MulDrop.origin;;
data003;D:\PRELOAD;Container contains infected objects;;
data001;D:\PRELOAD;Container contains infected objects;;
73NAv3PrA125.wim;D:\PRELOAD;Container contains infected objects;Cannot delete.;

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:49 PM

Posted 28 June 2010 - 09:29 PM

Ah, ... from the look of the first entry in that log, it appears that you were doing something with some kind of game, and so a rogue is trying to trick you with it's fake update tactics. Adware.spywareStorm, sounds like a rogue to me. Do me a favor. Try to download malwarebytes anti-malware. After downloading and installing the application, make sure that the following are checked: update malwarebytes Anti-Malware and launch Malwarebytes Anti-malware. Then run a full scan. Post back here with the log. Anything that is unable to be removed, therre is a tool called file assassin built right into MBAM. Go to the "more tools" tab and then browse to the said location and have it unlock the file and then mark it for deletion. Hope this helps.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 29 June 2010 - 09:52 AM

Caution: FileAssassin is a powerful program, designed to remove highly persistent files. Using it incorrectly could lead to serious problems with your operating system. As such, you need to be sure the file you are trying to delete is not a critical file and be careful whose advice you follow. Please read the pinned sticky How do I get help? Who is helping me?

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:49 PM

Posted 29 June 2010 - 01:56 PM

Oh my Gosh! Quietman7, I'm so sorry! I wasn't even thinking when I wrote that, and I guess it's the inner geek in me talking, and sometimes I've got to ignore it on here. Forgive me.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#7 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 30 June 2010 - 03:06 PM

You are not going to believe this but as soon as I got on Bleeping Computer that fake window came up and I could't post pone the fake update windows! So it logged me off! I did the TFC and it rebooted my computer to get rid of the rest of whateva was there. Now, for the malware bytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4262

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16982

6/30/2010 12:44:47 PM
mbam-log-2010-06-30 (12-44-47).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 265776
Time elapsed: 32 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It didnt catch it!! I keep getting that please wait, then configuring updates!!! Also I ran a scan with Avira and it deceted 11 hidden objects but for some reason I cant find the log!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 30 June 2010 - 04:41 PM

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to begin.
  • If offered the option to get information or buy software. Just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

    C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 30 June 2010 - 11:55 PM

Ok i ran the scan but for some odd reason I am getting an eror message: Windows cannot find C:\Programs, when I try to copy and paste the log! First of all I cant find it!

This is what I found under log!
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

Edited by kymberly, 30 June 2010 - 11:59 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 01 July 2010 - 06:22 AM

Without being able to see any logs, I cannot ascertain what was detected/removed so I recommend further investigation. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Before that can be done you will need you to create and post a DDS/HijackThis log.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 01 July 2010 - 04:52 PM

I have moved (split away) your log to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help members with malware issues. Although our Malware Response Team work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.

New and more devious malware infections are released almost daily. It then takes time for our Team to to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Although your topic looks lost in the queue of many pages where others have posted for help since you did, it will not be overlooked. The forum is set up so team members can view all the unanswered topics by clicking a special link only they can see.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users