Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Windows 7 Need help diagnosing


  • Please log in to reply
3 replies to this topic

#1 wasteomana

wasteomana

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 16 July 2010 - 05:27 PM

First off, I apologize about the lack of information I have to give so far. The computer is not mine, it belongs to my cousin who has asked me to help work on it. When I got to it the a pop up that said "this process is infected, do you want to run your antivirus software?" popped up every anything was run on the computer, including task manager. The internet explorer only goes to one site (antiv). I restarted it in safe-mode with networking but the internet explorer still does not work although there are no popups on it now. After restarting I put it into selective startup and do not know what the next step to take would be.

Thanks in advance.

Edit:
Things I know so far:

The following are things on startup I don't recognize:
C:\Users\cousin\AppData\Local\Temp\win16.exe
C:\Users\cousin\AppData\Local\Temp\lepvaa74x.exe
C:\Users\cousin\AppData\Local\lpcasrtyq\iykymbatssd.exe

Edited by wasteomana, 16 July 2010 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 16 July 2010 - 08:33 PM

The first is malware , the other two look like orphaned malware.
Can you submit the first one?
C:\Users\cousin\AppData\Local\Temp\win16.exe
What tool detected these?


Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wasteomana

wasteomana
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 17 July 2010 - 12:44 AM

The first is malware , the other two look like orphaned malware.
Can you submit the first one?
C:\Users\cousin\AppData\Local\Temp\win16.exe
What tool detected these?


Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



To the first question: Nothing detected the files I listed. All I did was look in Msconfig at the startup programs and noticed those were out of place.

My main problem is that since so many things are "corrupted" I can't get any web browser to work on that pc and thus can't use the links you provided me with. Is there anything that can be downloaded onto a flash drive and then taken over to the PC to use? Or do you have any way of fixing the browser problem so I can try to use the links you provided?

I know the computer does have an internet connection even with all the problems it is experiencing and the lack of being able to connect to anything via the browser. From a cmd prompt I pinged Yahoo and everything can back just fine.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 17 July 2010 - 09:09 AM

OK< try these....
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again....


OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.
***
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users