Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • Please log in to reply
2 replies to this topic

#1 Jackie5_0

Jackie5_0

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 August 2010 - 04:33 PM

Its a inspiron 1525 running windows Vista

While I was away my bf followed a link on facebook and got a virus. Im not sure of the details other then what he can tell me.
Shortly after following the link when he tried to open IE he would get a msg saying it has been blocked. Then it started opening windows taking him to a antivirus site. He tried to run a scan through norton and it would not let him. He restarted in safe mode and ran the scan and Norton said it found no issues. He tried to do a system restore and couldn't.
Im not sure what happened between then and when I got home. By the time I got home all the IE windows had stopped popping up. The computer would not connect to a network, sometimes it would find them other times it couldn't. When attempting to connect I am told the my wep key is wrong (its not) other times it just cant connect. Before that he had been able to get on the netwrok with a cable, then it wouldent recognize it Help and support is not able to start. It cant communicate with a printer (plugged in) and a bunch of other random problems.

I checked the logs on norton and found the firewall has been modified to allow outbound traffic to two different sites-

The first says its with Adobe but I doubt it
Program name- AcroRd32
Location- C:\Program Files\Adobe\Reader 8.0\AcroRd32.exe
Remote Computer- 85.234.191.199
I googled the ip and its associated with all kinds of malware

The second is
Program name- pfujsvytssd
Location- C:\Users\username\AppData\Local\kggnfcqns\pfujsvytssd.exe
Remote Computer- 79.135.152.202
Google of the ip shows all kinds of antispyware viruses coming from it.

I downloaded Malwarebytes and it found-
C:\Users\username\Appdata\Roaming\Seekmo (Trojan.Agent)
C:\Users\username\AppData\Local\Temp\Low\f162.exe (rouge.installer)
C:\Users\username\AppData\Local\Temp\Low\f162.tmp (rouge.installer)
C:\Users\username\AppData\Local\Temp\bx18dxv.dat (Trojan.Agent)

It didn't remove all of them on the first try, but after a few times it supposedly got rid of everything.

I still cant connect to a network or get on the Internet, and am still having all kinds of random problems.

Help??

Thanks!

BC AdBot (Login to Remove)

 


#2 captaintravis

captaintravis

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 16 August 2010 - 07:02 PM

try downloading Superantispyware and running that... it might find some more stuff (it did for me), but since your internet doesnt work i guess try and downloa it onto a flashdrive and transfer it onto your computer... hope this helps i dont really know much bout computers so this is all i can give you

#3 captaintravis

captaintravis

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 PM

Posted 20 August 2010 - 04:00 AM

also download malwarebytes anti-malware and avast virus protection (both free)... and run those they might find something norton missed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users