Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Promlem with Spam & Malware


  • Please log in to reply
2 replies to this topic

#1 Ishee

Ishee

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 16 September 2010 - 03:28 AM

Hi

I have Window Xp Pro on my pc. It was working find till couple of days ago. When I clicked any link on my google search reasult, I get directed to other website ie hxxp://uk.gomeo.co.uk/
I can't used IE or FFox and very forstrated.

I have Norton Internet Security 2010. But It doesn't help to stop it.

Please can some advice me how can I remove this malware or spam.

Many thanks

Edited by Blade Zephon, 16 September 2010 - 03:39 AM.
Moved to AII, deactivated link. ~BZ


BC AdBot (Login to Remove)

 


#2 Doomsis

Doomsis

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:07:23 AM

Posted 16 September 2010 - 10:43 AM

uM.. i DOWNLOADed as you said to download it to the random name and ran the program on safe mode, but each time i run the scan it would automatically restart to normal mode. It won't let me even save the log. When it returns to normal mode, 1st it said log error so i did system restore and tried again. So i did system restore from yesterday at 11pm. I ran safe mode. Before i started the Scan button, i unchecked devices on safe mode. It restarted again without letting me save the log. When i reached the screen on normal mode it said that system error occurred. So i did system restore point from 11pm last night.

Also is this helps whenever i reach the screen after i enter my password to my computer, the screen flashes a black screen. There's also a white solid window that flashes several times then goes away. My antivirus is cyberdefender - maybe it's not trust-able

Also whenever i did system restore everytime the gmer failed to let me save the log, it automatically installs malewarebytes (usually when u just installed a program, its highlighted when u browse programs on the start button) and it saves this log cuz i don't remember seeing this log before. I never ran malewarebytes on the 10th of september. I always use my cyberdefender here's the log it produced:

www.malwarebytes.org

Database version: 4590

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9/10/2010 12:36:20 PM
mbam-log-2010-09-10 (12-36-20).txt

Scan type: Quick scan
Objects scanned: 129812
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\hbliteax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6f098504-cdb1-420f-a2e6-ddc0b835fedf} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbliteax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbliteax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbliteax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
D:\Documents and Settings\rey\Application Data\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
D:\Program Files\HBLite\bin\11.0.181.0\HBLiteSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\HBLiteSA\HBLiteSA_kyf_update.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\HBLiteSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\HBLiteUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
D:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Edited by Doomsis, 16 September 2010 - 10:45 AM.


#3 Doomsis

Doomsis

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kaysville, UT
  • Local time:07:23 AM

Posted 17 September 2010 - 02:04 PM

sorry wrong thread




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users