Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error messages while running programs


  • This topic is locked This topic is locked
12 replies to this topic

#1 rattenjunge

rattenjunge

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 01 November 2010 - 03:49 PM

Hello, i've found this site while searching for information on similar problems.

I had this nasty infection in my computer, so i ran Avast!,Spybot S&D, Malwarebytes and SuperAntispyware. These programs found and deleted smitfraud-c, Win.32agent, Trojan.fakealert, trojan.alert, malware.trace, trojan.ircbot, etc.

Everything seemed fine, until I opened a Firefox window, that showed me thie error mesage:

C:\...\bin\jqsnotify.exe
Windows cannot access the specified device, path, file...

As well as when i open an .dwg drawing with AutoCAD:

C:\...\AutoCAD 2008\acad.exe
Windows cannot access the specified device, path, file...

I have tried re-instaling Firefox, Java and Autocad, but the messages are still showing.

Am I still infected?, what can I do about it?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 02 November 2010 - 11:17 AM

Hello, do these apps work and you only get these errors?

Please post your MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Also runFakeAlert Stinger.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rattenjunge

rattenjunge
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 November 2010 - 10:51 PM

Hello.

Yes, the apps work: In the case of Java/Firefox, when I open a Firefox window (or pop-up) I get the Java related error message, then click Ok and Firefox starts Normally. In the case of AutoCAD I can't open the program by clicking the file icon; I have to run Autocad and then open files, but then works normally.


Here's the malwarebytes log by the time malware was found and deleted:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4916

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/10/2010 05:27:59 PM
mbam-log-2010-10-22 (17-27-59).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 285860
Time elapsed: 1 hour(s), 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{36a5a0db-297e-fde2-0501-060104070800} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HERMIDA\Configuración local\Temp\1a8SCa8S.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HERMIDA\Configuración local\Temp\BgbsSgbs.exe (Trojan.Agent) -> Quarantined and deleted successfully.



And here's the FakeAlert Stinger log:

McAfee® Labs Stinger™ Version 10.1.0.728 built on Mar 18 2010

Copyright © 2010 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Mar 18 2010.

Ready to scan for 1331 viruses, trojans and variants.



Scan initiated on Tue Nov 02 20:27:02 2010

Number of clean files: 113599

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 03 November 2010 - 12:57 PM

Hi, we still need to to a couple things.

What version of JAVA is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).


Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rattenjunge

rattenjunge
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 03 November 2010 - 09:48 PM

Hello.

I have installed Java 6 Update 22 (build 1.6.0_22-b04)

And here is ESET log:


C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 03 November 2010 - 09:58 PM

OK, we are finding the Malware in the system restore and Spybot's Quarantine.. Empty Spybot's Quarantine.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.


How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 rattenjunge

rattenjunge
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 04 November 2010 - 11:42 PM

Hello.

Spybot's 'Recovery' folder was already empty. And I've followed the instructions in order to create a new Restore point, however things are still the same. I still get the same error messages while attempting to open AutoCAD from any file icon; and the Java error everytime a Firefox window opens. However it seems that these are the only apps I have problems with.

Is there anything else to do?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 05 November 2010 - 12:26 AM

I am hoping it's as simple as this.
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

See if they are fixed now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 rattenjunge

rattenjunge
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 05 November 2010 - 09:35 AM

Hello.

I've run FixExe.reg while in Safe Mode with Networking. I'm afraid things are still the same.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 05 November 2010 - 01:30 PM

We need a deeper look to catch this rat. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 rattenjunge

rattenjunge
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 05 November 2010 - 06:13 PM

Hello again.

Now, this is weird. I tried to follow those steps, but I encountered with two problems. First, I couldn't run DDS because '.scr' files are already associated with AutoCAD scripts, so everytime I double-clik dds.scr a text file full of code appears. And second, I tried to run GMER a couple of times, but everytime just when it started to run, my PC mysteriously restarted, and then showed me an error message: "System has recovered from Serious error"

Is there anything I can do? Should I open a new topic anyway?

Thanks.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 PM

Posted 05 November 2010 - 07:14 PM

That's ugly ...
If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.
Link 1 for 32-bit version
Link 2 for 32-bit version

Link 1 for 64-bit version
Link 2 for 64-bit versionThis tool needs to run while the computer is connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.

  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
    If using Windows Vista, be sure to Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
-- Note: Do not post the contents of info.txt in your reply. Instead, just include it as an attachment to upload using the "Browse" button in the text editor when making your reply.

Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,987 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:35 PM

Posted 05 November 2010 - 09:37 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic358814.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users