Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remnants of an old virus, Take 2.


  • Please log in to reply
6 replies to this topic

#1 Geordi

Geordi

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 26 November 2010 - 02:55 AM

Hello, my computer has been functioning perfectly since my experience with chewy a few weeks ago, (check my posting history), but once in internet explorer a new tab was opened to browser-alert07.co.cc , which stated

"Windows Security has found critical process activity on your system and will perform fast scan of system files"

This has not happened since the incident and it was the only time it's happened in two weeks.

I'm on a Windows 7 64 bit system so ensure that any programs you tell me to run are compatible. Last time chewy had instructed me to run TFC, which isn't really compatible with w7, it didn't really hurt anything, but just saying!

I've run MBAM, Spybot, Super Anti-Spyware, all of which found nothing.

I would post this in the other subsection but honestly I'm afraid to run anything that makes any immediate changes and wasn't sure if tools such as DDS, Hijackthis, and GMER do make immediate changes or not.

Standing by,

Geordi.

Edit: Oh and I was wondering if I should just run the IE fix tool my MS before I try anything else to attempt to get rid of this, as no other browsers are affected and I've noticed nothing else strange including any process or system hitches. When the tab came up I properly exited out via Alt-F4, I did not click the pop-up at all.

edit2: I had figured out how to work HJT and didn't notice anything suspicious myself checking through all entries. Perhaps it was a one-time incident, my parents were on the computer when it happened and they called me over to check it out. I know HJT is a bit outdated though, so help!

Edited by Geordi, 26 November 2010 - 04:19 AM.


BC AdBot (Login to Remove)

 


#2 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 November 2010 - 03:38 PM

Bump. Avira guard apparently blocked something as I was sleeping (my parents were using the computers).

Virus or unwanted program 'HTML/Rce.Gen [virus]'
detected in file 'C:\Users\Geordi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZX07YZ\wbox[1].js.
Action performed: Deny access


I guess I'll do a full scan :\

Edit: Does anyone know if smitfraudfix is compatible with Windows 7 x64? Seems like this may do the trick, it did for somebody else which I had found from googling. The virus is definitely confined to Internet Explorer, I think.

Edit2: Actually last time I had tried to get into safe mode I couldn't, unless I can run that in normal mode too.

Edit3: Another issue I thought of. I would run a DDS scan but in w7 it thinks that .scr is for a screensaver, so not sure what to do there.

Somebody help please, only computer in my household at the moment and kind of need it!

Edited by Geordi, 27 November 2010 - 04:42 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 27 November 2010 - 04:47 PM

I would post this in the other subsection but honestly I'm afraid to run anything that makes any immediate changes and wasn't sure if tools such as DDS, Hijackthis, and GMER do make immediate changes or not.

If you just run a scan to create logs, no changes will be made.

was wondering if I should just run the IE fix tool my MS before I try anything else to attempt to get rid of this, as no other browsers are affected

If you mean Microsoft's Fix it to automatically reset registry keys and the browser back to the way it was when initially installed, read the note below the Fix it button:

Note This fix does not work in Windows 7. Instead, you can use the Internet Explorer troubleshooters to achieve this automatically.


Does anyone know if smitfraudfix is compatible with Windows 7 x64?

I'm not sure if its ever been tested on Windows 7, however, its an older fix tool and has not been updated since 06/24/09.

Virus or unwanted program 'HTML/Rce.Gen [virus]'
detected in file 'C:\Users\Geordi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1GZX07YZ\wbox[1].js.
Action performed: Deny access


Your scan results indicate a threat(s) was found in the Web browser cache. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out.

Clear the browser cache in Internet Explorer and clean out Windows temporary files:
  • Quit all instances of Outlook Express, Internet Explorer and Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, under Temporary Internet Files:
    • Click "Delete Files".
    • In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".
    • Click "Delete Cookies"
  • Under History, click Clear History
  • Click OK.
-- Internet Explorer 8 users should refer to Safely Delete the Temporary Internet Files.
-- For other versions of Internet Explorer and different browsers, please see How to Clear Your Browser's Cache.
-- If using Sun Java, please refer to How to clear the Java cache.

Clear the cache in Firefox:
  • Click Tools, select Options and click the Privacy Icon.
  • In the History section, set Firefox will: to Use custom settings for history from the drop down box.
  • Select the check box for "Clear history when Firefox closes".
  • Beside "Clear history when Firefox closes", click the Settings... button to open the Settings for Clearing History window.
  • In the Settings for Clearing History window, click the check mark box next to Cache.
  • Click Ok to close the Settings for Clearing History window.
  • Click Ok to close the Options window, exit and relaunch the browser.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 November 2010 - 04:53 PM

Alrighty.

Just deleted IE, Java, and Firefox cache. Oh, and temp files too.

Ah may as well stick this little comment here in the interim. A lot of my folders show up with "Unknown contact" and the folder being marked as shared. I was thinking this was from slaving it to a friend's computer to back up data but I just want to ensure that is most likely the case, heh.

Edited by Geordi, 27 November 2010 - 05:02 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 27 November 2010 - 05:50 PM

Just deleted IE, Java, and Firefox cache. Oh, and temp files too.

That should make Avira happy.

A lot of my folders show up with "Unknown contact" and the folder being marked as shared. I was thinking this was from slaving it to a friend's computer to back up data but I just want to ensure that is most likely the case,

I don't know. Is there anything inside the folders to confirm your suspicions?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 27 November 2010 - 06:04 PM

Just deleted IE, Java, and Firefox cache. Oh, and temp files too.

That should make Avira happy.

A lot of my folders show up with "Unknown contact" and the folder being marked as shared. I was thinking this was from slaving it to a friend's computer to back up data but I just want to ensure that is most likely the case,

I don't know. Is there anything inside the folders to confirm your suspicions?


Well there's no suspicious files from what I can see. When I had to backup my data the computer did need to take permissions for all folders, so that's why I had been thinking that. However, even when I create a new folder, the account shows up. I'm pretty sure it's nothing significant as I had done a search on it before, but you never know.

[Just did some searches and confirmed for nothing significant]

Anyways, back to the main problem here. As I had said in the original post, I did get a popup in IE7 a few days ago to browser-alert07.co.cc or whatever which didn't completely load due to one of my AV programs I think, but it happened nonetheless. Now that the cache is cleared do you expect that these lingering remnants of some old virus are likely gone?

Thanks,

Geordi

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 AM

Posted 27 November 2010 - 08:03 PM

Since you already ran MBAM, Spybot, Super Anti-Spyware, try doing an online scan to see if it finds anything else (i.e. remnants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users