Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer frozen other than buying anitvirus scan


  • Please log in to reply
19 replies to this topic

#1 mianake

mianake

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 29 December 2010 - 05:53 PM

Hi

My computer is basically frozen, i am using my wife's. Other thab My Pictures, nothing seems to work, It turns on, and various screens come on saying it is infected. I can't connect with internet, it says site is harmful.

Pretty much anything you hit causes a new screen which connects with softwarear.com and wants me to pay $ to eliminated the problem, says AntiVirus scan at the top.

Is ther anything I can do here, or should I buy something from myu service provider sbcglobal.net, or mcafee ($90)over phone.

I did manage to send two memos to my email, before all wentbad. But I haven't opened, I don't want to infect this computer. Is there anyway to see if those emails are safe, or if i can transfer my pictures to F drive without infecting as well. fortuneately the F drive was not connectedd to the computer when this happend, so most of my documents are hopefully ok.

thanks much, mianake

BC AdBot (Login to Remove)

 


#2 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 30 December 2010 - 11:55 PM

well it seems that afer about 5 days, the trojan or whatever got tired. I coulnt get to the internet, but could run the malwarebytes anti malware program previously recomended by you. oddly, it found nothing. but then the internet worked. i then ran Mcafee, and it found 17 trohans tghat it said had detection names like generic downloader.xleft, whcih it quarantened.

anything else worth doing? all seems fine now

mianake

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 31 December 2010 - 01:06 AM

Can you post the logs?

#4 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 31 December 2010 - 03:52 PM

[Hi,

this is the MBAM scan results, which I ran first

Malwarebytes' Anti-Malware 1.44
Database version: 3760
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/30/2010 4:18:25 PM
mbam-log-2010-12-30 (16-18-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 295464
Time elapsed: 3 hour(s), 48 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

I then ran my McAfee (the freeby that comew with att email

I cant seem to figureout how to copy the detection log, i can do a screen save, but then not sure how to move from there to here.
most of the entries say
F.Fake Alert-SpyPro.gen.bb
others are F.Generic.dx!vcv
ror Generic.dx!vhh

all said Trojan, and were quaranteened

happy to post more, but don't yet know how to show you the results. sorry

Edited by mianake, 31 December 2010 - 03:55 PM.


#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 31 December 2010 - 05:38 PM

Can you please update MBAM via the Update Tab, and run that scan again.

#6 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 01 January 2011 - 03:41 AM

did rerun after updating, same notging found

btw, forgot to mention that I also did a system restore to a few days before the infection, did that after running first MBAM scan and before running the McAfee scan.

here is last log results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/31/2010 11:55:16 PM
mbam-log-2010-12-31 (23-55-16).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 281999
Time elapsed: 4 hour(s), 17 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

I also checked Mcafee Recent Events, about 2 motnths ago, a bunch of changes - all that System Guard has allowed either a one time change or future change to ...(it doesn't say!)
THe details all say spywawre etc can make unwanted changes to the Win.ini file when I start my computer. Most say the process publisher is PC Doctor.

I assume this is part of McAfee, and is good or hould i do a system restore to before this event last November.? When I looked into SystemGuard, I found in most cases I had any attacks logged, but did not show alerts. is it better to show alerts and log them. I assume none should be disabled. happy new year.

Edited by mianake, 01 January 2011 - 04:31 AM.


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 01 January 2011 - 06:19 AM

Your MBAM Still is not updated, please update it to the very latest.

#8 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 01 January 2011 - 01:37 PM

rather odd, I did press the update,

so today did update again which it did, then later is said 11 days out dated, so pressed update a third time

I can now download version 1.50.1 thru CNET Download which popped upwhen i asked for more updats

1. http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
is that the one you want me to download and run?


2. is there some way to be sure you get he latest update, since i have pressed three times and get new ones each time!

3. do you recomend the other two downloads on the CNET address, that is Advanced Registray Optimizer, and /or 2 Free PC diagnosis

mianake

Edited by mianake, 01 January 2011 - 01:44 PM.


#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 01 January 2011 - 04:05 PM

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

#10 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 01 January 2011 - 11:33 PM

hi

ran it again,
2 items infected, both Spyware.pass

I quaretined both, and then deleted from quarantine
what next?

here is log,
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5438

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/1/2011 8:23:11 PM
mbam-log-2011-01-01 (20-23-11).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 302687
Time elapsed: 5 hour(s), 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Files Infected:
c:\documents and settings\compaq_owner\local settings\Temp\pdfupd.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temporary internet files\Content.IE5\QTWZP1ZR\evargnbpb[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

#11 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 03 January 2011 - 03:54 PM

Hi again,

I just found the spyware removal guide info here, and info on Antivirus Scan. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan

I didn't run RKill Download Link -. Is it desirable, since I have run MBAM. not sure how the two differ. I plan to run MBAM weekly or sok, is RKill also a good idea?

do you recomend running Secunia PSI

thanks Mianake

Edited by mianake, 03 January 2011 - 03:55 PM.


#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 03 January 2011 - 10:12 PM

Follow that guide, and see if you can remove it. If you can't then you may need to do the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#13 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 04 January 2011 - 12:42 AM

Hi Cryptodan

Sorry, I am a tad confused. you said "Follow that guide, and see if you can remove it." I am not sure what I am trying to remove. To clarify - I had two posts above. First, I ran MBAM successfully I think. The log is posted at 833, on Jan 1.


after I ran that, I found the tutorials - that is why i asked about Rkill and Secunia, . I just ran Rkill, the log says

Processes terminated by Rkill or while it was running:

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\SBCSEL~1\ASSTCO~1\MOTIVE~1.EXE

I have not rerun MBAM after Rkill. I am about to run Secunia. is it ok hat rkill terminateds some Mcafee items above

the only log I cant figure out is the McAfee Detection Log. It shows 9 items like Fake alert - spy pro, that it quarentined. But I cant figure out how to copy it other than copying the screen to a document, but I can seem to manage to get it on this post - any thoughts how todo that.

thanks Mike

Edited by mianake, 04 January 2011 - 12:54 AM.


#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 04 January 2011 - 12:52 AM

So it is saying that it detected Spyware Pro via McAfee?

Did you see any of these popups that look like the images here: http://www.bleepingcomputer.com/virus-removal/spywarepro

Edited by cryptodan, 04 January 2011 - 12:53 AM.


#15 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 04 January 2011 - 04:40 AM

when I ran McAfee, it detected numerious items. The McAfee Detection Log showed that most had Detection Names that were "FakeAlert-SpyPro.gen.bb(Trojan)"
some said "Generic.dx!vcv" or "Generic.dx!vhh" or "Generic Downloaderx!eft"

they were all quarentined by MCafee

When the computer was frozen, all of the popups were shown here in the AntiScan virus. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan

Iddin't see the popup on the link you provided re RogueSpyware

I ran Secunia and fixed any problems. interesting, one outdated program was PC Doctor (now removed), and MCafee had verious SYStem Guard changes tat had said the publisher was PC Doctor. these changes were about a month before the infection.

I am rerunning MBAM right now. I have found usually the infections show up early, so far in 34 minutes,none found.

Edited by mianake, 04 January 2011 - 04:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users