Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus scan


  • Please log in to reply
5 replies to this topic

#1 Grieg

Grieg

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 11 January 2011 - 08:07 AM

Anyone have any information on Antivirus scan Removal, Its like the Wireshark and a few others that say your computers infected and want you to buy their antivirus to get rid of the infections. Im running xp and i cant seem to get rid of it.at times it appears to be gone but then its back again.the main thing i notice is it wont let let me go to windows updates, and when i try it changes IE settings so i cant connect to IE. Any Help would be appreciated

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 11 January 2011 - 01:54 PM

This info should help.
Please follow our Removal Guide here Remove Antivirus Scan (Uninstall Guide) .
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Grieg

Grieg
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 12 January 2011 - 08:26 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5506

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2011 8:04:39 AM
mbam-log-2011-01-12 (08-04-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 191177
Time elapsed: 27 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This is what i found, i'm not convinced that its gone. For some reason now i can connect to IE but it wont open windows updates it says page cannot be displayed, if i try to go to microsft through the browser it redirects me to some other page.and it wont let me update microsoft essentials.
This is what happens when i diagnose connection aftr attempting to go to windows updates.and i did the netsh winsock reset.


Last diagnostic run time: 01/12/11 09:48:42
WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® 82562V-2 10/100 Network Connection, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.
info HTTPS: Successfully connected to www.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.

As i expected, after 15 min of IE open it shut down microsoft essentials (and i know microsoft essential is not enough virus protection)and Antivirus scan was back.
This is a computer at a small company and they are to cheap to buy antivirus software, they think microsoft essentails is enough.

Edited by Grieg, 12 January 2011 - 01:14 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 12 January 2011 - 04:51 PM

Hi, Let's do this next and see if we can fix both issues.

Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Grieg

Grieg
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 January 2011 - 06:46 AM

2011/01/13 06:35:31.0187 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 06:35:31.0187 ================================================================================
2011/01/13 06:35:31.0187 SystemInfo:
2011/01/13 06:35:31.0187
2011/01/13 06:35:31.0187 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/13 06:35:31.0187 Product type: Workstation
2011/01/13 06:35:31.0187 ComputerName: DDL2WSF1
2011/01/13 06:35:31.0187 UserName: Mark Pol
2011/01/13 06:35:31.0187 Windows directory: C:\WINDOWS
2011/01/13 06:35:31.0187 System windows directory: C:\WINDOWS
2011/01/13 06:35:31.0187 Processor architecture: Intel x86
2011/01/13 06:35:31.0187 Number of processors: 2
2011/01/13 06:35:31.0187 Page size: 0x1000
2011/01/13 06:35:31.0187 Boot type: Safe boot with network
2011/01/13 06:35:31.0187 ================================================================================
2011/01/13 06:35:31.0390 Initialize success
2011/01/13 06:37:35.0234 Deinitialize success

Thanks for all your help, let me know what to do next. i didnt try anything after i ran this,not sure if i was supposed to or not.

While i was waiting i ran MBAM again and found this,but still have virus

alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5506

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/13/2011 8:02:08 AM
mbam-log-2011-01-13 (08-02-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 198866
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Mark Pol\local settings\application data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ok, while waiting again ( im not bleeping ) i downloaded Super antisyware and it worked,found 113 infections removed them all. Now windows updates worked and microsft essentials turned on and updeted. it appears all is well. Thank you so much for all the help and time and leading me down the right path. this website is great!!! if you need anything let me know and Thanks again.

Edited by Grieg, 13 January 2011 - 09:31 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 13 January 2011 - 10:46 AM

You're very welcome Grieg. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users