Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only able to get to yahoo and google


  • This topic is locked This topic is locked
7 replies to this topic

#1 caje

caje

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 30 January 2011 - 04:26 PM

I'm working on a friends pc and can connect to the internet but can only get to yahoo.com and google.com. Whenever I try to get to any other websites it tells me page cannot be displayed. I've attached the attach file below and pasted the DDS file.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 14:42:46.34 on Sun 01/30/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.719 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k tapisrvs
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\windows\bill103.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\Malware Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sysfbtray] c:\windows\bill103.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d9050\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232891437187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 apto6ko;Event Handler Mixer;c:\windows\system32\drivers\imapioko.sys [2009-1-15 32768]
R2 cpqoko6;Logon Extensions Verbs Processor Driver App Security Shortcut;c:\windows\system32\svchost.exe -k tapisrvs [2002-9-3 14336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-17 47640]
S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [2009-1-17 158976]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2011-01-18 02:59:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-18 02:59:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-18 02:58:32 -------- d-----w- c:\program files\Belkin
2011-01-17 23:40:49 -------- d-----w- c:\program files\Broadcom
2011-01-08 20:29:59 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\SupportSoft

==================== Find3M ====================


============= FINISH: 14:43:11.60 ===============


Attached File  Attach.txt   9.42KB   1 downloads

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:03 PM

Posted 01 February 2011 - 05:04 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 caje

caje
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 February 2011 - 09:48 AM

Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5653

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/1/2011 9:27:50 AM
mbam-log-2011-02-01 (09-27-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 212301
Time elapsed: 1 hour(s), 25 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
c:\WINDOWS\bill103.exe (Trojan.FakeAlert) -> 1208 -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.Koobface) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Trojan.FakeAlert) -> Value: sysfbtray -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Value: tapisrvs -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> No action taken.
c:\WINDOWS\bill103.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\drivers\imapioko.sys (Worm.Koobface) -> No action taken.
c:\documents and settings\Owner\local settings\Temp\zpskon_1268341900.exe (Worm.Koobface) -> No action taken.
c:\documents and settings\Owner\local settings\application data\010112010146111103.xxe (Worm.KoobFace) -> No action taken.
c:\documents and settings\Owner\local settings\application data\rdr_1268336194.exe (Worm.KoobFace) -> No action taken.
c:\documents and settings\Owner\local settings\application data\rdr_1269185978.exe (Worm.KoobFace) -> No action taken.
c:\documents and settings\Owner\local settings\application data\rdr_1269186281.exe (Worm.KoobFace) -> No action taken.
c:\WINDOWS\bk23567.dat (KoobFace.Trace) -> No action taken.
c:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
c:\WINDOWS\lgo (Koobface.Trace) -> No action taken.
c:\WINDOWS\ligh (Koobface.Trace) -> No action taken.

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:47 AM, on 2/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232891437187
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)

--
End of file - 5243 bytes

#4 caje

caje
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 February 2011 - 09:52 AM

Here is the log after the MBAM fix

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5653

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/1/2011 9:28:02 AM
mbam-log-2011-02-01 (09-28-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 212301
Time elapsed: 1 hour(s), 25 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
c:\WINDOWS\bill103.exe (Trojan.FakeAlert) -> 1208 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Trojan.FakeAlert) -> Value: sysfbtray -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Value: tapisrvs -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
c:\WINDOWS\bill103.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\imapioko.sys (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\zpskon_1268341900.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\rdr_1268336194.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\rdr_1269185978.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\application data\rdr_1269186281.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ligh (Koobface.Trace) -> Quarantined and deleted successfully.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:03 PM

Posted 01 February 2011 - 09:59 AM

Hi,

This is much better already.

What problems are you still having now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 caje

caje
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 February 2011 - 10:11 AM

I can connect to all websites now. Thanks so much for all of your help

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:03 PM

Posted 01 February 2011 - 10:15 AM

That's good to hear.

In either way, a next important step is to download and install an Antivirus, because without any protection, you will get reinfected in no time.


* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete every leftover it is still finding.
Then reboot.

Also,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again! :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:03 PM

Posted 16 February 2011 - 01:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users