Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is infected - looking for help


  • Please log in to reply
9 replies to this topic

#1 psydocgw

psydocgw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 22 February 2011 - 10:16 PM

Hi,

I have a Dell XPS about 3 years old. I purchased and installed jewel match 3 from fish games and almost immediately got messages about infections. It looks like a phony program called "system tool" that is running a scan and finding trojan horses and other malware. I am not clicking the buttons that it prompts me to do, but I may have initially pressed it thinking it was my anti-virus software.

I have a big red lettered warning sign on my screen that says WARNING! youre in danger! Your computer is infected with spyware!

I was able to save some documents to an external hard drive. I cannot open the internet, the control panel or my AVG anti virus program.

I get some periodic balloon popupt at my lower left tray saying things like warning application cannot be executed. the file taskeng.exe is infected. please activate your antivirus software.

I remember something like this happening before, less than a year ago and I took it to someone who cleaned it out. I wondered if there is anything I can do on my own or not.

Thanks for any help you may provide.

Psydocgw

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 AM

Posted 22 February 2011 - 11:44 PM

Hello psydocgw,
Please follow our Removal Guide here Remove System Tool and SystemTool .
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 psydocgw

psydocgw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 23 February 2011 - 09:39 PM

Boopme,

Thanks for your very fast reply and guidance.

An interesting thing happened though, before I got your email. I turned off my computer and restarted it and no longer am getting any of those warnings. I ran AVG once and it said there was one malware. I did not see what happened to it, since it was going for over an hour and seemed to end the process without telling me if it removed it or not. So I ran it again to find no malware. I also ran Malwarebytes anti malware and it ran for a long time and found no problems.

I don't think malware leaves that easily, but maybe my AVG took care of it. Do you still think I should go through the process recommended in the guide you sent me a link to? I am having no problem using the internet, any of my programs or starting up or shutting down.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 AM

Posted 23 February 2011 - 09:49 PM

Hello, the important issue that the quide deals with is the Hosts file infection.
Take a look at step 22

Do you see ant SystemTool in your AVG quarantine?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 psydocgw

psydocgw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 24 February 2011 - 12:00 AM

Hi Boopme,

I see a trojan horse in my AVG vault.

It's called Trojan horse Generic21.SKE. The path is c:\ProgramData\IDGnEn08200\IDdGnEn08200.exe

I did step 22 of downloading that program. I'm reluctant to delete a system file without knowing for sure if I need to do so.

psydocgw

#6 john963

john963

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 24 February 2011 - 02:31 AM

Hello psydocgw,
Please follow our Removal Guide here Remove System Tool and SystemTool .
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


This really works. I suggested my friend to follow this when have faced the same problem today. Thank you very much.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 AM

Posted 24 February 2011 - 07:39 PM

Psydoc
To find your Hosts file, named "HOSTS":

Windows XP: Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.

Open file HOSTS in Notepad. Before making changes, do a Save As and save a backup of this file as HOSTS.BAK. Then reopen the HOSTS file.

Now, delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

127.0.0.1 localhost
Anythimg else there is malware. Except if you know ypu have added it or use say Spybot Search and Destroy
Which will put entries in the host file to block access to known spyware sites. Entries may look like the following:

127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 cool-homepage.com

You should NOT remove these entries.

Resave the file.




If you see entries like so:

???.???.???.??? ebay.com

Where ???.???.???.??? is some set of four numbers, you should probably REMOVE this entry as spyware is trying to redirect your access from ebay.com to another website.


Or post your HOSTS file here.
If you do not have SpyBot then replacing it as in the Guide will harm nothing.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 psydocgw

psydocgw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 26 February 2011 - 09:01 PM

THANKS

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 AM

Posted 26 February 2011 - 09:59 PM

Welcome... If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 psydocgw

psydocgw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 26 February 2011 - 10:58 PM

Thanks you have been so helpful.

Cheers,

psydocgw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users