Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected :(


  • Please log in to reply
4 replies to this topic

#1 Xanatos7

Xanatos7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 08 March 2011 - 10:48 AM

Hey

My internet security (trend) had run out and i was looking for a new one, in this period when i wasnt protected I've been slammed by a virus. So i was casually browsing and then these Anti-virus alerts popped up saying i was infected. I've seen that scam before and i closed them and went to check my firewall, but now my computer has tapped out to this thing whatever it is. Internet Explorer no longer works, a screen pops up saying:

(LOGO) Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:

The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

etc etc

At the same time a popup called the 'Antivirus Monitor' appears with scans of all the apparently infected files, of course its only a demo version so i need to buy the real product if i want to actually remove the virus'. Now i get it that the anti-virus program is the actual virus and im not going to pay them money, i just cant get rid of it.

To help you guys indentify what it i'll add furhter details. In the bottom right a speech bubble continues to open saying (Cross) Windows Security Alert etc etc

The file 'wuaaclt.exe' is damaged etc etc. the title of the files changes a lot.

behind the speech bubble in the bottom right hand corner is an INFILTRATION ALERT Virus Attack
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
DETAILS
Attack from: numbers, port numbers
Attacked port: numbers
Threat: Win32/Nuqel.E (this one changes frequently as well)


In the meantime, crude websites like 'porno.com' and 'viagra.com' pop up.


So the main thing when considering a solution is that my internet on that computer doesnt work, and that im not a techno-whiz, so very easy step by step instructions would be good.

and one more thing, task manager and other thigs like windows defender just immediatly close after i open them.


thanx in advance.

BC AdBot (Login to Remove)

 


#2 Xanatos7

Xanatos7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 08 March 2011 - 08:02 PM

BUMP please help me

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:26 AM

Posted 08 March 2011 - 08:09 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 Xanatos7

Xanatos7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 08 March 2011 - 08:30 PM

of course because i cant download anything due to my internet being shutout i just wanted instructions on how to remove this manually

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:26 AM

Posted 09 March 2011 - 10:55 AM

I am going under the assumption that the internet stopped working properly once you became infected.

Do you have the ability to download tools to a flash drive, and then run them on the infected computer?

If so, please download the following onto a clean computer and move it onto the flash drive.

Running RKill

  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


NEXT:



Check - Reset Proxy settings
Malware can alter your proxy settings. If altered, it can affect your ability to browse or download tools required for disinfection.

Internet Explorer Proxy settings:
  • Open Internet Explorer > click Tools > Internet Options > Connections tab.
  • Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  • Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  • Click OK... then click OK again.
  • Close Internet Explorer and -restart- the computer.
  • An example of how to do this with screenshots can be found in steps 3-7 under the section Automated Removal Instructions... in this guide.

Firefox Proxy settings:
  • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  • Under the Connection section click on the Settings... button.
  • Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  • Click OK... then click OK again.
  • Close Firefox and -restart- the computer.

For other browsers, please refer to How to configure browser proxy settings.


NEXT:



Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Edited by SweetTech, 09 March 2011 - 10:56 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users