Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting XP Antivirus virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 rayharris51

rayharris51

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 April 2011 - 11:46 AM

Dear Bleeping Computers

Hi

Would be very grateful for some help.

I have been consistently getting attacked lately by the 'XP Anitvirus 2011' infection. I use Malwarebytes and Spyware Search & Destroy which does remove it. However it comes back. I have also started to use the 'Immunize' utility on Search & Destroy. I fear I now have rootkits and/or back door trojans though which may not be accessible to these tools.

I also keep getting an IE pop up window saying 'an error has occured in the script on this page'. Although of course I am not browsing any page and not even using IE. In fact I use Firefox.
The commonest URL link quoted in this error message is: hxxp://www2a.glam.com/mobile/detect.act?affiliateId=38198522.

Please find attached scan log (Gmer & DDS) files as requested on the forum.

Kind regards and thanks indeed for your help if you could advise me.




Ray Harris

Attached Files


Edited by Noviciate, 29 April 2011 - 04:07 PM.
Link disabled.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 29 April 2011 - 04:08 PM

Good evening. :)

You need to run DDS again and post the first log that it produces - not Attach.txt.

So long, and thanks for all the fish.

 

 


#3 rayharris51

rayharris51
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 April 2011 - 04:58 PM

Apologies DDS file now attached

Regards,


Ray Harris

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ray at 22:52:42.21 on 29/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2964 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Fraps\fraps.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
G:\Backups\Software\Bleeping computer tools\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mCustomizeSearch =
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Toolbar BHO: {efa17361-cdc0-4927-9afc-baad1f96b2ae} - c:\program files\iobitbar\toolbar\1.bin\i0bar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsonb~1.lnk - c:\program files\epson\esm2\STMS.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ray\applic~1\mozilla\firefox\profiles\5uy1d3ch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/customers/emailgateway.php
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51273
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: XULRunner: {D3CE55A5-33CB-4FAC-9941-4879A62D4840} - c:\documents and settings\ray\local settings\application data\{D3CE55A5-33CB-4FAC-9941-4879A62D4840}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-8 12672]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-3 63488]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\opendns updater\opendns updater.exe --run --> c:\program files\opendns updater\OpenDNS Updater.exe --run [?]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032]
R3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 132232]
S1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;\??\c:\windows\system32\drivers\hmfaxcore56d706f6725c732df006697fd5ec3381.sys --> c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-28 1691480]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2008-8-18 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2008-8-18 24576]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-5-1 132232]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\p140_ion.sys [2010-8-4 278016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-3-15 14336]
S4 gupdate1c99418590fa6f6;Google Update Service (gupdate1c99418590fa6f6);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S4 IObitBarService;IObit Toolbar Service;c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe [?]
S4 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2008-8-28 69632]
.
=============== Created Last 30 ================
.
2011-04-27 15:04:52 1914496 ----a-w- c:\temp\HousecallLauncher(3).exe
2011-04-26 21:50:19 -------- d-----w- c:\program files\FreeCommander
2011-04-26 14:27:12 11776 ----a-w- c:\windows\system32\reghmf.exe
2011-04-26 14:27:11 692224 ----a-w- c:\windows\system32\hsys30.dll
2011-04-26 14:27:11 -------- d-----w- c:\program files\HFolders
2011-04-25 12:17:25 146432 ----a-w- c:\windows\regedit.com
2011-04-25 11:11:04 -------- d-----w- C:\!KillBox
2011-04-24 12:27:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-04-24 12:27:19 -------- d-----w- c:\program files\Security Task Manager
2011-04-24 12:27:06 2057568 ----a-w- c:\temp\SecurityTaskManager_Setup.exe
2011-04-14 22:58:38 3187572 ----a-w- c:\temp\ATR-FSX-Models.exe
2011-04-11 21:32:10 -------- d-----w- C:\ZET 9
2011-04-11 21:31:18 14624423 ----a-w- c:\temp\ZET9SETUP128-EN.exe
2011-04-06 08:13:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-06 08:13:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-06 08:12:41 16409960 ----a-w- c:\temp\spybotsd162.exe
2011-04-05 20:11:47 38357400 ----a-w- c:\temp\spdoc.exe
2011-04-04 15:57:25 0 ----a-w- c:\windows\Wsute.bin
2011-04-04 15:57:24 -------- d-----w- c:\docume~1\ray\locals~1\applic~1\{D3CE55A5-33CB-4FAC-9941-4879A62D4840}
2011-03-31 18:44:02 42620 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\Uninstal Warbirdsim_FSX_P51BCIII_Part_2.exe
2011-03-31 18:43:16 50109 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\Uninstal Warbirdsim_FSX_P51BCIII_Part_1.exe
.
==================== Find3M ====================
.
2011-04-27 20:42:08 252720 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-27 20:42:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-03-19 09:10:02 252720 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-03-10 22:07:21 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 05:23:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-10-19 12:55:24 515432 ----a-w- c:\program files\UninstalEurope.exe
2010-10-19 12:49:02 640221 ----a-w- c:\program files\UninstallNA.exe
.
============= FINISH: 22:56:12.95 ===============

Attached Files

  • Attached File  DDS.txt   15.29KB   1 downloads

Edited by Noviciate, 29 April 2011 - 04:59 PM.
DDS Log added.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 29 April 2011 - 05:03 PM

I see no sings of either an anti-virus program, and neither Malwarebytes or Spybot qualify for this role, or a third-party firewall - how long has this been the case?

So long, and thanks for all the fish.

 

 


#5 rayharris51

rayharris51
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 April 2011 - 05:25 PM

No, apart from Malwarebytes and S&D I don't use anything else. What do you recommend?
Dont like AVG as it slows my computer down for eg FSX

Regards


Ray

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 29 April 2011 - 05:42 PM

how long has this been the case?


So long, and thanks for all the fish.

 

 


#7 rayharris51

rayharris51
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 April 2011 - 05:57 PM

Probably over a year


Ray

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 29 April 2011 - 05:59 PM

Given the lack of basic security programs onboard and the amount of time that this has been the case, the best suggestion I can offer is to back up any important files and then reformat and reinstall Windows.
It is going to be impossible to guarantee a clean computer at the end of the removal process, which makes it something of a non-starter in the first place. The possibility that legitimate files may have been infected or corrupted by the malware present on your PC, and also that security settings may have been lowered making your computer more liable to infection in the future, means that starting over is the easiest and most reliable solution to your problems.
You also need to be aware of the risk of identity theft if you have accessed bank accounts with this computer or shopped online. Keylogging software could have recorded details of these actions and a lack of an effective firewall means that there is nothing to stop this information being sent home. If this does apply to you, i'd monitor your accounts and perhaps consider getting credit/debit cards, passwords etc... changed - obviously not using this PC!
Should you want them, I can provide links to free software, both anti-virus and firewall, that will help keep your PC malware-free in the future, but you shouldn't count on them to clean your machine as it is now.

So long, and thanks for all the fish.

 

 


#9 rayharris51

rayharris51
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 29 April 2011 - 06:03 PM

Hmmm yes good advice.

Let me know what programs you would recommend. Do you see any evidence of rootkits, viruses etc by the way?

Regards and thanks


Ray

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 30 April 2011 - 02:55 PM

Good evening. :)

Free AVs.

AVG Free Edition: Available here.
avast! 4 Home Edition: Available here
AntiVir Personal Edition Classic : Available here
Microsoft Security Essentials: Available here

Just install one as more than that can cause conflictions.

Free Firewalls.

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

Again just one.

There are other examples of both, but i've used all the above at one time or other without major issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I see at least one infection, TDL3, but who knows what else is on the system.

So long, and thanks for all the fish.

 

 


#11 rayharris51

rayharris51
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 30 April 2011 - 06:07 PM

Hi

Thanks for the advice

I have now set up Microsoft Security Essentials and PC Tools Firewall. Had another attack after I installed them (preceded by the usual popups) but the firewall did not let them install this time. So I guess we are part protected. You are of course right that somewhere my system has been compromised so I guess a wipe and reinstall would be the ideal solution. I don't transact with Banks from this computer or buy things on line any more so there is not so much of a risk now.

How do I get rid of the TDL3 infection?

Regards,


Ray

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 30 April 2011 - 06:16 PM

I guess a wipe and reinstall would be the ideal solution.


How do I get rid of the TDL3 infection?

As you say, a wipe and reinstall will solve the problem.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:40 PM

Posted 05 May 2011 - 02:16 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users