Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blaster worm/fakeware


  • Please log in to reply
26 replies to this topic

#1 MrsP96

MrsP96

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 08 July 2011 - 02:57 PM

I have an HPa6000n with Vista. All of a sudden I get this pop up warning me that I have malicious virus and that I need to buy this software to fix it. It starts a scan and shows blaster worm. I cannot run any .exe files. I saw this topic

http://www.bleepingcomputer.com/forums/topic403250.html/page__p__2321545__hl__worm__fromsearch__1#entry2321545

and burned the rescue CD but do not know how to get it to boot up. I tried hitting esc to open the boot menu but the cd is not an option to choose.

Thanks for any help. :-)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 AM

Posted 08 July 2011 - 08:04 PM

Hello it sounds as if you have an infection similar to this.


Please follow our Removal Guide here Vista Antispyware 2012 .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

What Rescue disc is it?

Edited by boopme, 08 July 2011 - 08:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 18 July 2011 - 09:32 AM

Thank you for the response. I will start the process

Edited by MrsP96, 18 July 2011 - 09:32 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 AM

Posted 18 July 2011 - 09:49 AM

You're welcome! I'll check back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 18 July 2011 - 09:55 AM

I did the FixNCR download. Had to do it in safe mode though.

Downloaded the rkill on flash drive and when I went to run it I received an error message. Here is the log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/18/2011 at 16:51:55.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/18/2011 at 16:52:00.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 AM

Posted 18 July 2011 - 10:00 AM

You may need to right click on the exe file and select Run As Administrator.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 18 July 2011 - 10:55 AM

trying it now

#8 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 18 July 2011 - 11:02 AM

It gives me an error-

iExplore.exe can not start
File Iexplore.exe is infected by w32/blaster.worm
PLease activate Malware Protection to protect your computer

Should I try in safe mode?

#9 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 18 July 2011 - 11:20 AM

Ran in safe mode and this is what I got:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/18/2011 at 18:18:01.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/18/2011 at 18:18:04.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 AM

Posted 18 July 2011 - 11:53 AM

Ok, ,lets skip past RKill and run the rest there may be a malware bumbling things up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 19 July 2011 - 02:49 AM

Will do :-)

#12 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 19 July 2011 - 03:22 AM

Downloaded MBAM and tried to run says

The setup files are corrupted. Please obtain a new copy of the program

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:55 AM

Posted 19 July 2011 - 10:08 AM

arrggghhh!! :)

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 19 July 2011 - 10:19 AM

Trying it now
:-)

#15 MrsP96

MrsP96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Germany
  • Local time:02:55 PM

Posted 19 July 2011 - 10:20 AM

I am dowmloading it to a cd from a clean computer. hope that is ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users