Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

missing icons after all is done and said the second time around


  • Please log in to reply
11 replies to this topic

#1 jjdancer

jjdancer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 11 July 2011 - 09:37 PM

i had recently been attacked with the windows xp repair virus and went through the steps to remove it and get my icons back. all of them came back except for 2. that was yesterday-7/10-. today i reran 3 malware programs to see if there was any thing and sure enough there was, the first time the four of them-microsoft saftey scanner,norton,stopzilla,and malwarebytes- all of which pulled out about 135+ bugs. i also ran the unhide.exe program, which replaced all but 2 of my icons. today i ran norton,stopzilla and malwarebytes and pulled out100+ bugs again, should i re-run the unhide program?
also,what do i need to do to make sure that i have gotten all bugs out my system.

Mod Edit: Merged various posts made by OP in various forums, sent PM with link to this topic ~ Hamluis.

Edited by hamluis, 12 July 2011 - 06:44 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:26 AM

Posted 11 July 2011 - 09:47 PM

can you post the logs for Malwarebytes.

#3 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 11 July 2011 - 09:59 PM

hope you guys can help me out here. when i fire up my comp. when it gets to the black screen that says initializing boot mine reads right after that invalid boot. this is a second hand comp. and i don't have the accompanying discs and devices needed to reload the windows xp programs, also i'm fearful to do a bakup after the malware attack i just had, not sure if i have it totally gone at this point. what can i do about the invalid boot?

Edited by hamluis, 12 July 2011 - 08:41 AM.
Merged from XP to AII topic..


#4 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 12 July 2011 - 02:47 PM

I ran a disk clean in safe mode last night and a defrag. this morning i found i have no e-mail, ic an get to the site but it's not showing any thing in my box, and 2 little computers at the bottom of the screen are showing no activity, it is becoming apparent that this is more advanced than my begginer self can handle. my computer is still running slow and norton keeps coming up with a larger than normal amount of viruses. i haven't run stopzilla or malwarebytes as of yet today. is there a virus that can keep perpetuating itself? also is there anyone that would be willing to do a remote check and diagnostics/fix? as well it seems that what ever i do gets undone overnight.
also please note since my e-mail is down you may have to get in contact with me through this site for communicatons.

Edited by hamluis, 12 July 2011 - 03:29 PM.
Moved from XP to Am I Infected.


#5 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 12 July 2011 - 03:42 PM

simply put i have no more e-mail, nor any ability to get into the chat room here, or the ability to do downloads. this is more than i can handle i do believe. please contact me through the site messenger. my e- mail is down and no longer available to me through the user side.

Edited by hamluis, 12 July 2011 - 06:38 PM.
Merged with AII topic.


#6 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 13 July 2011 - 07:40 PM

I start this topic at the advice of lurch.
this all began when i stupidly opened an attachment that came in an e-mail from the NYPD. upon opening it i was presented with "windows XP repair" and of course the numerous B.S. pop ups that accompany this virus. when this occurred i went ot yahoo answers to see if i could find some help with this. I was sent to this godsend of a web site. prior to getting here i went to micro soft and ran their safety scannerwhich stated they found approx. 40+ viruses, then revisited yahoo and got informed to down load stopzilla,installed stopzilla, which found 100 infections, on top of norton finding 42.
I did my best to follow all of the prompts that were related to the particular infection that i have/had. I tried getting Rkill installed but i think it didn't take. then i proceeded to down load mbam and run that program, that program found an additional 38 infections. after wards I tried getting on the web and noticed that somethings weren't runnng quite right. so I closed for the night and tried again in he morning. i ran all but the MS scanner, found almost another 150 viruses total, yes i do wonder if they weren't calling each other a virus.
when i tried to access my mail thru my admin acct i found i wasn't able to get into it, the only way i found to get into my mail was to go in on my all users acct. on this day i found i no longer have the capability to do down loads thru my user acct, where previously i was able to do so.
this morning i ran just the norton and the stop zilla, norton said i had 7 and stopzilla said 0. I have tried going into control panel to see what is the issue but, not having the knowledge i need to navigate and know what i'm looking at, i didn't see any thing that has been changeed or is wrong with my settings. i am currently in all users acct. Am i still infected or have i gotten windows xp repair to a point it's ready for uninstall, and from what i see in the forums this will require some help from the more knowledgeable.

additional concerns that i have are this. has someone opened up a back doora nd how do i find out what the isp is that sent this to me, for reporting purposes.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 13 July 2011 - 08:07 PM

Hello. Is this XP as it's not confined to XP.
Please post your mbam log with 38 infections.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

Edited by boopme, 13 July 2011 - 08:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 15 July 2011 - 12:24 AM

i found a few topics with back door issue in them but to sort out the confusion i would like advice on how to check to see if my back door is wide open and how to stitch it shut the best that can be done. I got infected with the windows xp repair virus last week and had a hell of a time getting it taken care of, thanx to the folks here at BC i do believe that my computer is virus free, but now i would like to know how to find out if the back door got intruded and how to go about closing it up the best that i can. again thank you folks for all that has been done. and sorry i haven't posted results of findings- i'm just not that computer literate yet.

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:26 AM

Posted 15 July 2011 - 09:36 AM

Hello jjdancer,

Your various topics have been merged for the sake of continuity and to avoid confusion. Please read boopme's post and follow the instructions which includes posting the logs. If you already ran the scans in question, find the logs that were produced and post them as a reply. We cannot assist you if you don't post those logs. Please keep all posts regarding this issue to this topic to avoid confusion for all concerned.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#10 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 July 2011 - 10:19 AM

thank you one and all, the problem turned out to be that i needed to re-install my programs. this virus disabled my programs which caused the confusion on my part

#11 jjdancer

jjdancer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 July 2011 - 11:45 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7068

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 5:52:29 PM
mbam-log-2011-07-10 (17-52-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 216076
Time elapsed: 1 hour(s), 20 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:26 AM

Posted 16 July 2011 - 12:18 PM

Can you go to http://www.malwarebytes.org/mbam.php and download the latest version of Mbam?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users