Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still have Virus after doing: RKILL, MalwareBytes, Avira & SUPERAntispyware... HELP


  • This topic is locked This topic is locked
13 replies to this topic

#1 CarlyBenj

CarlyBenj

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 05:48 PM

Hey There,

Ok I am going to try to summarize my issue as best as I can, I would REALLY appreciate some help.

Computer Info:
6 yr old Dell Laptop with Windows Vista

- 3 Days ago I was in the middle of updating some programs and my computer froze
- I shut off and powered back on and the fan would run then shut off, this happened 3 or 4 times before I was able to successfully to a system repair and load windows normally
- Once in normal mode I restaredt so I could do a virus scan in safe mode
- The same shut off thing happened another 3 or 4 times, finally I was able to load Windows in Safe Mode, but none of my AV programs would work (AVG & Ad-Aware)I attempted to uninstall them Ad-Aware removed but AVG would not.
- I then downloaded and installed Avira
- Avira took 17 hrs to do a full scan and found a bunch of stuff which I removed
- Things were still acting funny (better, but still didn't seem right) so I downloaded Malwarebytes & SUPERAntiSpyware - I ran them both, a few things were found and I removed them
- Thinking my computer was fixed I wanted to clean things up (for a while now I haven't been able to click on links in Windows Live Mail) so I wanted to reinstall and update etc...
- I updated windows as well as removed Opera and Installed IE9
- Then I tried to remove some programs (BearShare, AVG etc.) they wouldn't remove
- I searched for some removal tools online which is when I realized I was not able to download ANYTHING with IE9 (it kept saying every file was a virus)
- At this point I did some research and learned about RKill, problem was I couldn't download anything using IE9 or Safari so I couldn't download it...
- I thought today I was try a system restore, which I did, but it only restored to yesterday so I still have IE9, I ran Avira again and it ran MUCH faster but after about an hr froze
- later today I was able to install Google Chrome and it allowed me to download RKill, I ran that then Malwarebytes but it said I was clean!

I know I still have something because I also managed to download the AVG removal tool, when I used it, it worked but when my computer reset itself it didn't turn on again (fan blew then shut off) I turned it on again and it loaded but when it came to the windows screen there was a white screen for a few seconds...

So that's where I'm at, I have read about Combo-Fix, but I don't know how to use it... I am thinking it is time someone help me using my logs.

Thanks SO much!

Edited by Budapest, 28 July 2011 - 06:22 PM.
Moved from Vista ~Budapest


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 AM

Posted 28 July 2011 - 06:01 PM

Can you post a log from Avira letting us know what it detected?

#3 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 06:48 PM

Hi there my logs seem to have been lost, are they automatically stored somewhere or do you have to manually save them each time?

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 AM

Posted 28 July 2011 - 07:04 PM

The logs are usually accessible via the application:

In Malwarebytes its located via the Logs Tab.

In SAS they are located in Preferences.

for Avira: http://forum.avira.com/wbb/index.php?page=Thread&threadID=74737

#5 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 07:22 PM

thanks!
the Avira one is gone, but i'm scanning now and will post when its done.
here is the malwarebytes one:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7311

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/07/2011 6:03:43 PM
mbam-log-2011-07-28 (18-03-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 325740
Time elapsed: 2 hour(s), 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 AM

Posted 28 July 2011 - 07:25 PM

Is there a history of events kept in Avira?

I know in MSE there is one, and also other Virus Scanners.

#7 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 07:26 PM

here's the SAS one from yesterday:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/27/2011 at 10:59 AM

Application Version : 4.55.1000

Core Rules Database Version : 7464
Trace Rules Database Version: 5276

Scan type : Quick Scan
Total Scan Time : 00:41:46

Memory items scanned : 737
Memory threats detected : 0
Registry items scanned : 2705
Registry threats detected : 0
File items scanned : 22274
File threats detected : 0

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 AM

Posted 28 July 2011 - 07:26 PM

Do a complete scan with SAS.

#9 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 07:27 PM

here's the SAS one from Jul 26th:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2011 at 04:11 PM

Application Version : 4.55.1000

Core Rules Database Version : 7464
Trace Rules Database Version: 5276

Scan type : Quick Scan
Total Scan Time : 00:42:32

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 2710
Registry threats detected : 34
File items scanned : 22749
File threats detected : 41

Adware.HBHelper
HKU\S-1-5-21-176520208-456663055-2915200904-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\CLIP EXTRACTOR DB TOOLBAR\TBHELPER.DLL
HKU\S-1-5-21-176520208-456663055-2915200904-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.Tracking Cookie
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@atdmt[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@overture[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@ad.yieldmanager[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@bellcan.adbureau[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@atdmt.combing[2].txt
C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Cookies\carly@doubleclick[1].txt
8tracks.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
akamai.smartadserver.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn.insights.gravity.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn.steelhousemedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cdn4.specificclick.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cloud.video.unrulymedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
cloudfront.mediamatters.org [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
content.oddcast.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
core.insightexpressai.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
ds.serving-sys.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
ia.media-imdb.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
imagec17.247realmedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
m1.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.doctoroz.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.heavy.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.ign.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.mizunousa.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.mtvnservices.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.nbclosangeles.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.onsugar.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.oprah.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.scanscout.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media.y8.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media1.break.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
media4.y8.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
msnbcmedia.msn.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
objects.tremormedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
s0.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
secure-us.imrworldwide.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
serving-sys.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
static.2mdn.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
static.discoverymedia.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
vitamine.networldmedia.net [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]
www.99counters.com [ C:\Users\Carly\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WM9W2RYH ]

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

#10 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 07:47 PM

On my iPhone now, just went to my PC to send u the Avira history (scan takes forever) it was only 5% done and frozen! I took a screen shot with my phone... Turned off computer and back on, got system restore screen, chose start Windows normally and it's taking a REALLY long time to load... This is the second time it has froze during Avira... Should I try to run again (if successful will take hrs) or start with full SAS scan?

#11 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 07:48 PM

Finally loaded got white screen for about 15 seconds then desktop appeared

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 AM

Posted 28 July 2011 - 07:51 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#13 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 July 2011 - 08:43 PM

All Done, here is my new topic

http://www.bleepingcomputer.com/forums/topic411831.html

Thanks!

#14 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:04 AM

Posted 28 July 2011 - 08:56 PM

As you have now posted a log in the Advanced Malware forum, please follow only the advice of the tech that takes your log. Response times are currently longer than normal due to high volumes of logs submitted. Good luck with the cleaning of your computer - you are in good hands!

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users