Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista: Pc had a virus twice, and now there's lots of Error Messages.


  • This topic is locked This topic is locked
11 replies to this topic

#1 TheUltimatum7

TheUltimatum7

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 August 2011 - 09:42 AM

I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus. (http://download.cnet.com/Corel-VideoStudio-Pro/3000-13631_4-10029706.html)

The First Time:

I downloaded the virus, and I got the Blue Screen of Death, the PC automatically restarted, and when it did, I realised Norton 360 had become disabled, and was saying my PC was under threat, so I went to safe mode, restored a day or two back and then scanned with Norton - there weren't any problems. My PC was then running normally, but a little slower. I downloaded Advanced SystemCare and Malwarebytes - and I deleted a lot of files under Advanced SystemCares instructions.

The Second Time:

I downloaded the virus again, and I got the Blue Screen of Death, the PC automatically restarted, I went to Safe Mode, and restored it to a few hours back, I think. I had downloaded Advanced SystemCare and Malwarebytes prior to the second time, so I used all these 3 anti-virus in safe mode, all came up with no infected files/virus etc... But with Advanced SystemCare, I decided to use a few tools in the toolbox such as "Clone Files Scanner" - which deletes clone files to free up space, amd I used the registry cleaner.

When I started the PC again in normal mode after scanning with the anti-viruses, it started up with a few errors which didn't normally come up such as: "Cannot Open File C:\ProgramFiles\PackardBell\SetUpMyPc\CloseOff.bmp" and "[Open Event]Failed to perform desired action. Error Code 2." I had also noticed all the System Restore files had been deleted, and there was some error message coming up with that too. My Pc has become drastically slower, and was freezing much more.

I'm unsure as to whether it was the Advanced SystemCare which did this or the virus... Having searched my computer for "Corel", there are still numerous files, which I can't seem to delete - although the programme itself doesn't appear to be in my desktop or in the control panel. I have tried using the "Undelete Files" feature in Advancd SystemCare, but it didn't work properly. After about 20 attempts, it deleted about 1000/17,000 deleted files.

My questions are do I still have the virus in my system, and how do I get rid of all the error messages which have randomly appeared + why has my PC become so slow?

Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 19 August 2011 - 02:41 PM

Hello, let's get a second opinion on the malware first.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TheUltimatum7

TheUltimatum7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 August 2011 - 06:14 PM

Hi,

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7511

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

19/08/2011 22:19:38
mbam-log-2011-08-19 (22-19-38).txt

Scan type: Quick scan
Objects scanned: 191135
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---

C:\Users\Nabeel\AppData\Local\Temp\JszONOIO.zip.part a variant of Win32/Keygen.AU application deleted - quarantined
C:\Users\Nabeel\AppData\Local\Temp\sYe99a6n.zip.part a variant of Win32/Keygen.AU application deleted - quarantined
C:\Users\Nabeel\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Nabeel\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats deleted - quarantined



On a separate note, would these Antviruses work together and are they recommended? Norton 360/ESET Smart Security + Malwarebytes + ZoneAlarm/Other?

Thanks.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 19 August 2011 - 07:32 PM

You can only have one active Antivirus eg. ESET Smart Security
Malwarebtes is not an AV and will work all AV's

You infected yourself with a keygen.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TheUltimatum7

TheUltimatum7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 August 2011 - 07:57 PM

Hey,

Thanks for the quick reply. I followed this tutorial: <link removed for security reasons> - and because it had a high like:dislike proportion, I assumed it was safe. But I cannot seem to find the keygen, I am pretty sure I did not delete it, but I can not find the file in this video anymore.:S

And regarding the Antivirus - which would you choose out of Norton 360 & ESET Smart Security... and would that work with Malwarebytes + CCleaner?

Edited by elise025, 31 August 2011 - 01:16 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 19 August 2011 - 08:28 PM

I believe we've removed it as it went into SONOIO.

To clear out Corel.. Use REVO

Here is how to use Revo Uninstaller:

1) First we download it from here: Revo Uninstaller Free Version. You can skip this Step if you already have it installed. However, you may need to update it. If you have it installed already, and you need to update it, go ahead and open it up and click the AutoUpdate Icon next to Help. The use of this program makes registry changes based upon what you select for removal from the Registry. Before running Revo Uninstaller please run ERUNT before proceeding to back up your registry in case you make a mistake.

2) Select the Program to remove from the list of programs and click the Uninstall button:

Posted Image



3) After selecting the program you want to remove, and confirming you want to uninstall the program, then you will want to select the Advanced Option:

Posted Image



4) Click Next. This will start the uninstaller for the application you picked. When the uninstaller is done, and it proves to be successful, and a reboot is required, then select NO and continue the below steps.

5) Follow the prompts during the uninstallation of the application. Once it closes you will be at this window:

Posted Image



6) Click Next again. Once the window is done scanning for files and other things that did not get removed, you will be presented with this window:

Posted Image

.

You will want to select only the bolded items, then click on Delete. If any entries-usually the last thing listed and not in bold-have a + sign click on the + until you see more bolded items. Once done, click Next.

If it asks you to delete other files, then do so, but pay attention to the warnings.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 TheUltimatum7

TheUltimatum7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 August 2011 - 09:05 PM

Hi, I followed your steps, but Corel was not in the list in the Revo Uninstaller.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 19 August 2011 - 09:24 PM

I guess that's a good thing. Lets do an Online scan and tell me what issues are left.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 TheUltimatum7

TheUltimatum7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 20 August 2011 - 12:03 PM

No long was produced, because there were no threats found; so I assume my PC is now safe?

Just another thing, perhaps a little off topic, but I really want to be safe before I go out of safe mode. Would this setup be advisable and what could I adjust to make it safer?

ESET Smart Security/Norton Internet Security(Which?) + MalwareBytes + Registry Cleaner(CCleaner)

Thank you for your help, much appreciation.


EDIT: I just decided to do the MalwareBytes Full Scan again, and objects are coming up as infected. I'll post a log once it's complete.

EDIT:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7511

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

20/08/2011 20:55:54
mbam-log-2011-08-20 (20-55-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 316638
Time elapsed: 1 hour(s), 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Corel\corel videostudio pro x4\de-DE\AboutBox.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\es-ES\splashscreen.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\fr-FR\AboutBox.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\it-IT\Content\common\todobackground.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\ja-JP\splashscreen.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\ja-JP\Content\common\todobackground.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\Paper\Paper10.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\Paper\Paper15.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\Paper\Paper31.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\Corel\corel videostudio pro x4\Paper\Paper38.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.


The Corel file seems to have reappeared in Program files, although I cannot seem to find it in Control Panel or RevoUninstaller :/ What should I do?

Edited by StoneWall_, 20 August 2011 - 03:14 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 20 August 2011 - 04:00 PM

I think we should move and start a topipc on the Corel issue, We need to find it and the MR people should be able to see what is up.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 TheUltimatum7

TheUltimatum7
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 20 August 2011 - 07:02 PM

Hey, I've done it... right, hopefully. http://www.bleepingcomputer.com/forums/topic415367.html

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:31 AM

Posted 20 August 2011 - 08:42 PM

You did well. It may be a day or 2 but all logs are answered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users