Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Is this a sign of an infection


  • Please log in to reply
12 replies to this topic

#1 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2012 - 08:08 AM

warning your computer is unprotected
update your anti-virus software

this is the warning balloon that keeps popping up

note: one day I did screw up and started drive wiper on ccleaner on the computer and it resulted in losing programs, for future help if necessary.

BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA

Posted 06 June 2012 - 08:37 AM

If this warning is from your anti virus company then you just need to open your antivirus program and re-register or re-purchase the program. If it is not from your antivirus company then you may want to run Malwarebytes.

FYI I have found that unless you are having problems with your computer programs like ccleaner and registry editors can cause more problems than they fix. Just food for thought. :thumbup2:
Hope that helps. Another side note, if you are a home user take a look at Avast. It's free and I really like it.

#3 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2012 - 09:15 AM

Is there anything I can do to help .exe files run smoother like the ones on PC games.
Also how can i recover the lost files that I erased without thinking.
The anti virus program says none is found where can I get some that will work and is free.
the computer has spy-bot search and destroy and malwarebytes.

Edited by Alec Emerine, 06 June 2012 - 09:21 AM.


#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 06 June 2012 - 09:48 AM

I'm not totally sure what your asking about the .exe files. If you can give me a bit more detail. Can you run/execute .exe files?

The best recovery tool I know of so far is Recuva. You can set it to recover deleted files, provided they have not been overwritten.

What Antivirus are you using? I personally like Avast free. I also like the paid version of MBAM (aka Malwarebytes) and Spybot with out tea timer!

#5 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2012 - 12:49 PM

It won't run the .exe files or read them, and I use AVG, Mbam free and Spybot search and destroy.

#6 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA

Posted 06 June 2012 - 01:58 PM

You may still have some malware on your machine. Can you post your malwarebytes log? Are you having any other problems?

#7 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 06 June 2012 - 03:54 PM

I don't know how to post the log.
sorry for not responding sooner but I recovered some of the missing files.
my computer is buggy on the internet and there is a lot of lag, especially when more than one window or program is open.

Edited by Alec Emerine, 06 June 2012 - 04:02 PM.


#8 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 06 June 2012 - 09:36 PM

As far as posting the logs. Just do a copy and paste into your post and see how you get along.
I hope you were able to get back the files you need. Some of us have to learn about backups the hard way. :P
Try to run Tdsskiller and SuperAntiSpyware as stated by Boopme in this post, http://www.bleepingcomputer.com/forums/topic455847.html/page__p__2721777__hl__tdsskiller__fromsearch__1#entry2721777, comments 2 and 4. You could also run the Eset scan as well. Please post the MBAM logs when you get a chance and the tdsskiller log as well.

Edited by Jimbob85, 06 June 2012 - 09:38 PM.


#9 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2012 - 02:48 PM

According to the scan no viruses were detected.
I updated java with the aid from the other forum.
In Recuva what do the yellow green and red dots mean, and I recovered the ones with a green dot by it.

Edited by Alec Emerine, 07 June 2012 - 03:01 PM.


#10 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA

Posted 07 June 2012 - 02:56 PM

Can you please post your logs for MBAM, Tdsskiller (in the root usually c: ) and SAS.

If you have not been able to get them to run try Rkill and IF that doesn't work
try fixexec. Try Rkill first and after it finishes post the log for it and try to run MBAM.

#11 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2012 - 04:11 PM

I m sorry for not adding this sooner but that was the tdsskiller didn't pick up anything but super anti-spyware is.

#12 Guest_Alec Emerine_*

Guest_Alec Emerine_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2012 - 05:39 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2012 at 06:14 PM

Application Version : 5.0.1150

Core Rules Database Version : 8701
Trace Rules Database Version: 6513

Scan type : Complete Scan
Total Scan Time : 02:04:39

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 614
Memory threats detected : 0
Registry items scanned : 36990
Registry threats detected : 12
File items scanned : 65908
File threats detected : 51

Trojan.Anti-Virus Pro
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000\LogConf

Malware.Trace
HKU\S-1-5-21-141322884-3529423975-1400729144-1010\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\DONNA\Cookies\donna@maxserving[2].txt [ Cookie:donna@maxserving.com/ ]
C:\DOCUMENTS AND SETTINGS\EMERINES\Cookies\GM6FD9KW.txt [ Cookie:emerines@avgtechnologies.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\EMERINES\Cookies\GTF4IORI.txt [ Cookie:emerines@accounts.google.com/ ]
C:\DOCUMENTS AND SETTINGS\EMERINES\Cookies\D1210Z9Y.txt [ Cookie:emerines@winzip.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LINDA\Cookies\3QS9R5QH.txt [ Cookie:linda@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@ru4[1].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@imrworldwide[2].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@dc.tremormedia[1].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@pointroll[2].txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@revsci[2].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@lucidmedia[1].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@trafficmp[1].txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adbrite[1].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@yieldmanager[1].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adxpose[1].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@pro-market[1].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@adserver.adtechus[1].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@tribalfusion[1].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@content.yieldmanager[3].txt [ Cookie:system@content.yieldmanager.com/ak/ ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\EMERINES\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVP00001 ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\EMERINES\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVP00001 ]
media.theonion.com [ C:\DOCUMENTS AND SETTINGS\EMERINES\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVP00001 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\EMERINES\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVP00001 ]
cloud.bannergadgets.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCSSTZ4H ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
.oracle.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\LINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z57I47DP.DEFAULT\COOKIES.SQLITE ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\27Y7EVED ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\27Y7EVED ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\27Y7EVED ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
cdn.fondnessmedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HSH8TQ96 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\COOKIES\SYSTEM@ADSERVER.ADTECHUS[2].TXT [ /ADSERVER.ADTECHUS ]

Trojan.Agent/Gen-ImageDocFake
C:\476_1_~1.JPG

Heur.Agent/Gen-WhiteBox
C:\DOCUMENTS AND SETTINGS\LINDA\DESKTOP\INSTALLER_ADOBE_FLASH_PLAYER_ENGLISH.EXE

Trojan.Agent/Gen-Krpytik
C:\TASM\BIN\TDKBD32.DLL

here is the log from super anti-spyware

#13 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 08 June 2012 - 08:01 AM

In Recuva, Green means that the file is in good condition, yellow fair and red poor condition and may not be recoverable.

In your SAS log you did have some spyware. It also had some tracking cookies, which I wouldn't worry about.

If you have any other scan logs, like from you AV, I would like to see them along with MBAM.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users