Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP-Defender removal instructions didn't work


  • Please log in to reply
7 replies to this topic

#1 Alliecat

Alliecat

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:08:31 AM

Posted 15 December 2012 - 04:18 PM

I have XP defender virus. Had to borrow a slow old computer in order to get on the internet to get the instructions for removal. Last time I used a bleeping computer removal guide, it worked. This time, it didn't.
I have run the instructions from http://www.bleepingcomputer.com/virus-removal/remove-xp-defender-2013/ twice through, carefully following the steps. The version I have does not look quite like this; it doesn't have a date, but wherever I've looked for help, all the instructions refer to "2013". Does this make a difference?
I have run 2 versions of rkill as instructed. The 2nd time it said it hadn't found anything. The 2nd time I ran MBAM it said it didn't find anything. I ran it in safe mode; I restarted in safe mode, then I restarted in normal mode. I also tried "file assassin" in MBAM which seems to have taken the XP Defender shortcut off the desktop but the program is still running. I can't get onto the internet or download anything onto the infected computer.
What can I do? :( Is there another version of removal instructions?

[Edit: just tried to shut down computer & got 2 "program not responding" windows for something called Apoint.exe . Never seen that before.]

Edited by Alliecat, 15 December 2012 - 04:21 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:31 PM

Posted 15 December 2012 - 08:05 PM

Hello -
There are several versions of this same Rogue Infection that all look basically the same - Are you now able to use Normal Mode ??

FIRST -
Download, Install and Update both Malwarebytes Anti-Malware Free and SuperantiSpyware Free
If you do have either of these already installed, please make sure that you Update the programs first.
Once Updated, please run a Full scan with both programs and post the logs back here -

NEXT -
Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

NEXT -
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices >>(Problem only)<<
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt) in your next reply -

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

NEXT -
Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on SEARCH.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

LAST -
Please download Junkware Removal Tool to your desktop
Junkware Removal Tool by thisisu
•Shut down your protection software now to avoid potential conflicts.
•Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt into your next reply.

From here we should be able to see if there is any of the Rogue Infection remaining.

Please tell us if you still have problems after this -

Thank You -



#3 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:08:31 AM

Posted 15 December 2012 - 11:52 PM

Hi, thanks for your reply.

"FIRST"
NO, I can't run in normal mode; as stated, the virus is still there.
MBAM won't run at all in normal mode; it generates a virus warning window instead.
I've run these things in safe mode; MBAM says it can't find anything in either admin or my account (I am the only user).
BTW system restore doesn't work either. "Micosoft Windows Setup Utility has encountered a problem and needs to close".
I don't see an option for attachments, so here are the logs from what is probably the 4th time I ran these:

Rkill:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/15/2012 11:31:10 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to 4g!
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/15/2012 11:31:43 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)

.....
MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
user :: USER-60D1355EAD [administrator]

12/15/2012 11:33:48 PM
mbam-log-2012-12-15 (23-33-48).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256741
Time elapsed: 21 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

........

Super anti spyware found only cookies.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/16/2012 at 00:29 AM

Application Version : 5.6.1014

Core Rules Database Version : 9747
Trace Rules Database Version: 7559

Scan type : Complete Scan
Total Scan Time : 00:26:16

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 259
Memory threats detected : 0
Registry items scanned : 35477
Registry threats detected : 0
File items scanned : 28725
File threats detected : 131

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\user\Cookies\user@adinterax[2].txt [ /adinterax ]
C:\Documents and Settings\user\Cookies\user@ads.networldmedia[1].txt [ /ads.networldmedia ]
C:\Documents and Settings\user\Cookies\user@adtechus[1].txt [ /adtechus ]
C:\Documents and Settings\user\Cookies\user@advertising[1].txt [ /advertising ]
C:\Documents and Settings\user\Cookies\user@apmebf[1].txt [ /apmebf ]
C:\Documents and Settings\user\Cookies\user@at.atwola[1].txt [ /at.atwola ]
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt [ /casalemedia ]
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt [ /doubleclick ]
C:\Documents and Settings\user\Cookies\user@hearstmagazines.112.2o7[2].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\user\Cookies\user@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\user\Cookies\user@media6degrees[2].txt [ /media6degrees ]
C:\Documents and Settings\user\Cookies\user@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\user\Cookies\user@networldmedia[2].txt [ /networldmedia ]
C:\Documents and Settings\user\Cookies\user@revsci[2].txt [ /revsci ]
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\user\Cookies\user@torstardigital.122.2o7[2].txt [ /torstardigital.122.2o7 ]
C:\Documents and Settings\user\Cookies\user@vitamine.networldmedia[1].txt [ /vitamine.networldmedia ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\system@click.imagesearchanswers[1].txt [ Cookie:system@click.imagesearchanswers.com/ads-clicktrack/click/ ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
360.sorensonmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.hearstmagazines.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ads.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.rbc.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.televisionfanatic.dl.mywebsearch.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.mywebsearch.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.cbsdigitalmedia.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J8DTSQ1C.DEFAULT\COOKIES.SQLITE ]

.....................

"NEXT"

"Security check" does not work, in either normal or safe mode. When I double click it in safe mode, I get a virus window.
Since it's 1:30 a.m. & I am exhausted after wasting all day on this, I'm stopping for tonight.

PS. I also tried DDS as recommended here: http://www.bleepingcomputer.com/forums/topic34773.html .
In both safe & normal mode, it simply hung. The little blue progress bar went 3/4 of the way across & stopped. No further indication of activity from the processor; no lights, no nuthin'. Says it should take 3 minutes. After 10, with everything seized up, I had to use the power button to shut it off.

Edited by Alliecat, 16 December 2012 - 12:36 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:31 PM

Posted 16 December 2012 - 01:23 AM

MBAM won't run at all in normal mode; it generates a virus warning window instead.

Hello -
I do understand that an infection may be blocking Malwarebytes from Installing or running
Unless you decided to uninstall the program for some reason, it will still exist in All Programs.
You told me that you have installed the program, and there are extras with this tool to help in cases like this.
Please go > Programs > Malwarebytes > across to Tools > Chameleon and click on this -
You will find about 10 or 12 boxes numbered , #1 , #2 , 3# , etc and directions on how to click on each one -

This is the similar to running a normal scan with Malwarebytes and it will bypass the blocking infection -
Some types of malware will target Malwarebytes and other security tools to keep them from running properly..

Please try to run the MiniToolBox program, as this contains many details that we need to see -
DDS and several other logs are not allowed in this area of the forum, and only in the Malware Removal area.

If you would prefer the topic placed in that area please tell me prior to going any further -

Thank You -



#5 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:08:31 AM

Posted 16 December 2012 - 05:12 PM

All 12 of the MBAM "chameleon" boxes came up with a green check mark & "tested". Nothing else happened.
Mini tool box does not work. Generates virus window & will not open. Virus has infiltrated safe mode too now. Things seem to be getting worse.
In normal mode it does the same thing. Trying to run it off the usb drive generates "Microsoft Windows Setup Utility has encountered a problem and needs to close".
Move this wherever if you need to.
Thanks.

Edited by Alliecat, 16 December 2012 - 05:14 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:31 PM

Posted 16 December 2012 - 05:28 PM

Thank you for this update - You must now post in the Malware Removal area -
Please follow the directions below (as much as you can) even if you need to post from another computer, as your system is now badly corrupted -

Please follow the instructions in ==>This Guide<== starting from step :step6: .
If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, and what you have done to resolve them, and a link to Post #1 of this topic.

If you can produce at least some logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow His Step One so it will report your topic to the team members.

Sorry that we can no longer assist you here, but your system must be treated very carefully for the moment -

Thank You for your patience -



#7 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:08:31 AM

Posted 16 December 2012 - 11:28 PM

...is my system "now badly corrupted" because I followed bleeping computer instructions rather than taking it immediately to a repair person...?... I may never know. However, since as previously stated, DDS doesn't work, & the "step 6" for posting in the malware forum is about running DDS & posting logs, there seems little point in floundering along further with a post that basically says "my computer doesn't work and I can't follow your guide". Computer has gone to local fixit guy, in whom my confidence is equally thin.
Thanks for trying, at least.

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:31 PM

Posted 17 December 2012 - 12:30 AM

Thank you for the reply -
Your system could have been fully repaired by the area that I directed you to as we are limited in this area of the forum
The infection just needed to be stopped and they could have used other repair tools to Fully assist you with that problem.

You posted to the Am I Infected area, and I confirmed that there was a severe infection that needed Expert help to fix it.

The choice is always yours to take the computer to another person, and we always agree with your decision on who repairs it -

Good luck with your repair shop -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users