Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chrome or malware?


  • Please log in to reply
8 replies to this topic

#1 broonster

broonster

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 01 January 2013 - 09:29 PM

high everyone..
i'm running Windows XP Pro SP3 [5.1 Build 2600]x86



i have noticed these files appear in
C:\WINDOWS\Temp\VRR.tmp#<<(number constantly changes)
C:\WINDOWS\Temp\temp#.exe. also appears in the running
processes.
my problem is, when they do my Chrome browser cant connect to the internet
but they don't seem to impact I.E at all

is this a chrome problem or some type of malware

what do you guys think?
Cheers.

BC AdBot (Login to Remove)

 


#2 MDTechService

MDTechService

  • Members
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:12:33 AM

Posted 01 January 2013 - 09:57 PM

Malware.
If I am helping you and I haven't replied to your thread in 3 days, please PM me or bump it

Mike D, BS, A+, HPSP, MCTS
I <3 Linux
The Airline Open source airline simulation game
Check the power cable to the wall first!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 AM

Posted 01 January 2013 - 10:16 PM

Hello, lets run these and see how it is.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.




MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 broonster

broonster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 02 January 2013 - 05:57 AM

First off , i'd like to say A BIG thanks for taking the time to help me out.

1. i downloaded and ran TFC per your instructions.
nice app btw, it's a keeper.
2. downed and ran ESET Online Scanner. it did it's update and proceeded with it's scan.
it took around 4 hours as i have major mega bytes on 4 drives 2 external usb hard drives :crazy:.
around this time i noticed it was frozen @99% while checking C:\System Volume Information. so i terminated the scan.hence no report.txt.

frustrated i ran another program i googled earlier called OldTimer!
well it just hung 4 ever. couldn't even access task manager to stop it.
so i just did a quick reset/restart..
well what do you think happened next? if you guessed "windows cannot find C:\CONFIG.SYS' please insert recovery disk, you were right..!

As it happens i have no recovery disk as i removed it when i slim lined
my o/s with nlite. :blink:
needless to say i reformatted (not quick - the longer one)and proceeded with a clean install.
i have now removed my external drives as they could be the cause.
so now, am i still at risk?

#5 MDTechService

MDTechService

  • Members
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:12:33 AM

Posted 02 January 2013 - 06:15 AM

Until boop hops back on to continue the rampage of virus detecting destruction, I wouldn't foresee any risk following a full format and clean OS install.

There are a few highly (very highly) complex strands of malware that are supposedly able to survive a format and reinstall, but I have yet to see one :)
If I am helping you and I haven't replied to your thread in 3 days, please PM me or bump it

Mike D, BS, A+, HPSP, MCTS
I <3 Linux
The Airline Open source airline simulation game
Check the power cable to the wall first!

#6 broonster

broonster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 02 January 2013 - 07:12 AM

perhaps not. but i feel i'm infected again.
i kept OTL.exe (OldTimer Tools),TFC.exe (OldTimer Tools)and GMER.exe on a zip drive just incase.
i know, not recommended by my bleepingcomputer or my mentor.boopme!
but i felt i needed some pre protection.
so i copied them to my desktop ran them ,nothing happened!
ah well i thought, weird. soon as i tried to open my chrome browser it was like it was being locked somehow, unable to connect to the internet again.
it's almost like they might have been infected as well.

i used commodo time machine to get me back to square one.
awaiting instructions.
p.s i wont run anymore software unless asked too.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 AM

Posted 02 January 2013 - 03:13 PM

Let's take look at the OTL and GMER logs. You need to post them here in a new topic.

Virus, Trojan, Spyware, and Malware Removal Logs

Include this link back here
http://www.bleepingcomputer.com/forums/topic480390.html/page__pid__2936586#entry2936586
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 broonster

broonster
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 07 January 2013 - 04:03 AM

Virus, Trojan, Spyware, and Malware Removal Logs
Re: http://www.bleepingcomputer.com/forums/topic480390.html/page__pid__2936586#entry2936586

again, thanks for your help boompe, i tried in vein to post those logs, but alas my p.c
was far too riddled with viruses to even establish a Lan connection, even with I.E .
hence my late reply.it's literally taken me 4.5 days to reformat my main drive as well as purge
worms from 3 externals. xp's format tool refused to operate i was literally pulling my hair out.

For the record most of the anti virus and scanning tools i downloaded became infected as well after making just 1 scan sweep.
1 antivirus/detection app that worked for a while before it was infected, was ClamWin Portable.
At one stage it had me carrying 250+ malware items across all my drives, observed rootkits in my mbr partition (whatever that means) :blink: before it froze.
This is where i found out that the security apps like OTL,etc..were infected too. ClamWin also reported it was infected as well. :wacko:

My downfall it seems was being impatient. i probably should of waited for your help before i set off on my own fact finding, self diagnosis journey.
running this and that.. I was frantic to find a 5 minute solution.
My juvenile impetuousness just cost me the most part of 40 gb of personal data. WOW! This was one of the most invasive destructive viruses that i ever had the misfortune to come across.

once again guy's thanks for caring and taking the time..
if anything ,let this be a case of what not to do..

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 AM

Posted 07 January 2013 - 01:40 PM

This sounds like what a Virut infection would do and in that case only a Reformat and Reinstall will clean it.

Starting over by wiping your drive, and reformatting it removes everything and ensures no remnants of malicious files are left behind.

When reformatting due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .dll, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you need additional assistance with reformatting or partitioning, you can start a new topic in the appropriate forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users