Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, gentlemen. I require assistance with VB.


  • Please log in to reply
17 replies to this topic

#1 Lehr

Lehr

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 15 January 2013 - 07:03 PM

Hello, good sirs and or madams. I come to you tonight with a bit of a problem.

late last night, against my better judgement (At the late hour of two AM EST) I installed file shredder. It turns out, Cnet is a hub for malware from what I can tell. (Well, I'd assume so.) Seeing as I had to uninstall and rip quite a few addons out by hand, and with Spy-bot search and destroy. Oh, and Malware bytes made an appearance as well. Norton 2012 did, but she crashed after I lagged her out due to playing a game and scanning at the same time. While I believe this may not have been a virus, or malware, the chance that it is still bothers me.

SpyBOT deleted roughly ten PUPSC on it's own, Malware bytes another three. While I am unsure as to if these are viruses, or just unneeded programs, I decided to come here. Now, for a simplified list of what I've done:


1. Downloaded fileshredder and accidentally might've infected myself.

2. Freaked out for five minutes, booted up SpyBOT and Malware bytes.

3. Scanned with both, restarted after a failed restore attempt (This has happened before, the restore attempt failing so I don't believe it to be a symptom.)

4. Scanning again, Malware bytes is currently looking over my system, and Spy-bot has just finished saying 'You're clean.'

5. Checked my firewalls over and over, no activity save me reconnecting to the internet after I crashed my AV (At-least I believe that was my fault.)

6. I ripped several addons out by hand, and through the programs list.

7. I removed at-least a dozen things from my firefox, google chrome and IE explorers addons.

8. Rebooted my Vista based windows gaming computer, everything seems to be incheck. The only issue I have forseen is: It took me to the VB home page, nothing related to a 'virus', I suppose, lest I be naive in my young age and computer experience.

Should I be worried? This thread: http://www.bleepingcomputer.com/forums/topic481288.html is what lead to me making my own with the inquiry of 'Will Spy-bot and malware bytes/windows defender/Norton be enough to find and purge it?


Programs used: Spy-bot, Malware bytes, Norton and soon windows defender once the third finishes.

Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category
2013-01-15 16:02:04,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:24be:3461:3f57:fdfd).",Detected,No Action Required,Firewall - Network and Connections
Protecting your connection to a newly detected network on adapter "Teredo Tunneling Pseudo-Interface" (IP address: 2001::9d38:953c:24be:3461:3f57:fdfd).

Oh, and that seems to be popping up in recent activity.

I do hope this will gain some attention, and I do apologize if any of this is 'odd' in the eyes of others, I'm just trying to salvage my machine (If it isn't already clean.)

Oh, and it attempted to install some power point crap. I deleted it as soon as I noticed it.


Edit: I have yet to have any form of real 'random redirects' save my homepage being replaced with Visual bee's. That, and the small coupon thing that for some reason made certain words on a forum I go to links to coupons.

Also, Malwarebytes froze up twice on the scan, but it's found one thing so far. Should I be worried, or no?

http://pastebin.com/sumAiG9m Malwarebytes scan.

Edited by Lehr, 15 January 2013 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 16 January 2013 - 12:44 AM

Hi kids, any response? Sorry if I seem impatient, just don't wanna risk turning my pc off and it coming back or something stupid.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 16 January 2013 - 12:07 PM

Hello.
A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.

Lets look at two more scan logs and a system log
ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Junkware Removal Tool
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 16 January 2013 - 05:07 PM

http://pastebin.com/xt1xB197 - Adware scanner thingy you had me DL.

http://pastebin.com/qcjuumKG - Minitoolbox.


Junk thingy isn't being allowed to download, according to everything I use it has a malware attachment on it. >_> (And yes, I turned it off.)

Also, that Trojan from the malwarebytes is probably just from some website, right?

Edited by Lehr, 16 January 2013 - 06:26 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 16 January 2013 - 11:59 PM

Hello, it appears we removed the issue..
JRT is a legitimate tool we created here. Actually I did not see an installed antivirus to block it.

that Trojan from the malwarebytes is probably just from some website, right?
I would suspect it was something you downloaded... from a page or email..

It has password stealing capabilities ,so you should change your passwords.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 17 January 2013 - 01:01 AM

It does? Well hell, how sure are you? And I will change my passwords, I suppose. What trojan is it? And can I tell if it went live? Nothing of mine has been stolen yet, it was on the PC for two days. Uhh.

Wait, I think I got it from this community I was going to game at. They have these things called 'content' packs. Regardless, I think I should be more wary. I don't download anything from emails, and I only download from Steam/Another gaming community. Regardless, I thank you for your help. If you can think of any other way it could've gotten on, please tell me.

Edited by Lehr, 17 January 2013 - 01:31 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 17 January 2013 - 10:31 AM

Hello,while I cannot say exactly how do to the various methods of infection...I will say that some online game sites and installer bundles can open you up to infection.

Some installers leave junk in your TEmp folder so lets dump that too.
Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Simple and easy ways to keep your computer safe and secure on the Internet
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 17 January 2013 - 11:04 AM

Is this needed? I mean, I'll get it soon but I just feel odd having to dl all of this. Anyway, yeah. Everything seems to be kosher for now, so I think I' m safe but eh.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 17 January 2013 - 11:09 AM

Up to you.. It's not a lot and you may have malware in your Temp folder.. and no Antivirus..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 17 January 2013 - 11:14 AM

... I have Norton? It's installed and running right now, friend.


Update: Yes, Norton is online and functioning correctly. (Yes, it's the genuine copy, I renew it each year.)

The TFC tool you gave me cleaned 751 megabytes of bleepe up, unknown if it removed any viruses. My PC booted up perfectly fine. (total time was 20 seconds. No, I'm not showing off.)

Should I do this every week? Scanning at-least. Though, my PC seems a little faster now in ways, a little slower perhaps.


http://img818.imageshack.us/img818/4072/hibloopme.jpg - Proof of it being online and running.

Also, I thank you for taking time out of your day to help little old me. (Ignore the AMV in firefox.)

Edited by Lehr, 17 January 2013 - 11:47 AM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 17 January 2013 - 11:47 AM

Ok, I asked earlier and you did not mention one..No Problem.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 17 January 2013 - 01:30 PM

I apologize, when I check this it's usually before my morning jog, or before I pass out due to exhaustion. So, should I just scan with all of this once a week?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 17 January 2013 - 02:36 PM

Thats what I would do every week. The TFC may slow you don for a moment as it removes some things,like cookies from your ususal haunts and they need to be repopulated.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 17 January 2013 - 02:58 PM

Sweet. If I have any other problems, I'll give you a shout.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 17 January 2013 - 08:54 PM

Your welcome!! If you'd like to free up a bit more space.. you can do this.

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users