Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help...virus...i Think


  • Please log in to reply
3 replies to this topic

#1 cd-spencer

cd-spencer

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 04 August 2006 - 08:50 AM

Hi

I think I have a virus that whenever I log on to the internet trys to sell me various different anti-virus software packages...what can I do.

Thanks

CHRIS

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 04 August 2006 - 10:20 AM

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using and when was the last time you ran a scan? Have you performed any anti-spyware scans? If not, start here:

Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.
Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.
[DO NOT choose the option to install TeaTimer]
Note: If you encounter any error messages while downloading the updates, manually download them from here.

If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Print out the Ewido Install and Scan Instructions.

Then perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]

Post back if your still having problems afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 cd-spencer

cd-spencer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 05 August 2006 - 07:35 AM

Hi

Thanks for the reply...I did the various scans that you suggested and deleted a number of things picked up.

In addition the Panda scan picked up the following :

Adware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dll
Adware:adware/adsmart Not disinfected c:\windows\system32\vx.tll
Spyware:spyware/smitfraud Not disinfected c:\windows\system32\ptainfo1.ico
Adware:adware/ucmore Not disinfected
Windows Registry
Dialer:dialer.qi Not disinfected HKEY_CLASSES_ROOT\TypeLib\{9A9C9133-E640-4CA7-81C1-123FAC78855F}
Adware:Adware/Malwarewipe Not disinfected
C:\Program Files\IntCodec\pmsngr.exe
Adware:Adware/Malwarewipe Not disinfected
C:\Program Files\IntCodec\pmmon.exe
Adware:Adware/IntCodec Not disinfected
C:\Program Files\IntCodec\__delete_on_reboot__i_s_a_m_i_n_i_._e_x_e_
Adware:Adware/IntCodec Not disinfected
C:\Program Files\IntCodec\__delete_on_reboot__i_s_a_m_o_n_i_t_o_r_._e_x_e_
Adware:Adware/IntCodec Not disinfected
C:\Program Files\IntCodec\__delete_on_reboot__i_s_a_d_d_o_n_._d_l_l_
Adware:Adware/PestTrap Not disinfected
C:\Documents and Settings\Chris Spencer\Local Settings\Temporary Internet Files\Content.IE5\5BF3XD4E\safetyhomepage[1].htm
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Chris Spencer\Desktop\win32delfkil\Process.exe

Is there anything that I can do about these.

Thanks again for you help so far

CHRIS

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 05 August 2006 - 02:40 PM

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" if your not sure how to do this.

After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click "Delete Files" under Temporary Internet Files.
  • In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".
  • On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".
  • Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".
  • Click "OK".
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click "Ok" then "Apply" and "Ok".

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then scan with Ewido again per the instructions you printed out earlier and reboot back to normal mode.

Next please DELETE the following file(s)/folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them. When found right-click the file or folder and choose delete.

Files:
C:\WINDOWS\System32\MYDLL.dll <-- this file
C:\WINDOWS\System32\vx.tll <-- this file
C:\WINDOWS\System32\ptainfo1.ico <-- this file
C:\Program Files\IntCodec\ <-- entire folder

Then download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users