Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusburst Infection


  • Please log in to reply
4 replies to this topic

#1 pogoj

pogoj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 01 September 2006 - 11:51 PM

Hi. I have run the posted automated removal instructions for removing this annoying VirusBurst, but it's still blinking away in my taksbar. The Panda online scan also uncovered quite a few spyware cookies and two viruses -- despite my use of McAfee and Windows defender.

At any rate, any assistance would be much appreiated. I have pasted the content of the RoguesScanFix txt file below:


Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}"="gorgonian"


sharedtaskkey: e944d14a-03aa-43e3-9d0e-4f50c4d1b005
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}\InProcServer32]
@="C:\\WINDOWS\\system32\\eowygj.dll"
"ThreadingModel"="Apartment"

BC AdBot (Login to Remove)

 


#2 pogoj

pogoj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 03 September 2006 - 05:38 PM

I am probably doing this incorrectly - answering my own question.

I found a resource that differed somewhat, but it did remove the VirusBoost malware. The instructions can be found at the link below

Edited to remove commercial Link - Grinler

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 AM

Posted 04 September 2006 - 07:57 AM

Hey there pogoj, welcome to Bleeping Computer. Sorry for the delay in the reply.
I would imagine you are using the self help instructions found here:
http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/

If you downloaded RogueScanFix then I assume you followed the automatic instructions - did you try the manual method? You might like to retry the instructions as the tools have recently been updated; be sure to remove any older versions of program like RogueScanFix from your computer before you download them again as they may not be able to remove the specific infection. If you still do not have any luck with those instructions there is an alternative tool that you might be able to remove the infection with.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Let me know how it goes.
David

#4 pogoj

pogoj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 05 September 2006 - 10:49 PM

David, thanks for the welcome and the advice. I appreciate you having taken the time.

As indicated in my second post, I did manage to get rid of the VirusBurst infection, but I guess the link I posted was removed. I should have just cut and pasted the method I used.

At any rate, I have scanned and rescanned and tidied up numerous little messes. All seems to be working well now.

Thanks again.

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 AM

Posted 06 September 2006 - 11:57 AM

You're welcome pogoj.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users