Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am Desperately In Need Of Some Help!


  • Please log in to reply
5 replies to this topic

#1 jethro

jethro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 20 September 2006 - 01:50 AM

I know that my computer is infected by something horrible, actually I have removed several viruses, adwares, and other nasty things, but I keep finding executable files on my computer like:

Intell321.exe
kernels8.exe

...and others that I am sure that I am not recognizing. The real problem is that my computer does not even let me get on to any sites to download fixes. What do I do?

Mod Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 20 September 2006 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 rubiconeye

rubiconeye

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 20 September 2006 - 05:14 AM

hi, Jethro,

see the links below:

http://www.bleepingcomputer.com/startups/i....exe-14357.html

http://www.bleepingcomputer.com/startups/k....exe-14668.html

there's instructions there to help

good luck

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:28 PM

Posted 20 September 2006 - 12:59 PM

Use Startup Inspector (which is much easier to use than msconfig - the Windows utility) to disable malware from starting when you boot your computer.

Startup Inspector – freeware (manages startup menu – helps you identify aps in the startup menu so you can disable unnecessary programs or malware aps from running in the background when they are not needed)

And

Startup Monitor (a small freeware ap available on the same page to notify you and require your permission for any program to add itself to your startup menu)

http://www.windowsstartup.com/download.php

Once you disable them you should be able to use anti-malware aps.

You should also use safe mode with networking.

Here are a few web based anti-malware scans (you must use Internet Explorer because these use Active X to work)

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these as they require ActiveX to function.)

Windows Live Onecare Free Scan
http://safety.live.com/site/en-us/default.htm
Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
and
File scanner and virus scanner
http://www.kaspersky.com/scanforvirus


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Avast Online scan
http://onlinescan.avast.com/

F Secure online scan
http://support.f-secure.com/ols/start.html

Ewido Online scan
http://www.ewido.net/en/onlinescan/


Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm


I also suggest that you post a Hijack This log in our Hijack This forum as directed below:

Run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your malware infection.

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having had 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

After you post your log, please do not make any changes to your computer. Discontinue trying to delete anything with any program as changes will make your HJT log obsolete and waste valuable time spent by our HJT experts analyzing the log made innacurate by changes and therefore their plan formulated to address the problems will also be obsolete.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.
http://www.bleepingcomputer.com/forums/topic14717.html

Make sure you post your HJT log in the HJT forum, not here, because if you post it here in this forum the response from our HJT Team will be delayed because the post will have to be moved before they see it and it will fall in line behind many others posted that same day.

Edited by Enthusiast, 20 September 2006 - 01:00 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:28 PM

Posted 20 September 2006 - 02:04 PM

Hello jethro

Those two files are related to a smitfraud infection. If you cannot download anything from the Internet, then see if you can use a friend or family member's computer to download the programs required in the following instructions - also download the HijackThis program in case you need it later. Save all the program files to a CD or USB stick and transfer them to your computer. Then, if your running Win XP or 2000, proceed with the below instructions. Make sure you read the Ewido instructions prior to downloading and saving the files as you will find a link in there instructing you to download the current signature definitions. They may be needed if you have a problem doing an update after installation.

Please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet.
Print out the Ewido Install and Scan Instructions.

Go here and follow the instructions for using SmitfraudFix. Read "How to create/extract a ZIP File in Win ME/XP/2003" or "How to create/extract a ZIP File in Win 9x/2000" if your not sure how to do this.

After using the tool reboot again in "SAFE MODE" and Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click "Delete Files" under Temporary Internet Files.
  • In the Delete Files dialog box, tick the "Delete all offline content check box", and then click "OK".
  • On the General tab, click "Delete Cookies" under Temporary Internet Files, and then click "OK".
  • Click on the Programs tab then click the Reset Web Settings button. Click "Apply" then "OK".
  • Click "OK".
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click "Ok" then "Apply" and "Ok".

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then scan with Ewido per the instructions you printed out and reboot back to normal mode.

If you still have problems afterwards then follow the instructions Enthusiast posted for creating a hijackthis log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jethro

jethro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 20 September 2006 - 11:13 PM

Thanks for your advice everyone. I did all you recommended and posted a hijackthis log as well. Although, I am still not able to do any updates. I keep getting this error code:

[Error number: 0x800A1391]

Is there still something wrong with my computer?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:28 PM

Posted 21 September 2006 - 04:30 AM

Read the note that Enthusiast wrote in his post reference "Once you have posted your HJT log...do not make any changes to your system. Please be patient. A member of the HJT Team will walk you through, step by step, on how to resolve the issues with your computer.

jethro's log is posted here: http://www.bleepingcomputer.com/forums/t/65999/win32small/
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users