Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusburst


  • Please log in to reply
9 replies to this topic

#1 pbjim2003

pbjim2003

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 23 September 2006 - 05:09 PM

I downloaded what seems to be a virus today. I have removed the 'viusburst' program using the add/delete programs function. But i still get a 'critical system error' in the lower right corner of my screen. If i double click the box, it opens IE to the virusburst webpage. How do i get rid of it?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:48 AM

Posted 23 September 2006 - 05:13 PM

Follow the instructions in the link below to get rid of virusburst:
http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 col_10022

col_10022

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 23 September 2006 - 05:37 PM

Follow the instructions in the link below to get rid of virusburst:
http://www.bleepingcomputer.com/forums/t/63896/how-to-remove-virusburst-removal-instructions/


I have the same virus. I have followed the instructions for the automatic removal. I am still getting system alert critical messages from the lower right taskbar and I am still getting random internet pages (mostly to antivirus sites) even if I am not running internet explorer or anything.

The text in my C:\Program Files\RoguesScanFix\task.txt file is:

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


I am going to try the manual method. Any advice?

#4 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:48 AM

Posted 23 September 2006 - 05:55 PM

If you scroll down to the bottom of the page where the "manual instructions" are given you will see all the revisions that Grinler has done to keep the removal instructions up to date. If you feel comfortable doing the manual removal, go for it. If you are unsuccessful or feel you need expert help then post a Hijack This log using the instructions found on the same page as the manual instructions. Good Luck to you.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 bud_chevy

bud_chevy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 September 2006 - 08:19 PM

I have tried to use the automated removal tools but when I try to run the roguescanfix by pressing number 1, I get an error 406, unable to retreive specified file, Status 406.
Archive bfu.zip can't be found..
bfu.exe not found please report this to the helper on the forum


Anyone else having this trouble??

#6 pbjim2003

pbjim2003
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 23 September 2006 - 08:46 PM

when i run the roguescanfix i get an error that says 'BFU.exe is not present', 'report this to the helper on the forum' then press any key to continue, which closes the program. What next?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 AM

Posted 23 September 2006 - 09:59 PM

If you get the message BFU.exe is not present, download BFU.zip from here.
Unzip it and place BFU.exe in the C:\Program Files\roguescanfix folder. Then double-click Roguescanfix.bat again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 bud_chevy

bud_chevy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 23 September 2006 - 11:45 PM

that worked and I was able to run the program. However, after following the rest of the instructions I rebooted and I still have the trojan virus alert showing up. Here is my task.txt file:

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


any help ??

thanks

#9 ao_tiger

ao_tiger

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 24 September 2006 - 12:07 AM

I just want to let everyone know that I run the automatic removal as per instruction and it worked. Thanks a million.

You should see in the smitfiles.txt as follows:
_________________________________________________________

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"="PAVWAIT.DLL,C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 776 'explorer.exe'
Killing PID 776 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:
___________________________________________________________

Thank you, Grinler.

I am now a member and will visit your forum regularly

Edited by ao_tiger, 24 September 2006 - 12:08 AM.


#10 pbjim2003

pbjim2003
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 September 2006 - 09:16 AM

Thanks for the help. This was successful for me :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users