Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Virusburst


  • Please log in to reply
3 replies to this topic

#1 Slider_1128

Slider_1128

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 08 October 2006 - 01:25 AM

Ok i got the receive warnings in my task bar stating that you are infected with spyware and to run its special anti-spyware tool, VirusBurst. So i looked it up and found a post by Ginler on " How to remove VirusBurst (Removal Instructions)"

I followed all of the instructions and the Warning that wouldnt go away went away. Also i like to mention since this has happened i cant get to my task manager with Ctrl-alt-del. It was gone but i still cant access my taskbar. I was looking around on net for solution for this when i got the warning again...it was jsut a flash and if i close it its gone for a while. But comes back later. Granted the continues one on my task bar went away but the new on still pops up every now and again and i still cant access my task bar.

I open C:\Program Files\RoguesScanFix\task.txt and can paste it below
===========================
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
===========================
Ok now if you wanna know where things didnt go just like the step by step thing then its starts when it told me to log onto Administrator, when i do this i dont have the things i downloaded so i accessed it by under desktop of the user name (i didnt know if this would effect it). The instructions say:

"When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.

If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.

Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and smitRem will prompt you to continue. Now you should press any key to continue.

When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When smitRem has finished running it will automatically start the Disk Cleanup program as shown by the image below."


Now i read each screen and hit spacebar to continue but at end nothing happens...i wait but nothing happens...wondering if you have answer for this.

Also i ran the Panda thing and got 3 Virus which all 3 where disinfected, But got 83 detected spyware's, and 5 Highjacking tools or potentionally unwanted tools.

Any help would be great...I can try the manual one but im scared to screw up my computer.

Thanks for your help.
Email:Slider_1128@hotmail.com

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 PM

Posted 08 October 2006 - 06:46 AM

Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. That means everything found by Panda ActiveScan may not be bad. For example, process.exe is part of the smitfruad fix tool and detected by some antivirus programs as a "RiskTool", "Hacking tool, or "Potentially unwanted"; it is not a virus, but a program used to stop system processes. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If the self-help guide did not work, and your still having problems, and if your using Win XP or 2000, do this.

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update AVG Anti-Spyware 7.5. DO NOT perform a scan yet.
Print out the AVG Anti-Spyware Install-Scan Instructions.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Go here and follow the instructions for using SmitfraudFix. You will have to extract the zip file to you Desktop.
(Click here for information on how to do this if not sure. Win 9x/2000 users click here. If you need an unzipping utility, download 7zip (its free).

After using the tool as instructed, reboot again in "SAFE MODE" and double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe to install and use the default settings for installation.
  • Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • Select close to exit the program.
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.

Then perform this online Virus scan: Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Slider_1128

Slider_1128
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 08 October 2006 - 11:06 AM

Quietman7 you rock. Its been an hour and nothing has poped up!!

Trendmicro Housecall 6.5 didnt find anything, so im hopeful.

Gonna leave my computer running when i go to work and hopeing nothing pops up while im gone. If you want i can post the reports i got but only think i will do that if i come back from work and something bad managed to stay.

Anyway man thanks for your time.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 PM

Posted 08 October 2006 - 01:29 PM

Your welcome.

If your not having any more problems, then you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users