Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Virusburst


  • Please log in to reply
1 reply to this topic

#1 tibitendwa

tibitendwa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 08 October 2006 - 04:33 AM

I am infected with virusburst spy-ware that keeps having a pop-up baloon that says I'm infected. It has also loaded a tool bar onto my browser that I cannot remove.

I followed all the rogues scan fix and the other direction steps, but it did not remove the program.

Here is the contents of the roguesscanfix\task.txt

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


Please help.

Thanks.

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2006 - 06:25 PM

Hi tibitendwa and Welcome to the Bleeping Computer!

If you have not installed HijackThis yet,please follow the instructions in the link below to install,scan and save a logfile with HijackThis.

How to use HijackThis


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



Post back with the report from SmitfraudFix and a HijackThis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users