Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Desperate Plea!


  • Please log in to reply
4 replies to this topic

#1 Elite199

Elite199

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 13 October 2006 - 05:35 PM

I picked up the Toolbar 888 virus/spyware on my computer. I successfully deleted this, but I have many problems still occuring. I am using IE7 and when I create a new tab, it automatically closes IE. It is also trying to access the command prompt to execute a command, however it is blocked because it has performed an illegal instruction. This is what it says:

16 bit MS-DOS Subsytem
C:/WINDOWS/TEMP/WIN2F9~.exe
The NTVDM CPU has encountered an illegal instruction.
CS: 0533 IP: 01a4 OP: 63 72 6f 3c 2f

(The Win2f9~.exe changes, for example one time it was Win<insert random letters here>~.exe)

Now I don't even know what the hell that means but it is really starting to scare me.
I am also getting popups like crazy at least 2-3 with every mouse click.

The adware is marked under Smitfraud-C. in my Spybot S&D's scan results. I have scanned with Spybot, Adware SE, and all types of antivirus programs. I've even put up a firewall for the ADs but it doesnt do anything.

Have I encountered a huge virus and am I screwed like I think I am?
I have searched google and absolutely nothing comes up.
Any help?!?



It is continuing to try to access the CMD prompt, it is getting bad.

I have tried everything I could think of!

Thanks,
-E

EDIT: please let me know if there is any more information you need.
Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 13 October 2006 - 07:20 PM.


BC AdBot (Login to Remove)

 


#2 fleamailman

fleamailman

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Location:geneva switzerland
  • Local time:04:21 AM

Posted 13 October 2006 - 05:47 PM

here is a link to the steps taken against malware, once these steps are over and if the malware remains the link with then explain what to do

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you do restart a thread their later remember to edit this thread as moved in the first post please.
everyday is a gift

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:09:21 PM

Posted 13 October 2006 - 05:51 PM

Start the System Restore tool at a command prompt
1. Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

For additional information about the Safe mode with a command prompt, click the following article number to view the article in the Microsoft Knowledge Base:
315222
http://support.microsoft.com/kb/315222/
A description of the Safe mode boot options in Windows XP
Start the System Restore tool at a command prompt

1.Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

2.Log on to your computer with an administrator account or with an account that has administrator credentials.

3.Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

4.Follow the instructions that appear on the screen to restore your computer to an earlier state.
http://support.microsoft.com/kb/304449/

Choose a date from before the problem began.

Once the System Restore is complete I suggest you run a Windows One Care Free Scan

Go to Windows Live Onecare Free Scan
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download an Active X component.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite a while, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.

#4 Elite199

Elite199
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 13 October 2006 - 06:25 PM

Start the System Restore tool at a command prompt
1. Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

For additional information about the Safe mode with a command prompt, click the following article number to view the article in the Microsoft Knowledge Base:
315222
http://support.microsoft.com/kb/315222/
A description of the Safe mode boot options in Windows XP
Start the System Restore tool at a command prompt

1.Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

2.Log on to your computer with an administrator account or with an account that has administrator credentials.

3.Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

4.Follow the instructions that appear on the screen to restore your computer to an earlier state.
http://support.microsoft.com/kb/304449/

Choose a date from before the problem began.

Once the System Restore is complete I suggest you run a Windows One Care Free Scan

Go to Windows Live Onecare Free Scan
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download an Active X component.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite a while, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.


Thanks for the post.

However, I have tried your method twice and both times failed. It is possible it could have disabled restoring to an earlier date?

:thumbsup: i'm doomed

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:09:21 PM

Posted 14 October 2006 - 08:16 AM

You aren't doomed.
It is possible that you or malware has disabled System Restore and even the anti-virus and anti-malware aps on your computer.

Here is the next step:

Run The Windows OneCare Free Scan (on-line scan)
To run the Windows One Care Free Scan
Go to Windows Live Onecare Free Scan site using Internet Explorer.
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" offer on the right side.

Allow the download of an Active X component.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite a while, possibly two hours or so depending on the size of your hard drive is and how fragmented your registry and drive may be.

After completing the Windows OneCare Free Scan run both Adaware and Spybot Search and Destroy from safe mode, updating each program’s malware definitions before you reboot into safe mode to scan and allowing both to fix what they find.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE:
http://www.majorgeeks.com/download506.html

*Spybot S&D:
http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log in the “Hijack This” Logs and Analysis Forum for expert assistance with your malware infection.

Read the pinned post in our “HijackThis Logs and Analysis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions carefully.

Following the instructions create a HJT log, and POST THE HJT LOG THAT YOU CREATED IN OUR HJT LOGS AND ANALYSIS FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (i.e., what processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a short period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Posting your Hijack This log anywhere but in the Hijack This Logs and Analysis forum will delay their response as it will require a moderator to move the log there before the HJT Team will see it and it will fall behind other logs posted after yours was posted, so be sure to post your log in the Hijack This Logs and Analysis forum.

Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT Logs and Analysis forum thread you created until you get a response from a member of our HJT expert team, and do not make any additional changes to your system (changes, including any attempted repairs, will make your computer to be different than as represented in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having had 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

After you post your log, please do not make any changes to your computer. Discontinue trying to delete anything with any program as changes will make your HJT log obsolete and waste valuable time spent by our HJT experts analyzing the log made inaccurate by changes and therefore their plan formulated to address the problems will also be obsolete.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.
http://www.bleepingcomputer.com/forums/topic14717.html

Make sure you post your HJT log in the HJT forum, not here, because if you post it here in this forum the response from our HJT Team will be delayed because the post will have to be moved before they see it and it will fall in line behind many others posted that same day.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users