Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection?


  • Please log in to reply
8 replies to this topic

#1 Conejita2105

Conejita2105

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 27 February 2007 - 11:27 PM

Ok I'm not sure where to begin with what may be wrong with my pc. I have Ad-aware and AVG Free Edition and I just got Zone Alarm but my computer is running slower and slower. Now when I open Mozilla a message comes up stating that I should Upgrade Roboform Adapter to the latest version or downgrade my browser. This stupid roboform thing is in my toolbars and I can't delete it. Not only that but I can't remove certain things from my add/remove screen. I'll delete Yahoo Messenger but it's still there and every time I turn on the computer it tries to start up yahoo but says it can not be found. About a month ago I removed something called System Alert from my add/remove programs because it was something weird I had never seen before and I also read somewhere on the site that I should remove it. I regularly run Ad-aware and AVG and they are detecting some TrojanZlob thing (sorry I'm not really good with virus names) and at one point some bogus virus cleaner was d/l onto my pc (not sure of the name) but I thought I had removed it. Could that be what's preventing my computer from running normally? I just want to know how to get rid of it if Ad-Aware or AVG isn't getting rid of it. I also run Spybot Search and Destroy but that doesn't seem to help either. Any suggestions of what I should do?[size=4]

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:08 PM

Posted 28 February 2007 - 03:46 AM

You have two different issues here

Roboform Adapter
Please do the following :

In Firefox go to the add on menu under Tools and click on "search for updates "
This should install the latest version of Robocop. Besides the Robocop what more add ons have you installed?

Remove Yahoo Messenger
Do START and than RUN type msconfig go to STARTUP and look for any entries with Yahoo messenger
Unklick when they are there. If you have the Yahoo bar go the Messenger options and untick the option that messenger should start at boot.



First try this :

Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


After you have done this please advise us which other programs you are running

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:08 AM

Posted 28 February 2007 - 01:16 PM

If your using Win XP or 2000, follow the generic instructions for using SmitfraudFix in BC's "How to remove the Smitfraud/Generic Zlob"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Master5270

Master5270

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where am I?
  • Local time:11:08 AM

Posted 28 February 2007 - 03:12 PM

I heard zlob stuff is REALLY BAD, and its spreading through Ads in Websites (myspace) so if you can't remove it, keep following everyones instructions :thumbsup:

#5 ^MavericK!

^MavericK!

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monterrey
  • Local time:11:08 AM

Posted 28 February 2007 - 05:11 PM

I agree. I think one of the issues you have is SmitFraud, removing it will free your PC and make it faster.
I give TechSupport and maybe 8 out of 10 viruses will be related to this.

Have you seen "banners" that will state your PC is running slow, and offer a free scan, don't click on them, cause even reading the disclamer you will be infecet by a so called troyan that can only be removed with their spyware remover.
It's a sad way to sell, but it works, I'm afraid.


Mav

Edited by ^MavericK!, 28 February 2007 - 05:12 PM.


#6 Conejita2105

Conejita2105
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 01 March 2007 - 01:33 AM

"In Firefox go to the add on menu under Tools and click on "search for updates "
This should install the latest version of Robocop. Besides the Robocop what more add ons have you installed?" -Fozzie


no other add-ons were installed that I'm aware of. as for clicking "search for updates" on Mozilla Firefox, it doesn't give me that option under tools nor does it give me the option to "Add" is there another way to get Robocop?


#7 Conejita2105

Conejita2105
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 02 March 2007 - 12:20 AM

Ok so I've used Ad-aware, Spybot, AVG, SUPERAntispyware, DrWeb, Zone Alarm. SUPERAntispyware has detected nothing. AVG was detecting TrojanZlob. Spybot recently detected malware. DrWeb detected 11 uncurable viruses. ZoneAlarm detected the Smitfraud (but that was only detected AFTER I went to the forum on here and downloaded SmitfraudFix.exe, why would it tell me to download a virus? I've run all programs in safe mode.That stupid Roboform is still listed in my toolbars though. Do I need to take any further steps now? Here is the report from DrWeb.

Process.exe;C:\Documents and Settings\sc0rpio2105\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\sc0rpio2105\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\Documents and Settings\sc0rpio2105\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\sc0rpio2105\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
A0057349.dll;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP280;Trojan.Popuper;Deleted.;
A0062086.dll;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP313;Adware.Msearch;Incurable.Moved.;
A0062088.exe;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP313;Tool.Prockill;Incurable.Moved.;
A0062089.exe;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP313;Tool.Prockill;Incurable.Moved.;
A0062090.dll;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP313;Adware.Msearch;Incurable.Moved.;
A0062499.exe;C:\System Volume Information\_restore{B6CE1D80-FFF1-422D-A68B-3E9E662058A8}\RP315;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
[b]

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,533 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:08 AM

Posted 02 March 2007 - 12:36 AM

Well at this point I think you should follow the Instructions for posting an HiJackthis log. and let those experts there get inside and clean you up.
Preparation Guide for use before posting a HijackThis Log
Post that Log in this forum HijackThis Logs and Analysis, by clicking New Topic..

Once you posted the log DO NOT make any changes to your PC as it will void that log. Also as they are a busy bunch of Volunteers do not post to your log. If you have further questions post them here. In the event you do not get a rsponse to you log go here. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:08 AM

Posted 02 March 2007 - 05:00 AM

Smitfraudfix is not a virus or malware. It is a tool to detect and remove smitfraud infections. However, certain files that are part of the smitfraudfix tool, such as process.exe, restart.exe and reboot.exe, are detected by some anti-malware programs as a "RiskTool", "Hacking tool, or "Potentially unwanted tool". For example, process.exe is a program used to stop system processes. See Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP. Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.

Edited by quietman7, 02 March 2007 - 05:02 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users