Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Confused


  • Please log in to reply
6 replies to this topic

#1 Kjerty

Kjerty

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 04 May 2007 - 10:43 PM

To be honest, I'm still not sure what's going on at the moment. I was unfortunate (and probably stupid :thumbsup: )enough to have received a virus/infection of some sort recently. What happened was I was trying to dl a video, but in order to watch it apparently I had to download a codex first. I thought to myself, "ok, I'm probably just behind in all the new developments, I should probably get this." BIG mistake as it turns out, as soon as I did, my windows closed and what do you know, things started getting wacky. Things popped up on my screen: 2 shortcuts on the side that were some form of "online virus help" (don't remember the exact names), and in the menu bar a message popped up that said "System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."

After much, careful consideration (aka, panic attack) I immediately started Norton Antivirus and Ad-Aware SE Personal scans. Norton caught one virus, which I was prompted to manually delete, but future scans indicated nothing else. Ad-Aware also indicated nothing. However, my screen still had the the message/shortcuts on it. I'm not a computer genious, but I'm smart enough to know that when things pop up on your screen that you didn't choose to, it means bad things =/. So I did the next, carefully considered act (more panic attack). I went to My Computer, did a search for everything created today, and deleted what I could. After I'd done so, the shortcuts on the side disappeared, but the pop up message persisted. Not really knowing what else to do, I started my computer up in safemode. From there, I tried to delete things again, and I'm pretty sure I got some sort of media file that time. However, the message was still there. So I went to a different computer and did a google search of the message (which is how I ended up here btw ;) ) and got results for something called SpyDawn. I went through all the steps of first the automated, then the manual removal. However, once I rebooted in safemode, I couldn't access SmitFraudFix (error message says windows can't find what program created it, so it can't read it). Also, when I tried the manual fix, I couldn't find any of the 3 files mentioned.

Thinking I had the wrong virus, I checked out Spylocked. Again, I couldn't access SmitFraudFix in safemode so I again tried the manual removal. This time, I found only one file that matched, dxovx.dll. I renamed it to dxovx.dll.bad as instructed, and it seemed when I did that the icon on the menu bar for the message kind of blanked out, and later after I restarted, it disappeared altogether. So far so good, it seemed. Yet as I moved on, I couldn't find anything called Spylocked under the add/remove programs list. So here I am, unable to find anything to uninstall and unable to get SmitFraudFix to work in safemode.

What I did find under the add/remove programs list, is something called "eMedia Codex 4.0" which I've read to be malicious spyware as well. I tried to delete that too, just with the add/remove feature, but when I did, it said that there was an error, and it may have already been uninstalled. I'm thinking that this is what I originally downloaded, and perhaps it was the media file that I had deleted my first time in safe mode. I also only clicked "permit once" in the norton prompt so maybe it wasn't able to reconnect to download more or fix itself. I turned the computer off and left for a while, and now that I'm back everything seems normal. However, I can't shake the feeling that I've missed something, it's going to comeback, it's watching me changing clothes, etc.

Sorry for the wall of text, but I thought it would be best if you knew exactly what happened, since, after reading through these forums, what I did seemed fairly unorthodox. If anyone can make sense of any of this and offer some advice, it'd be much appreciated. I'm tempted to try and run SmitFraudFix out of safemode just in case, but I really don't want to hurt my computer beyond repair. In any event, thanks for taking the time to read this, and I hope you can help :flowers:

Edit: I am using Windows XP and Internet Explorer if that helps at all.

Edited by Kjerty, 04 May 2007 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:12:31 PM

Posted 05 May 2007 - 02:03 AM

* Download: RemoveVideoActiveXObject.exe to your desktop.
Doubleclick RemoveVideoActiveXObject.exe to start the tool.
Most probably an uninstaller will open. Don't close it, but let it proceed with uninstalling.

Reboot your computer afterwards.
After reboot, doubleclick RemoveVideoActiveXObject.exe once again. Important!
Post the log C:\RVAXO-results.log in your next reply.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 AM

Posted 05 May 2007 - 06:36 AM

After rebooting into safe mode, when you are at the logon prompt, make sure you log in as the same user account which you used to download the file. If not, you may not be able to find the file on your desktop. If your still having problems run smitfraud fix in normal mode. When using the manul fix, all the bad files that are listed may not be present on your system. They are all listed so that you can search for each one of them in case they are.

If that does not help, then download RogueRemover and save to you Desktop. (This program is for Win XP, 2000, NT only)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover. During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program.
  • Select "Scan" and the program will walk you through the remaining steps.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Kjerty

Kjerty
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 05 May 2007 - 10:00 AM

Thanks for the replies guys, I went ahead and did as fozzie said, here's the log:

----------------RemoveVideoActiveXObject.exe first run-------------

Files found:


Uninstallers Rogue scanners:


Folders Found:


--------------RemoveVideoActiveXObject.exe last run---------------

Files found:


Uninstallers Rogue scanners:


Folders Found:


Is this a good sign? :thumbsup:

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 AM

Posted 07 May 2007 - 11:31 AM

According to the log, nothing was found. Are you still having problems? If so follow the directions I provided and post back if you continue to have issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Kjerty

Kjerty
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 11 May 2007 - 04:46 PM

Nope, there haven't seemed to be too many more problems recently. I went ahead and ran SmitFraudFix anyway (you were right btw, wrong account :flowers: ) and it cleared up the rest of the eMedia files. Ran some scans as well, Panda, Norton, etc, and none showed any more viruses. :thumbsup:

Thanks for the help guys, I appreciate it!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 AM

Posted 11 May 2007 - 05:44 PM

If your sure everything's fine now, you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system if you use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users