MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Another virus
November 18, 2019, 07:42:43 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 18, 2019, 07:42:43 PM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Another virus  (Read 3340 times)
Train
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 13


Bookmark and Share

View Profile
« on: December 29, 2009, 04:56:36 AM »

Get a variety of security allerts on screen, in the lower menu bar etc.  Can't get on the net using explorer at all, just get some fake antivirus add. Can use firefox but eventually all the popups block it out. In safe mode with networking,  Explorer won't load but firefox runs okay. Explorer is what I generally use on a daily basis.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: December 29, 2009, 09:16:27 PM »



Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe




Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.

Logged

An Australian Member of

EDDY
Train
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 13


Bookmark and Share

View Profile
« Reply #2 on: December 30, 2009, 03:40:04 AM »

Here is the MBAM log. I am still running in safe mode with networking. Is that correct.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

12/29/2009 8:27:39 PM
mbam-log-2009-12-29 (20-27-39).txt

Scan type: Quick Scan
Objects scanned: 124596
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\temdhmsq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\temdhmsq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\personal\Local Settings\Application Data\xdypgt\kgjpsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\libimg.dll (Spyware.NetVizor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: December 30, 2009, 03:55:00 AM »

You can run in normal mode...

You will need to download ComboFix.exe. Download Combofix from  this link only.



http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! * IMPORTANT !!! Place Combofix on your Desktop




Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise

interfere with our tools. More help on your specific AV here: http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combofix.exe  & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when

prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's

malware removal procedures.






Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.


Caution.....
Never use this program to remove files.Only use it with  help from an experienced security adviser.Wrongful use can

damage your computer.

Logged

An Australian Member of

EDDY
Train
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 13


Bookmark and Share

View Profile
« Reply #4 on: January 04, 2010, 06:34:41 PM »

Okay, here's what's been going on. I ran combofix but when I tried to post my log I couldn't connect to this site any longer. I tried bleeping computer and someone there tried to first find out why  I couldn't connect to your site. They came to the conclusion that my router had been hijacked. When I tried to log into my routers server I was locked out of that as well. I have no problem connecting to any other website. The other computer in the house has the same connection problem. So now I'm connected directly to my incoming line bypassing the router completely. I still have the original Combofix log that never got posted. All the popup problems still seem to be gone but I guess there's still a problem somewhere obviously. Where do I go from here?
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: January 04, 2010, 09:26:58 PM »

If the malware has gone then thats fine.You will need to go to one of the other forums to help with you other problem but try this first.

The recent DNS Changer infection tactics,which you have/had, includes attacking routers which still have out of the box user name/password combinations, and taking over the router's DNS settings.
 As your machine is still being redirected and getting popups, remove any machines you have on a network and then perform a hard reset of the router, changing it's user name and password to something only you would know. If you need help, check with your ISP, in case there are custom settings you need to maintain.

========================================

Use the following instructions to remove Trojan DNSChanger
1. Disable trojan drivers

a) Using Device Manager

Right click the My computer icon. If you are using the non classic Start menu, then right click My computer icon on your Start button menu.
Click Properties.
Click Hardware Tab.
Click Device Manager.
In the top menu, click View and click Show Hidden Drivers.
Scroll down to non Plug and Play drivers.
Click + at left.
In the list of drivers right click TDSSserv.sys or TDSSxyz.sys where xyz are random characters, msqpdxserv.sys, gaopdxserv.sys, seneka or seneka.sys.
Click Disable.
Click YES for confirm.
Close all windows and reboot your computer.
Logged

An Australian Member of

EDDY
Train
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 13


Bookmark and Share

View Profile
« Reply #6 on: January 04, 2010, 10:11:17 PM »

None of those names are in the list of drivers.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: January 04, 2010, 10:13:44 PM »

Ok.So I guess you will need help from one of the other forums as I just deal in malware
Logged

An Australian Member of

EDDY
Train
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 13


Bookmark and Share

View Profile
« Reply #8 on: January 04, 2010, 11:46:24 PM »

Okay Pancake. Thank you very much for the help.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: January 05, 2010, 12:28:26 AM »

Your welcome.
Logged

An Australian Member of

EDDY
sararaja124
Jr. Member
**

Karma: +0/-1
Offline Offline

Posts: 19


Bookmark and Share

View Profile
« Reply #10 on: April 29, 2010, 11:31:12 AM »

I think that the Virus & trojans are now in your Windows folder.
Now the entire cimputer is in their control.
Logged

Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 20, 2018, 08:34:19 PM