Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Virus detected every 30 secs!


  • This topic is locked This topic is locked
21 replies to this topic

#1 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 11:07 AM

I dled,something... and bam I see desktop icons of porn etc... I deleted all of it ran an avg scan, ran a malwarebyte (currently scanning) but for some odd reason avg cannot remove the virus it detects, "file was not specified or found" "cannot remove this file" etc... and a virus detection occurs every minute or so in a different file I need some help quick !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:55 AM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Anthony\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\8223948.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://join.123cashs...jYuMC4wLjAuMC4w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070613
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Anthony\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKUS\S-1-5-21-4016265716-1404377972-3314742646-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Hieu')
O4 - HKUS\S-1-5-21-4016265716-1404377972-3314742646-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Hieu')
O4 - HKUS\S-1-5-21-4016265716-1404377972-3314742646-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Hieu')
O4 - HKUS\S-1-5-21-4016265716-1404377972-3314742646-1008\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Lucy')
O4 - HKUS\S-1-5-21-4016265716-1404377972-3314742646-1008\..\Run: [cdloader] "C:\Documents and Settings\Lucy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User 'Lucy')
O4 - S-1-5-21-4016265716-1404377972-3314742646-1008 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lucy')
O4 - S-1-5-21-4016265716-1404377972-3314742646-1008 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Lucy')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdnet.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14122 bytes

Edited by CrucifieD, 08 November 2009 - 12:41 PM.

    Advertisements

Register to Remove


#2 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 12:16 PM

Sorry but I need some help really fast, avg resident shield keeps showing a win32 virut, infecting files like every 30 secs, and I can't remove/heal it, somebody help please. My startup got changed, instead of selecting the profiles for windows xp.... I have to type in my username and password.

Edited by CrucifieD, 08 November 2009 - 12:17 PM.


#3 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 01:16 PM

HI CrucifieD,

If it is virut the only cure is a reformat. Let's see if we can comfirm this.

We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path, one at a time if more than file is listed, into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\userinit.exe
    c:\windows\system32\svchost.exe
    c:\windows\explorer.exe
    c:\windows\system32\ctfmon.exe
    c:\windows\system32\spoolsv.exe

  • Click on the Upload button
  • Please ensure the scan is complete and the results saved before submitting the next.
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#4 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 02:20 PM

Hey, here are the links of each scan. Also, I'd like to know if a system restore or a avg virut remover would work. And for some odd reason, I can't connect to avg site, avast, kapserky, just about every anti malware site.

http://www.virscan.o...08a3255acc.html
http://www.virscan.o...70bf27b31b.html
http://www.virscan.o...9f8109e02c.html
http://www.virscan.o...3100c0247f.html
http://www.virscan.o...187faa78d6.html

Edited by CrucifieD, 08 November 2009 - 02:22 PM.


#5 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 02:49 PM

Hi Crucified,

Also, I'd like to know if a system restore or a avg virut remover would work.

No System Restore will not fix this. Usually the executable for the tools becomes infected a short time after they are installed and ran.

avg resident shield keeps showing a win32 virut, infecting files like every 30 secs,

It is a file infector that will keep infecting files untill the computer is completely unusable. It has all ready infected some of your core windows files and the ones AVG has reported to you.

And for some odd reason, I can't connect to avg site, avast, kapserky, just about every anti malware site.

Typical symptom.

This infection can and will infect all the machine's executable files .exe, .scr plus .html and .htm. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Recent variants also modify asp and php files.

More information can be found here and here and
here.

A Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .hlm, .html files.
  • Backup all your documents and important items only.
    data/documents/pictures/movies/songs/etc..
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE

A CD would be best, but a blank USB device will work only as a last resort. Make sure there aren't any executable on it., and don not attach it to any clean computer.

If you are going to use a USB device, I suggest you use a freshly formated one. After formatting it, use FDD on it before attaching it to the infected computer.

Be further advised that these infections may have backdoor capabilities.

I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Feel free to ask any questions, but keep in mind a Reformat is the only way to clean this computer.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#6 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 02:55 PM

Okay, I wasn't really sure on a few things when I read through the guide on reformatting. You told me to back up files etc.. but what about games, software like microsoft office..word..powerpoint etc... and I don't have a cd copy of my OS it came with my computer. Also I'm not an expert but would be an example of .exe files

Edited by CrucifieD, 08 November 2009 - 03:02 PM.


#7 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 03:36 PM

I just got a very suspicious friend request on skype...

[1:34:20 PM] Update Info: ****************************************
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

[urlurl]

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

[url=url]

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 03:58 PM

Hi

I would say that that is a bogus message. Clicking the link will probably download more malware. I'm going to remove the links from your post so no lookyloo will accidently click on them.

Executable files are files that will run when excuted or double clicked on.

They are used to start the program. The part after the file name is the extention so any file ending with
.exe, .scr .html and .htm. would be an executable file.

Do not backup anything with an executable file. .exe, .scr plus .html and .htm. Word documents .doc are ok as is jpg and music files. Programs have executable files, so they are probably all ready infected.


and I don't have a cd copy of my OS it came with my computer.

What brand is your computer, perhaps it came with a restore partition that will do the same thing.

Let me know.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 06:10 PM

Hi

I would say that that is a bogus message. Clicking the link will probably download more malware. I'm going to remove the links from your post so no lookyloo will accidently click on them.

Executable files are files that will run when excuted or double clicked on.

They are used to start the program. The part after the file name is the extention so any file ending with
.exe, .scr .html and .htm. would be an executable file.

Do not backup anything with an executable file. .exe, .scr plus .html and .htm. Word documents .doc are ok as is jpg and music files. Programs have executable files, so they are probably all ready infected.


and I don't have a cd copy of my OS it came with my computer.

What brand is your computer, perhaps it came with a restore partition that will do the same thing.

Let me know.

I got a dell dimension e520, also how long does it take to reformat

Edited by CrucifieD, 08 November 2009 - 06:11 PM.


#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 06:57 PM

What is your operating system? Vista or xp? As for how long, that would depend on the operating system. 1-2 hours maybe? Do you have a manual for this computer?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 07:02 PM

I have windows xp, and no I don't have a manual

#12 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 10:07 PM

I don't know how to get into the windows set up for the reformatting, if anyone can explain how, it'd be appreciated.

Edited by CrucifieD, 08 November 2009 - 10:07 PM.


#13 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 10:25 PM

Hi, With that machine it should be Hit the ctrl key and the F11 key at the same time as soon as you see the Dell logo at start up. This should bring up the recovery screen. Keep in mind once started you can't back out. Your hard drive will be wiped clean and you should be back to where the computer was when it was new.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#14 CrucifieD

CrucifieD

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 08 November 2009 - 10:28 PM

Okay thanks for the help, I'm going to do this now and let you know tomorrow.

#15 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 10:33 PM

Ok

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users