Jump to content


Yo! You're not logged in. Why am I seeing this ad?

Photo

Spyware 201


  • Please log in to reply
314 replies to this topic

#251 Barbara

  • 3128 posts

Posted 25 October 2010 - 07:37 PM

I spent 30 minutes reading this thread last night. Lots of good stuff.

Someone advised not to use a USB flash drive on a potentially infected computer as the flash drive could become infected and yadda yadda yadda. Well I have done that. As advised, I am going to load Malwarebytes, Avast, a new version of Mozilla, etc on a CD and load from there.

Is there a way to make sure my flash drive is not infected? I can use the possibly infected computer to delete everything on it if that would work.

#252 InsideTheParker


  • SoSH Member


  • 10451 posts

Posted 29 October 2010 - 11:04 AM

This morning my desktop wouldn't load and I therefore had no access to anything. The Dell tech speculated that I had gotten a virus masquerading as a Microsoft Update as I turned off my computer last night. He took remote control of the computer in safe networking mode and  moved the system back to 10/25 and it was fixed, He warned that it could recur, but that Microsoft must be working on a fix for this problem. I asked him if I should just disable Microsoft Update as an automatic feature, but he said that wouldn't help, since the virus would just line up with all the other updates and I wouldn't be able to recognize it whenever I decided to download the updates, which I ought to do. While this was going on, the McAfee shield came up and said I wasn't protected. I clicked on their updates and eventually it started coming up "Your system is secure."  So, how can I avoid this in future? And if it's unavoidable, how can I learn to do for myself whatever the techie was doing remotely (he did it so fast I couldn't learn anything)? He implied that it was really a software problem and he was doing it for me as a special favor which I mightn't get in future.

This may be the completely wrong thread for this query, but I am too stupid to know where it ought to go.



#253 kneemoe

  • 1917 posts

Posted 29 October 2010 - 11:23 AM

I spent 30 minutes reading this thread last night. Lots of good stuff.

Someone advised not to use a USB flash drive on a potentially infected computer as the flash drive could become infected and yadda yadda yadda. Well I have done that. As advised, I am going to load Malwarebytes, Avast, a new version of Mozilla, etc on a CD and load from there.

Is there a way to make sure my flash drive is not infected? I can use the possibly infected computer to delete everything on it if that would work.


There's no way to be sure anything is 100% infection free no matter how many different scans you do, wiping is the only guarantee. That said, unless the machine you connected it too had something really sneaky I would just scan it with an updated copy of malwarebytes and maybe double check it with something else like hitman pro if you want to be extra safe.

#254 kneemoe

  • 1917 posts

Posted 29 October 2010 - 11:30 AM

This morning my desktop wouldn't load and I therefore had no access to anything. The Dell tech speculated that I had gotten a virus masquerading as a Microsoft Update as I turned off my computer last night. He took remote control of the computer in safe networking mode and  moved the system back to 10/25 and it was fixed, He warned that it could recur, but that Microsoft must be working on a fix for this problem. I asked him if I should just disable Microsoft Update as an automatic feature, but he said that wouldn't help, since the virus would just line up with all the other updates and I wouldn't be able to recognize it whenever I decided to download the updates, which I ought to do. While this was going on, the McAfee shield came up and said I wasn't protected. I clicked on their updates and eventually it started coming up "Your system is secure."  So, how can I avoid this in future? And if it's unavoidable, how can I learn to do for myself whatever the techie was doing remotely (he did it so fast I couldn't learn anything)? He implied that it was really a software problem and he was doing it for me as a special favor which I mightn't get in future.

This may be the completely wrong thread for this query, but I am too stupid to know where it ought to go.


Its possible you downloaded an update that didn't agree with your system. Its also possible you were infected with a virus. Its very doubtful you installed a windows update that was a virus via something like a man-in-the-middle attack, so unless you went to some weird site and downloaded a file which claimed to be a windows update I'm not really buying what the Dell tech said (he may have just been taking the easy way out, saying whatever sounded sensible to make his life easier, it happens more than you think)

If you feel safer disabling the automatic update (I do) go for it, and then just go to http://www.update.microsoft.com/ every now and again.

As for what he did - I'd bet he just used the system restore. go to "Start"-> programs-> accessories -> system tools and click system restore and see if that looks familiar.

#255 Burt Reynoldz

  • 1859 posts

Posted 14 December 2010 - 03:54 PM

I've been dealing with an odd, pain in the ass pop-up/virus problem over the past few days. I get these IE pop-up ads (which is weird, since I only use Firefox) for different/random ads and sites, the most common of which is something called Epic Video Arcade. I've run AdAware, Spybot S&D, and Malwarebytes multiples times each, along with CW Shredder. AdAware and Spybot will pick up a small handful of cookies they deem dangerous, and remove them, but nothing else. The weird thing is that I'll get these pop-ups in spurts; for instance, when I first got on my computer this morning, I got a series of 3-5 of them, then nothing all day. In the last 20 minutes, I've probably had another 6.

I'm going to try Hitman Pro now, and see what happens. Outside of that, anyone have any idea? This shit is baffling me.

#256 InstantKarmma


  • Defender of Roadrunners


  • 5727 posts

Posted 18 December 2010 - 08:08 PM

I've been dealing with an odd, pain in the ass pop-up/virus problem over the past few days. I get these IE pop-up ads (which is weird, since I only use Firefox) for different/random ads and sites, the most common of which is something called Epic Video Arcade. I've run AdAware, Spybot S&D, and Malwarebytes multiples times each, along with CW Shredder. AdAware and Spybot will pick up a small handful of cookies they deem dangerous, and remove them, but nothing else. The weird thing is that I'll get these pop-ups in spurts; for instance, when I first got on my computer this morning, I got a series of 3-5 of them, then nothing all day. In the last 20 minutes, I've probably had another 6.

I'm going to try Hitman Pro now, and see what happens. Outside of that, anyone have any idea? This shit is baffling me.

Download HijackThis from CNET: http://download.cnet...4-10227353.html

Run it, post the log here and I'll take a look at it.

#257 Oil Can Dan

  • 4862 posts

Posted 24 December 2010 - 02:45 PM

So my bank called me to tell me that they are 100% certain that a known online thief has logged in to my bank account, so they temporarily disabled my account. I read this thread, installed MalwareBytes and AVG, and via a scan it found some things like "Hijack.ControlPanelStyle", "Backdoor.generic.13YXN" and "dropper.generic2.CKPW". I removed these via MalwareBytes and AVG, and now I want to go change all my passwords, etc. Am I good to do that now, or is there more I should do? It really freaks me out to know that someone, somewhere most likely has my passwords to all my accounts, etc. I have no idea how this could have happened as I don't surf shady sites on this computer, etc etc. I use mint.com and an ipad/iphone - maybe it's one of those things instead of this laptop? Or could it have happened had I logged in via a public wifi network (which I generally don't do, but perhaps I did inadvertently?).

* I did a little googling around on 'Hijack.ControlPanelStyle' and the other found virus's and I don't really know what to make of them. It seems they're less of a trojan horse type threat than I initially thought. Seems it may be something that a work administrator installed to prevent me from viewing certain things in my control panel, and/or just files associated with MalwareBytes or something.

I am very confused.

Edited by Oil Can Dan, 24 December 2010 - 05:13 PM.


#258 mabrowndog


  • Ask me about total zone...or paint


  • 37255 posts

Posted 15 March 2011 - 09:15 PM

Just got a new Lenovo x120e notebook which I'm in the process of setting up. The OS is Win 7 pro 64. It came with Norton, but there's no way I'm subscribing to any updates beyond the trial period.

So I'm checking in to see what other (free) stuff I should install. Are HijackThis, Malwarebytes, and Windows Security Essentials still the gold standards? Anything else I should be considering?

Thanks in advance.

#259 j44thor

  • 4026 posts

Posted 16 March 2011 - 04:20 PM

Just got a new Lenovo x120e notebook which I'm in the process of setting up. The OS is Win 7 pro 64. It came with Norton, but there's no way I'm subscribing to any updates beyond the trial period.

So I'm checking in to see what other (free) stuff I should install. Are HijackThis, Malwarebytes, and Windows Security Essentials still the gold standards? Anything else I should be considering?

Thanks in advance.


Spybot Search & Destroy is one of my go to apps. Provides some decent registry protection and the browser immunization is good as well.

#260 weeba

  • 1337 posts

Posted 18 March 2011 - 09:08 AM

I just learned that Spybot treats vistaprint.com as a malware site when doing an immunization and puts it in the hostfile as a redirect to localhost.

Just something to keep in mind / repair if you use that site for anything.

#261 DukeSox


  • Rick Derris


  • 8163 posts

Posted 07 May 2011 - 07:40 PM

nm

Edited by DukeSox, 01 June 2011 - 06:50 PM.


#262 DukeSox


  • Rick Derris


  • 8163 posts

Posted 17 May 2011 - 06:36 PM

it appears Chrome was the problem. I uninstalled and have had no problmes.

#263 savage362

  • 1015 posts

Posted 11 June 2011 - 07:48 PM

Parents computer has been real slow lately. Avast was showing in the taskbar as being unsecure, but when the program was opened it said it was secure.

I attempted to run the disk defragmenter and got a message saying "Disk Defragmenter has detected that Chkdsk is scheduled to run on the volume: (C:). Run Chkdsk /f." I checked the scheduled tasks and this is not scheduled.

Ran malwarebytes and found 21 infections including trojan.vundo. I removed all and ran HiJackThis but stuff still doesn't seem right. I'm assuming it's not entirely gone or there's something else that's being missed. Here's the log file. Any help?

"020 Winlogon Notify" seems suspicious to me.

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:30 PM, on 6/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gary\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {907FB1A9-3EF2-45E8-910F-DB150D9B40D4} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
O4 - HKLM\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Cyv] C:\WINDOWS\?ymbols\w?crtupd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.comcast.com
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://www.target.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://www.webkinz.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5213/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: rqronop - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 10394 bytes



#264 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 11 June 2011 - 08:19 PM

You can try further cleaning with Vundo Fix and/or VirtumundoBegone. See HERE.

#265 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 12 June 2011 - 01:37 PM

So. . . anyone dealt with XP Antivirus 2102 yet?

This looks to be some really nasty shit. It's disabled Malwarebytes and taken over my browsers so I can't download anything.

I'm guessing that my best bet is to load Malwarebytes and Firefox on a CD from another computer, restart the infected computer in safe mode, reinstall Malwarebytes and Firefox, and go from there?

#266 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 12 June 2011 - 01:57 PM

You can try renaming the main Malwarebytes executable from mbam.exe to mbam.bat to see if it will run.

Otherwise, removal instructions HERE.

#267 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 12 June 2011 - 06:49 PM

Renaming the .exe worked. I was able to run Malwarebytes and it fixed the problem. Thanks.

#268 aksoxfan

  • 2178 posts

Posted 15 June 2011 - 11:33 AM

Some how I picked up the latest variant "malware Detector" whle on SOSH Gamethread and MLB Gameday yesterday. Very wierd that it would come from one of these sites.

#269 kneemoe

  • 1917 posts

Posted 15 June 2011 - 12:26 PM

FYI - it doesn't come from friendly sites, it gets in through the ad servers.

#270 HomeBrew1901


  • Has Season 1 of "Manimal" on Blu Ray


  • 8293 posts

Posted 15 June 2011 - 07:18 PM

What THE fuck is going on with my computer??? We have an HP and have 4 log ons for each of us, everyone elses works great but mine keeps coming up with a virus scan for Vista 6 on Firefox. It doesn't happen for anyone elses side. Help...

#271 amh03


  • Tippi Hedren


  • 4359 posts

Posted 19 June 2011 - 09:28 PM

I was infected with the XP antivirus 2012 last week too...what a pain in the ass!

#272 SemperFidelisSox


  • suzyn


  • 10118 posts

Posted 11 August 2011 - 04:11 PM

Does anyone know where I can download a safe Key Logger for my computer that will not be detected by spyware protection?

#273 DannyHeep


  • well trained post artisan


  • 17253 posts

Posted 16 September 2011 - 06:45 PM

QUOTE (Jnai @ Jul 10 2010, 09:55 AM) I have an odd google redirect that seems to happen once in a while, usually to sites like bargainmatch.com.

MalwareBytes is not picking up anything.

Any suggestions for the next step?

I had this problem at work. IT managed to clear the initial infection, but as soon as I rebooted IE and clicked on any links as a result of a google search, I was redirected to similar sites. Like you, Malwarebytes (or SpyBot S&D, for that matter) didn't pick up anything on my machine.

I did a little research and ended up downloading Hitman Pro and ran a scan during the day. Haven't had a problem since.

Hitman Pro Download (via CNET)


I just developed the same problem with google redirecting me to ad sites. I'm running this as I type. Looks like I have a shitload of errors according to this program.

Does anyone know why the google shit happens? Can I just fix all of these errors?

#274 DannyHeep


  • well trained post artisan


  • 17253 posts

Posted 16 September 2011 - 07:04 PM

I just developed the same problem with google redirecting me to ad sites. I'm running this as I type. Looks like I have a shitload of errors according to this program.

Does anyone know why the google shit happens? Can I just fix all of these errors?


Shit I have to pay for this? Bummer...

My bad, I had the wrong software. Hitman fixed it. Thanks!

Edited by DannyHeep, 17 September 2011 - 11:00 AM.


#275 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 24 September 2011 - 10:57 AM

I appear to have gotten some nasty trojans from SoSH last night (I guess it's the ads?) Among other things, it set me up to connect through a proxy server.

I ran Spybot and Hitman and both of them found and deleted stuff. But when I'm trying to run Malwarebytes, it tells me that I don't have the necessary permissions. It won't let me rename the .exe either. I've tried uninstalling/reinstalling, no success.

Am I fucked? What more can I do?

Thanks.

#276 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 24 September 2011 - 11:23 AM

If you can browse to the site, you can try the online scan at www.eset.com

#277 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 24 September 2011 - 08:14 PM

If you can browse to the site, you can try the online scan at www.eset.com


Thanks. I tried that, and it found and killed 5 objects (3 worms and 2 trojans).

I can now browse and use my computer somewhat normally, but it is still a little slow, AND it will not let me run either Microsoft Security Essentials or Malwarebytes - in both cases it says I don't have the correct permissions, which has never been a problem for me before.

So I think I still have something. I've already run Spybot, Hitman, and eset.com, and can't do Malwarebytes or MSE. Anything else I can try?

#278 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 24 September 2011 - 09:12 PM

I'd go with the 30-day trial full version (free) of Kasperky:

http://usa.kaspersky...ials/anti-virus

#279 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 24 September 2011 - 09:37 PM

I'd go with the 30-day trial full version (free) of Kasperky:

http://usa.kaspersky...ials/anti-virus


I installed it, but it won't start.

I think I'm fucked.

Edit: just navigated in Windows Explorer to try to start the .exe manually, and again, it told me I didn't have permission. Something is preventing me from starting any kind of antivirus software because I don't have permission (I am able to start other programs fine).

Edited by OilCanShotTupac, 24 September 2011 - 09:40 PM.


#280 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 24 September 2011 - 10:53 PM

I installed it, but it won't start.

I think I'm fucked.

Edit: just navigated in Windows Explorer to try to start the .exe manually, and again, it told me I didn't have permission. Something is preventing me from starting any kind of antivirus software because I don't have permission (I am able to start other programs fine).



Looks like you'll need ComboFix.

You can try using it solo, or follow instructions from one of the folks at bleepingcomputer.com

#281 OilCanShotTupac


  • Not Clowning Around


  • 8270 posts

Posted 26 September 2011 - 07:40 PM

I ran ComboFix. That's some serious shit.

It *looks like* I'm OK.

Thanks, Harry. I owe you a beer or three.

#282 LoweTek

  • 758 posts

Posted 19 December 2011 - 06:05 PM

Has anyone purchased the Pro version of Malwarebytes and run it regularly? Is it worth it?

I have spent time in the last couple of days cleaning the "Windows Recovery" malware from a friends Vista SP2 machine. Malwarebytes seems to have cleared most of it.

This thing was nasty - blocked Malwarebytes, blocked rkill, hid all kinds of files, etc. I got a clean Malwarebytes run (39 hours) which caught and cleaned 9 various issues.

They are running Windows Defender and Iolo System Shield (which detected and killed part of it but not all).

I'm still short one windows update which keeps reverting supposedly due to "interference." Windows update will not start in Safe Mode.

MSFT suggests running SFC (System File Checker) because it's also still getting the occasional "Explorer.exe has failed" error, which is fun too as it gives you a cursor and a blank screen after startup and login. Rstarting seems to give back a normal desktop. I am concerned the explorer.exe error is in fact some kind of reinfection occurring.

Any thoughts on any of the above, next steps or other suggestions?

#283 IpswichSox

  • 1780 posts

Posted 29 December 2011 - 01:23 PM

So. . . anyone dealt with XP Antivirus 2102 yet?

This looks to be some really nasty shit. It's disabled Malwarebytes and taken over my browsers so I can't download anything.

I'm guessing that my best bet is to load Malwarebytes and Firefox on a CD from another computer, restart the infected computer in safe mode, reinstall Malwarebytes and Firefox, and go from there?

The family computer got hit with this today -- and then I remembered seeing it referenced in this thread with a link to bleepingcomputer.com's removal instructions. I followed the instructions; downloaded FixNCR.reg and Rkill; was then able to run Malwarebytes, which found five files; then tried running MSE but it had been disabled and it wouldn't let me re-enable, so had to uninstall and then reinstall MSE, which ran a full scan and came back clean. Scanning with Malwarebytes again now.

#284 bosoxsue

  • 983 posts

Posted 21 April 2012 - 05:23 PM

I was going to go to this site to see if my computer is affected. But then the conspiracy theorist commenters made me nervous. Has anyone else tried out the FBI link contained in this story?

http://www.usatoday....-pcs/54446044/1

Edited by bosoxsue, 21 April 2012 - 05:24 PM.


#285 jose melendez


  • Earl of Acie


  • 12647 posts

Posted 21 April 2012 - 09:23 PM

According to the FBI site, it seems legit

For stories like that, I recommend going directly, not via link, to the original site.

#286 Chico Walker and the Man

  • 1156 posts

Posted 11 July 2012 - 03:19 PM

I have a trojan on my computer (Trojan horse Patched_c.LYU) which AVG Free is detecting but can not delete. Malware Bytes doesn't see it. I looked for the registry keys typically associated with this file to delete them, but none of the files names on various webpages are in my registry.

Is there a trojan removal program that people would recommend? Or, an updated list of registry files I might look for to delete?

#287 Harry Hooper


  • SoSH Member


  • 13797 posts

Posted 11 July 2012 - 04:28 PM

You can try the free Rootkit Buster tool from Trend Micro:

http://free.antiviru...ster/index.html

or eset's rogue application remover tool:

http://kb.eset.com/e...ent&id=SOLN2372

Edited by Harry Hooper, 11 July 2012 - 04:44 PM.


#288 cgori

  • 1451 posts

Posted 12 January 2013 - 04:59 PM

Everyone should force-update to Java7 Update10, then use the control panel security tab to disable Java, for the moment: http://www.csmonitor...-vulnerability. -- there are some nasty vulnerabilities out there in Java (again).

EDIT: fix broken link

Edited by cgori, 12 January 2013 - 05:00 PM.


#289 InstantKarmma


  • Defender of Roadrunners


  • 5727 posts

Posted 14 January 2013 - 08:07 AM

Oracle has released a patch.

Download it here.

#290 kneemoe

  • 1917 posts

Posted 14 January 2013 - 01:25 PM

Remember folks, its Java. Sit back and have a cup, you'll be waiting a while if you expect it to be secure.

http://www.networkwo...ake-2-years-fix

#291 OttoC


  • SoSH Member


  • 7225 posts

Posted 14 January 2013 - 03:00 PM

You should also be certain that you have removed all previous version of Java from your system. Oracle doesn't/didn't bother to do that.

#292 Koufax

  • 1884 posts

Posted 16 January 2013 - 12:02 PM

I recently purchased a new computer with Windows 8. As far as I can tell, Java has never been installed on it (at least there is no trace of it when I fiddle with the browser options in Explorer). But I am not sure how to really know that, because the old familar control panel is either missing or hard to find on Windows 8. Any recommendations on how to deterimine if I have JAVA and how to uninstall it?

#293 SoxFanInCali


  • has the rich, deep voice of a god and the penis of a scouse


  • 6094 posts

Posted 17 January 2013 - 02:42 AM

Go to java.com and click on the "Do I Have Java?" link.

#294 Koufax

  • 1884 posts

Posted 17 January 2013 - 09:04 PM

Well that was easy. I have no JAVA. Thanks!

#295 mabrowndog


  • Ask me about total zone...or paint


  • 37255 posts

Posted 09 April 2013 - 05:22 PM

I ran across some articles on CNET dating back to Thanksgiving that indicate MSE now sucks ass:

 

Security Essentials fails latest AV-Test

Microsoft bombs another security test

Microsoft challenges poor grade for Security Essentials

 

What led me to the above was yesterday's article touting the built-in anti-virus functions of Windows 8. It mentions that adding third-party anti-virus will boost security even further. Specifically:

 

Several suites tested notably well. Bitdefender Internet Security 2013 (review) topped the paid suites, with a score of 17 out of 18. BullGuard Internet Security 13.0 and Kaspersky Internet Security 2013 (review) scored 16.5 and 16.0, respectively. Both of their weaknesses came during January's testing of zero-day threats but had corrected those misses in February.
 
On the free suite side, the best-performing software were AVG AntiVirus Free 2013 (review) with 15.5, and Avast Free Antivirus 7 (review) at 15.0. Avast's major-point upgrade to version 8 wasn't released until late February.

 

I currently run Windows 7 and have no plans (or apparent need) to upgrade to Win8. I also have MSE installed and run a scheduled full scan every Sunday at 2 AM. With previous versions of Windows, I've run both AVG and Avast. I've never paid for a security suite, and every time I've had a full-blown suite pre-installed on a new PC or laptop (Norton, McAfee, etc.) they've caused major issues in terms of interruptions, unwanted integration and bloated use of system resources. So I always just uninstalled them and went with one of the freebies while also running other utilities (malwarebytes, firewall, spyware, etc.)

 

So I'm hoping to get some thoughts on whether Microsoft has adequately addressed the reported deficiencies, or whether I should be ditching it for either AVG or Avast. Thanks in advance.


Edited by mabrowndog, 09 April 2013 - 05:23 PM.


#296 SoxJox

  • 1006 posts

Posted 26 April 2013 - 07:30 AM

Anyone have experiencing with the free version of BitDefender 13.  Does it suffice, or is it worth purchasing the "full" version (anywhere from $39-60)?



#297 Boston Brawler

  • 4487 posts

Posted 23 November 2013 - 05:34 PM

I ran Super Anti Spyware just now and it flagged this as a possible Trojan.

 

(x86) HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121

 

Anyone know what this is, or have a suggestion on what to do?

 

Edit: Spelling


Edited by Boston Brawler, 23 November 2013 - 05:34 PM.


#298 kneemoe

  • 1917 posts

Posted 23 November 2013 - 06:42 PM

you'll probably have to say/lookup what that entry actually shows in regedit, maybe its calling an executable or a dll?  Then you look at that file to see if it should be run automatically, if you know it shouldn't you simply delete the entry in regedit (or use your malware detector which should let you quarantine it or something similar)



#299 glasspusher

  • 1241 posts

Posted 24 November 2013 - 12:21 AM

Wow, all the stuff I miss using Macs and Linux. Thanks for taking it all for us, windows users!

 

BTW, yes, we still have watch out for phishing.



#300 Bleedred

  • 4006 posts

Posted 14 March 2014 - 07:35 AM

I have a new Lenovo T440s (purchased a month ago).  My Norton Anti-virus runs out tomorrow.   I have historically only purchased one anti-virus product, as I do nothing exotic with my machine.  What do you all recommend (link if possible) to provide basic protection?

 

Thanks






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users