If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
malware issue - part II
I have a Dell XPS 8500, with Windows 7 Professional, SP1, with Spywareblaster, SuperAntiSpyware, Avast, and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb) with XP, SP3, with Spywareblaster, Avast, and Windows firewall. I contracted malware (Pup.Optional) when trying to download AdwCleaner and selected the big green arrow instead of the small blue print(Bleeping computer). Since I also did this on the 8200 both computers are infected. Initially I couldn't post to this group at all for 3 weeks until I downloaded/installed Mozilla Thunderbird. At present this is the situation on the 8500: I ran a SuperAntiSpyware full system scan and it gave this: http://i61.tinypic.com/15p1thk.png I thought I had deleted both of these previously. I've tried searching for them to delete them but cannot find them. I then continued with the scan which found this: http://i61.tinypic.com/538vgh.png I removed the threats: http://i61.tinypic.com/2qbcaco.png I then ran malwarebytes which gave me this: http://i58.tinypic.com/2n8msya.png http://i58.tinypic.com/200a3h0.png I've tried to create a Kaspersky rescue disk following these instructions: http://i59.tinypic.com/2nsow87.png http://i62.tinypic.com/16249d4.png http://i59.tinypic.com/mwf59x.png http://i60.tinypic.com/2cpe4hk.png http://i61.tinypic.com/35874v9.png http://i62.tinypic.com/30hvfav.png I checked the USB Key and this is what it has on it: Rescue folder liveusb syslinux cfg I opened the Rescue USB folder and this is what it has: Help folder grub rescue rescueusb I ran an AdwCleaner scan and this is what it gave me: http://i59.tinypic.com/dcpgk2.png http://i58.tinypic.com/2cclzdx.png http://i62.tinypic.com/2zqcso7.png At present on the 8200: The icons on the desktop which I setup for single click do not respond and I have to open them by right clicking. I downloaded (8) updates and now every time I logon it says my computer is at risk and the firewall is turned off then it resets itself. I tried downloading/installing SuperAntiSpware and it gave me this: Install Error- Error creating shorcuts, aborting installation. The only thing I did was deselect Google Crome as my default browser and search engine. I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/ by uninstalling it first; after I uninstalled it on the add/remove programs it asked to restart the computer then it gave me this: Run-time error '339': component 'vbalsgrid6.ocx' or one of its dependencies not correctly registed: a file is missing or invalid. After trying to install it gave me this: CoCreateInstance failed, code0x80040154. Class not registered. I click ok and I can see the Creating shortuts URL change each time I click ok (5 times). Then it goes to the finish box. When I try and update Spywareblaster it gives me this: Error: Access violation at 0x73483F5A (tried to read from 0x00000014), program terminated. Last CP is 'RF'. I ran a Avast full system scan which came up clean. I want to remove the Sever Weather Alerts and Great Arcade Hits. Thoughts/suggestions? Robert |
Ads |
#2
|
|||
|
|||
malware issue - part II
wrote in message ... I have a Dell XPS 8500, with Windows 7 Professional, SP1, with Spywareblaster, SuperAntiSpyware, Avast, and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb) with XP, SP3, with Spywareblaster, Avast, and Windows firewall. I contracted malware (Pup.Optional) when trying to download AdwCleaner and selected the big green arrow instead of the small blue print(Bleeping computer). Since I also did this on the 8200 both computers are infected. Initially I couldn't post to this group at all for 3 weeks until I downloaded/installed Mozilla Thunderbird. At present this is the situation on the 8500: I ran a SuperAntiSpyware full system scan and it gave this: http://i61.tinypic.com/15p1thk.png I thought I had deleted both of these previously. I've tried searching for them to delete them but cannot find them. I then continued with the scan which found this: http://i61.tinypic.com/538vgh.png I removed the threats: http://i61.tinypic.com/2qbcaco.png I then ran malwarebytes which gave me this: http://i58.tinypic.com/2n8msya.png http://i58.tinypic.com/200a3h0.png I've tried to create a Kaspersky rescue disk following these instructions: http://i59.tinypic.com/2nsow87.png http://i62.tinypic.com/16249d4.png http://i59.tinypic.com/mwf59x.png http://i60.tinypic.com/2cpe4hk.png http://i61.tinypic.com/35874v9.png http://i62.tinypic.com/30hvfav.png I checked the USB Key and this is what it has on it: Rescue folder liveusb syslinux cfg I opened the Rescue USB folder and this is what it has: Help folder grub rescue rescueusb I ran an AdwCleaner scan and this is what it gave me: http://i59.tinypic.com/dcpgk2.png http://i58.tinypic.com/2cclzdx.png http://i62.tinypic.com/2zqcso7.png At present on the 8200: The icons on the desktop which I setup for single click do not respond and I have to open them by right clicking. I downloaded (8) updates and now every time I logon it says my computer is at risk and the firewall is turned off then it resets itself. I tried downloading/installing SuperAntiSpware and it gave me this: Install Error- Error creating shorcuts, aborting installation. The only thing I did was deselect Google Crome as my default browser and search engine. I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/ by uninstalling it first; after I uninstalled it on the add/remove programs it asked to restart the computer then it gave me this: Run-time error '339': component 'vbalsgrid6.ocx' or one of its dependencies not correctly registed: a file is missing or invalid. After trying to install it gave me this: CoCreateInstance failed, code0x80040154. Class not registered. I click ok and I can see the Creating shortuts URL change each time I click ok (5 times). Then it goes to the finish box. When I try and update Spywareblaster it gives me this: Error: Access violation at 0x73483F5A (tried to read from 0x00000014), program terminated. Last CP is 'RF'. I ran a Avast full system scan which came up clean. I want to remove the Sever Weather Alerts and Great Arcade Hits. Thoughts/suggestions? Robert |
#4
|
|||
|
|||
malware issue - part II
From:
I have a Dell XPS 8500, with Windows 7 Professional, SP1, with Spywareblaster, SuperAntiSpyware, Avast, and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have a Dell Dimension 8200(Seagate Barracuda 7200 HD 160Gb) with XP, SP3, with Spywareblaster, Avast, and Windows firewall. I contracted malware (Pup.Optional) when trying to download AdwCleaner and selected the big green arrow instead of the small blue print(Bleeping computer). Since I also did this on the 8200 both computers are infected. Initially I couldn't post to this group at all for 3 weeks until I downloaded/installed Mozilla Thunderbird. At present this is the situation on the 8500: I ran a SuperAntiSpyware full system scan and it gave this: http://i61.tinypic.com/15p1thk.png I thought I had deleted both of these previously. I've tried searching for them to delete them but cannot find them. I then continued with the scan which found this: http://i61.tinypic.com/538vgh.png I removed the threats: http://i61.tinypic.com/2qbcaco.png I then ran malwarebytes which gave me this: http://i58.tinypic.com/2n8msya.png http://i58.tinypic.com/200a3h0.png I've tried to create a Kaspersky rescue disk following these instructions: http://i59.tinypic.com/2nsow87.png http://i62.tinypic.com/16249d4.png http://i59.tinypic.com/mwf59x.png http://i60.tinypic.com/2cpe4hk.png http://i61.tinypic.com/35874v9.png http://i62.tinypic.com/30hvfav.png I checked the USB Key and this is what it has on it: Rescue folder liveusb syslinux cfg I opened the Rescue USB folder and this is what it has: Help folder grub rescue rescueusb I ran an AdwCleaner scan and this is what it gave me: http://i59.tinypic.com/dcpgk2.png http://i58.tinypic.com/2cclzdx.png http://i62.tinypic.com/2zqcso7.png At present on the 8200: The icons on the desktop which I setup for single click do not respond and I have to open them by right clicking. I downloaded (8) updates and now every time I logon it says my computer is at risk and the firewall is turned off then it resets itself. I tried downloading/installing SuperAntiSpware and it gave me this: Install Error- Error creating shorcuts, aborting installation. The only thing I did was deselect Google Crome as my default browser and search engine. I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/ by uninstalling it first; after I uninstalled it on the add/remove programs it asked to restart the computer then it gave me this: Run-time error '339': component 'vbalsgrid6.ocx' or one of its dependencies not correctly registed: a file is missing or invalid. After trying to install it gave me this: CoCreateInstance failed, code0x80040154. Class not registered. I click ok and I can see the Creating shortuts URL change each time I click ok (5 times). Then it goes to the finish box. When I try and update Spywareblaster it gives me this: Error: Access violation at 0x73483F5A (tried to read from 0x00000014), program terminated. Last CP is 'RF'. I ran a Avast full system scan which came up clean. I want to remove the Sever Weather Alerts and Great Arcade Hits. Thoughts/suggestions? Robert Potentially Unwanted Programs (PUPs) are not neccessarily malware. Malwarebytes has included PUPs by request to be remnoved by their signature software MBAM but having many PUPs should NOT be equated to a Malware Infection. 'vbalsgrid6.ocx' is a Visual Basic construct and I indicated early on that you have a Visual Basic issue. You have ignored me and my advice and have WASTED time when you should have posted in the Malwarebytes' Forum and this could have been resolved already. Time to acquiesce and get support for a product from the product's support personnel. Additionally there is a Malwarebytes' removal utility that should be used. Please... Stop using the WinXP news group and go to the Malwarebytes' product support forum ! https://forums.malwarebytes.org/inde...showf orum=41 -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp |
#5
|
|||
|
|||
malware issue - part II
Hello Paul,
yes, it does, I normally do not go to the administrators account because the 8500 has a feature where I can type my administrators password on the User Account and gain access if needed. I only have two accounts that I use. The Administator's Account and the User Account and I believe there is a Guest Account but I never use it. I have already gone into the Add/remove programs and done all the steps 1through 4 but it still shows up with my SuperAntispyware scans. Robert |
#6
|
|||
|
|||
malware issue - part II
Hello David,
As I said, I have posted to other forums and got no reply and if you look at the forum there were very few replies. The last time I did that it was 2 weeks before I got an answer and they basically told me they couldn't help. I mean no offense, but you don't own this site and I will continue to post. R |
#7
|
|||
|
|||
malware issue - part II
P.s. I am using the Administrators Account
on the 8200 R |
#8
|
|||
|
|||
malware issue - part II
Hello Paul,
I was thinking, since as I said I have done 1-4 is there some software that you know of that would help me locate where the Great Arcade Hits and Sever Weather Alert files reside so that I can delete them because they aren't on the Add/Remove list but may be imbedded in other programs. I forgot to mention that another issue is the slight 'bump' sound whenever I connect online. It never was there before. I was infected. I also need to address the issues with the 8200 Thoughts/Suggestions Robert |
#9
|
|||
|
|||
malware issue - part II
wrote:
Hello Paul, I was thinking, since as I said I have done 1-4 is there some software that you know of that would help me locate where the Great Arcade Hits and Sever Weather Alert files reside so that I can delete them because they aren't on the Add/Remove list but may be imbedded in other programs. I forgot to mention that another issue is the slight 'bump' sound whenever I connect online. It never was there before. I was infected. I also need to address the issues with the 8200 Thoughts/Suggestions Robert The procedure for Great Arcade Hits is here. It's not the best guide, but it's a start. http://malwaretips.com/blogs/greatar...virus-removal/ Your first step is running as a member of the Administrator group, so that maybe MBAM and AdwCleaner will work OK. That procedure uses both of them. They use the Junkware Removal Tool (JRT). That one looks pretty straight forward, and is hosted on BleepingComputer. Having to "Reset" the browsers isn't the best. I would probably want to visit the Bookmark Manager and do an "Export" in order to save the bookmarks. I expect there are more focused steps you could take (editing in Options, deleting prefs.js and so on). AdwCleaner should already be looking through the prefs.js anyway. The only question I have about that procedure, is the best order to execute the steps. Myself, I'd probably save the browser Reset step for last. And run the malware or adware removal tools first. The thing is, you want to remove the "active" part of the infection, before cleaning up the "side effects". The browser part probably won't "put itself back". So once the active code is removed that keeps messing up things, then you'd clean up the side effects last. It's always possible, that while doing the procedure for the Great Arcade Hits, the Severe Weather Alerts will disappear at the same time. Because the removal tools would be the same. Paul |
#10
|
|||
|
|||
malware issue - part II
Hello Paul,
Here's what I've done: I went into my Administrators Account and ran a full system scan with malwarebytes which came up clean. I then ran a full scan with Avast which also came up clean. I updated my Spywareblaster I then ran a full scan with SuperAntispyware which gave me this: Browser extensions (3) We-Care.com Reminder Great Arcade Hits Tidy Network Applications (1) Severe Weather Alerts Threats found memory 0 registry 0 file items 3 cdn.tremormedia.com objects.tremormedia.com www.naiadsystems.com I checked the add/remove programs again and I couldn't find any of them. As I said, I deleted Sever Weather Alerts previously and also Great Arcade Hits so why are they still showing up? I ran a full system scan with AdwCleaner which came up clean. I tried running Junk Removal Tool but as soon as I started it, it disappeared. Tried to create a Kaspersky Rescue disk but it gave me the same results as before. I tried to use it but it would not start after pressing F12 and selecting the I drive and pressing enter. I saw no message but pressed enter right afterwards anyway but it loaded as normal. Also, today for some reason (maybe I hit some key) my hotmail sign-in page is so small I can't even read it. I tried restarting the computer to see if it would reset it but it didn't. Any thoughts on restoring it to its normal size? I followed your instructions for removing Great Arcade Hits and reset Firefox since I had already done steps 1-5 but not HitmanPro. I'll also posted my problem on the malwarebytes forum as soon as they confirm my membership which I'm still waiting on. Thoughts/suggestions? Robert |
#11
|
|||
|
|||
malware issue - part II
wrote:
Hello Paul, Here's what I've done: I went into my Administrators Account and ran a full system scan with malwarebytes which came up clean. I then ran a full scan with Avast which also came up clean. I updated my Spywareblaster I then ran a full scan with SuperAntispyware which gave me this: Browser extensions (3) We-Care.com Reminder Great Arcade Hits Tidy Network Applications (1) Severe Weather Alerts Threats found memory 0 registry 0 file items 3 cdn.tremormedia.com objects.tremormedia.com www.naiadsystems.com I checked the add/remove programs again and I couldn't find any of them. As I said, I deleted Sever Weather Alerts previously and also Great Arcade Hits so why are they still showing up? I ran a full system scan with AdwCleaner which came up clean. I tried running Junk Removal Tool but as soon as I started it, it disappeared. Tried to create a Kaspersky Rescue disk but it gave me the same results as before. I tried to use it but it would not start after pressing F12 and selecting the I drive and pressing enter. I saw no message but pressed enter right afterwards anyway but it loaded as normal. Also, today for some reason (maybe I hit some key) my hotmail sign-in page is so small I can't even read it. I tried restarting the computer to see if it would reset it but it didn't. Any thoughts on restoring it to its normal size? I followed your instructions for removing Great Arcade Hits and reset Firefox since I had already done steps 1-5 but not HitmanPro. I'll also posted my problem on the malwarebytes forum as soon as they confirm my membership which I'm still waiting on. Thoughts/suggestions? Robert On my browser here, pressing the control key down, then using the scroll wheel, changes browser magnification. And the other important one for this, is control-zero, which resets the scale to 100% in the browser window. Press and hold control, then press the "zero" above the "P" key. That should set the scale back again. The browser remembers the scale setting, for each domain. So each time you go back to Hotmail, the window should be the same size. Once you reset it with control-zero, it should be at 100% from now on. I don't understand what's going on with your USB key. You listed the files content for it, and it appears to be correct. At least the names of the files are correct. It should have gone much farther along in the boot sequence, before it gets to a point that anything on your machine could affect it. Like, eventually, it'll attempt to find all the partitions, and there will be an animation on the screen while it does that initial hardware scan. But you haven't had to enter any other prompts. I don't think your USB key really cares about the BIOS VT-X setting (which affects some Linux OSes because they had buggy code). I have VT-X enabled here, and my Kaspersky boots fine. The Kaspersky guys do a good job of configuring the Linux on that USB key. There's no "fluff" in there. Lots of tools I'd like to see in there, aren't on the stick. So it's a relatively minimal environment. It looks to me like it's a Gentoo derivative of some sort. So I don't know how I can help you there. If you were to burn a CD, converting the ISO9660 to a bootable CD, chances are whatever is wrong, will repeat itself, and it'll disappear again. The advantage of making the CD, is that rescueusb program would not be used (i.e. if there was a bug in the program). But I really don't see it, as the file list for the key, looks like the key preparation is working. Maybe the files are being copied, but a GRUB (boot loader) step at the end is failing during preparation. If you're seeing the "Press any key" type prompt during boot, I assume at least some of the data on the USB key is being read out. As for the scan results, remember, I'm not a malware removal expert. There are experts like that on Bleepingcomputer.com who remove malware. The results suggest that something is putting the browser helper objects back, after the other tools remove them. It means some portion remains, which is re-infecting things. It's either that, or something is defeating all the tools while they are running. With malware, new variants are created all the time. Now, if I'd spent days and days working on a problem like that here, sooner or later, I'd be considering reinstalling the OS. The above symptoms you describe are just "pests" and not real malware. So there would not be a strong incentive to do that just yet. It all depends on your level of patience. At least a few posters to the malware forums, they get frustrated after a while, reinstall their OS and report such to the malware removal expert. But way more people stick with it, follow the instructions they're given, and get a resolution to their problems. Since I'm not trained for this, I don't know all of the steps that could lead to fixing it. And even an expert, if a machine is messed up bad enough (key files quarantined during the cleanup process), may eventually conclude that only a re-installation will fix things. You're not even remotely close to being that messed up. So at this point, I don't know what else to try. You can try burning the Kaspersky CD. You'll need a blank CD and a burner program. *Do not* do a drag and drop of the ISO9660 file, to the CD. The burning tool has to convert the ISO9660 file into a bootable CD. For example, if you open the CD in Windows later, there should be more than just a single file ending in .iso showing in File Explorer. As for the "Programs and Features" or "Add/Remove" entries, the program that installed "We-Care.com Reminder" will not necessarily have We-Care in the name. Apparently, the sponsors who We-Care spams, their name is attached to the program used to do the installation. Have a look in Programs and Features again, It might be "ASPCA Reminder" which is a we-care sponsor. When I looked at the we-care.com main web page, I couldn't immediately tell who all their sponsors are, to give you more names to check for in Programs and Features. I found one little program, which was supposed to be a BHO remover (a manual tool). But when I tested it here, it didn't work. I expect Microsoft put a security feature in place, which conflicts with it :-( So I'm not going to point you to that one, because it likely won't work for you either. My thinking was, the adware would never expect an old tool like that. But it is apparently too old to have taken the settings in WinXP into account. Paul |
#12
|
|||
|
|||
malware issue - part II
wrote in message ...
Hello Paul, Here's what I've done: I went into my Administrators Account and ran a full system scan with malwarebytes which came up clean. I then ran a full scan with Avast which also came up clean. I updated my Spywareblaster I then ran a full scan with SuperAntispyware which gave me this: Browser extensions (3) We-Care.com Reminder Great Arcade Hits Tidy Network Applications (1) Severe Weather Alerts Threats found memory 0 registry 0 file items 3 cdn.tremormedia.com objects.tremormedia.com www.naiadsystems.com I checked the add/remove programs again and I couldn't find any of them. As I said, I deleted Sever Weather Alerts previously and also Great Arcade Hits so why are they still showing up? snip This can happen when you simply delete the files without uninstalling. You may have to reinstall these and remove them correctly. Ben |
#13
|
|||
|
|||
malware issue - part II
Hello Paul,
This is what the malwarebytes forum gave me to do and also gives me a time limit of 3 days to complete it or they'll terminate my post, jeeeez. Posted Today, 06:07 AM Welcome to the forum. This is for the first computer. Please run a Quick Scan with Malwarebytes and post the log: Open up Malwarebytes Settings Tab Scanner Settings Under action for PUP Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. --------------------- Then please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8) (please don't put logs in code or quotes and use the default font) (Please don't forget to run the RogueKiller scan below) General Forum P2P/Piracy Warning: Quote 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. ================================ Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes Close out the program Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop.(please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running, please create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable... unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive +Please don't run any other scans, download, install or uninstall any programs while I'm working with you. +The removal of malware isn't instantaneous, please be patient. +When we are done, I'll give to instructions on how to cleanup all the tools and logs +Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. -------Your topic will be closed if you haven't replied within 3 days!-------- He sure has given me allot to do! I'm also leery of reinstalling the OS since Dell only gave me two disks with the 8500 (drivers and utilities and drivers and documentation). Also my disk image hasn't been creating a new image each time but incrementally so that I only have one and it would be infected as well, correct? I do appreciate all your time and effort trying to help me resolve this. The 8200 of course has a more serious problem in that I can't even download /install the programs I've mentioned. @ Ben Myers - are you seriously suggesting to let my computer get infected all over again? Robert |
#14
|
|||
|
|||
malware issue - part II
|
#15
|
|||
|
|||
malware issue - part II
Hello Paul,
I've completed all the tasks asked by the person(Mr. C) helping me in the malwarebytes forum. When running the Rogue Killer it did find (3) pum files but he told me not to do anything except give him the report which I did. I understand your reasoning for Ben's suggestion and the installer file for how I got infected is simply clicking on the green arrow when trying to install AdwCleaner versus the small blue print from bleeping computer. That's how I got infected. Once I did that my computer was flooded with 7-Zip, Severe Weather Alerts, Arcades Greatest Hits etc. They installed so fast I couldn't tell you all that were loaded. Robert |
Thread Tools | |
Display Modes | |
|
|