PDA

View Full Version : Help!



camisadelgolf
10-27-2008, 12:46 PM
First, let me apologize to allow of you who thought this would be a Beatles appreciation thread. I'm a big fan, but there's something a lot more important going on in my life right now . . .

About an hour or two ago, my computer was infected with a trojan/virus. I don't know too much about how to handle this stuff, and I'm hoping I can get some free help before I break down and pay for software that I can't afford.

Anyway, AntiSpywareXP 2009 (which I've never used before) did a scan, and detected 27 infections. Here they are:
File name Malware name
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B46E70 F-CDA7-473E-89F6-DC9630A2390B}\Instance\{6FDDC324-4E03-4BFE-B185-3D77768DC92E}, {6FDDC324-4E03-4BFE-B185-3D77768DC92E} Registry item
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F12FDE6 A-9394-3C32-8E4D-F3D470947284}\ProgId, System.Reflection.AssemblyName Registry item
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{383 D4D97-FC44-478B-B139-6323DC48611C}\ProxyStubClsid32, {00020424-0000-0000-C000-000000000046} Registry item
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E86 85095-8543-4771-B2EE-E17C58379E47}\ProxyStubClsid32, {00020424-0000-0000-C000-000000000046} Registry item
C:\WINDOWS\sozeza._sy BackWebLite
C:\Documents and Settings\WSW\Cookies\akazuly._dl A-Trojan 2.0
C:\Documents and Settings\WSW\Cookies\esydy.exe Backdoor.IRCBot
C:\Documents and Settings\WSW\Cookies\mororebop.bin Adware.IpWins
C:\Documents and Settings\WSW\Cookies\tejo.exe Msiebho
C:\Documents and Settings\All Users\Application Data\romycy.vbs BackWebLite
C:\Documents and Settings\WSW\Local Settings\Application Data\hifemyse.com Adlogix
C:\WINDOWS\late.dl Adware.IpWins
C:\Documents and Settings\WSW\Local Settings\Application Data\tili.inf Backdoor.IRCBot
C:\Documents and Settings\WSW\Local Settings\Temporary Internet Files\dynana.reg Adware.IpWins
C:\WINDOWS\system32\xegufo.bat AceBot
C:\Documents and Settings\All Users\Application Data\sunyvenexi.dll A-Trojan 2.0
C:\Documents and Settings\WSW\Application Data\limuku.inf Adware.IpWins
C:\WINDOWS\qycodudyqy.dll A-Trojan 2.0
C:\Program Files\Common Files\noqycu.bat BackWebLite
C:\Program Files\Common Files\wabygu.db AceBot
C:\WINDOWS\system32\zujyda.dat A-Trojan 2.0
C:\Documents and Settings\All Users\Documents\febumuti._sy A-Trojan 2.0
C:\Documents and Settings\All Users\Application Data\pewim.sys MPower
C:\Documents and Settings\All Users\Application Data\upazaky.scr MPower
C:\WINDOWS\gyzu.reg Msiebho
C:\Documents and Settings\All Users\Application Data\zunew.vbs Msiebho
C:\Documents and Settings\All Users\Documents\qaxa._sy Backdoor.IRCBot

So anyway, I hate to do this to you all, but a lot of you know a lot more about this stuff than me, and I'm desperate. What can I do to take care of this? Like I said, I can't afford to buy any software at the moment, but if someone could just recommend some freeware that would rid me of this problem, I'd really appreciate it.

westofyou
10-27-2008, 12:58 PM
Ad Aware is free

Note: Clear ALL your cookies, use Firefox or Google Browser or Safari to do most of your surfing, enable a firewall asap, set your cookie settings at advanced (only cookies going back to original site)

Look at Regedit to get rid of some of the startup items that you're stuck with... if anything says TROJAN change the name, that will stop it calling in or out, without deleting taking some of your files with it.

See these files:

.vbs
.db

Those are database files, if they are not making a call to a DB that is running from your PC delete or change the name.

OldRightHander
10-27-2008, 01:27 PM
Second that about Ad Aware. It's free and also pretty good. I have it on my PC. I don't get those nasty little buggers on my Mac, probably because they don't want to bother targeting them.

camisadelgolf
10-27-2008, 01:29 PM
I just did a full scan with Ad-Aware, and it found three MRU objects. Here's a funny question: Should I click on 'Add to Ignore' or 'Remove'?

I know it's a silly question, but 'Add to Ignore' sounds like 'Ignore the problem', and 'Remove' sounds like 'Remove from the list without fixing the problem'.

camisadelgolf
10-27-2008, 01:37 PM
All my cookies are cleared, I'm continuing to use Firefox, my firewall is on, and I didn't see anything in the registry (nor the rest of the computer) with 'trojan' in the name.

I fond a .vbs file that was modified today, so I put it in my recyle bin. I did the same thing with five .db files. I have no idea if they were running from files on my PC because I don't know how to check that.

I'm still getting messages that say I still have the infection, though.

camisadelgolf
10-27-2008, 01:39 PM
I just did a full scan with Ad-Aware, and it found three MRU objects. Here's a funny question: Should I click on 'Add to Ignore' or 'Remove'?

I know it's a silly question, but 'Add to Ignore' sounds like 'Ignore the problem', and 'Remove' sounds like 'Remove from the list without fixing the problem'.

I got impatient and clicked 'Remove'. I'm pretty sure that was the right decision, but I'm still getting the message.

westofyou
10-27-2008, 01:41 PM
All my cookies are cleared, I'm continuing to use Firefox, my firewall is on, and I didn't see anything in the registry (nor the rest of the computer) with 'trojan' in the name.

I fond a .vbs file that was modified today, so I put it in my recyle bin. I did the same thing with five .db files. I have no idea if they were running from files on my PC because I don't know how to check that.

I'm still getting messages that say I still have the infection, though.

I delete the ones adware finds.

as for the "Infection" it's probably tied to these items

HKEY_LOCAL_MACHINE\, something like Regedit might help try this too:

http://www.virusremovalguru.com/

camisadelgolf
10-27-2008, 01:59 PM
I delete the ones adware finds.

as for the "Infection" it's probably tied to these items

HKEY_LOCAL_MACHINE\, something like Regedit might help try this too:

http://www.virusremovalguru.com/

I've manually deleted the files I could find that AntiSpywareXP 2009 detected. At the moment, I'm downloading Spyware Doctor (it took me a long time to find a working link--I think it's a result of the trojan).

camisadelgolf
10-27-2008, 02:15 PM
Okay, this is comical. And when I say 'comical', I mean I want to throw something heavy at a wall and/or window. I downloaded Spyware Doctor (which took about 20 minutes, oddly enough), and when I run the program, it tries to do an update, but every time, there is an error that prevents the software from proceeding. The "Smart Update" is being really stupid, in other words.

Are there any other suggestions for similar software?

BoydsOfSummer
10-27-2008, 03:39 PM
Go to majorgeeks.com ,they havbe all sorts of great free progs. AVG and Avast are two pretty good anti virus progs for free.

Ad-Aware and spyblaster and spybot-search and destroy are good.

Spring~Fields
10-27-2008, 04:07 PM
Microsoft Virus scanner and removal
http://onecare.live.com/site/en-us/center/howsafe.htm

Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx

Trend Micro's FREE online virus scanner
http://housecall.trendmicro.com/

Additional search list of "free" virus removal links.

http://search.msn.com/results.aspx?srch=105&FORM=IE7RE&q=free+virus+removal

camisadelgolf
10-27-2008, 04:21 PM
Thank you, everyone. I'm going to keep trying software until I find one that works. At the moment, I'm trying Malwarebytes' Anti-Malware. It's been running for 90+ minutes and searched 10,000+ files and has found three infections so far.

camisadelgolf
10-27-2008, 05:00 PM
Okay, everything's all right now. The problem was brastk, which isn't rare, I believe. Malwarebytes' Anti-Malware took care of everything. And the "AntiSpywareXP 2009" that detected my original problems was actually the problem itself. It was a little clever. A big thank you to you all who helped. I guess it goes to show that not even Firefox is fool-proof.

bthomasiscool
10-27-2008, 06:54 PM
stop looking at naughty websites...:)

SunDeck
10-27-2008, 07:35 PM
stop looking at naughty websites...:)

I've heard that too and have wondered if it's correct. That certainly seems like it would cast a wide net of potential victims. Creepy, unemployed victims who hang out at the public library all day.

Spring~Fields
10-27-2008, 07:50 PM
stop looking at naughty websites...:)


Do you mean that we will have to stop lurking at the other major leagues teams sites, to stop ogling and leering over their better statistics? :luvu: I donít know if I can survive a day without a fix, seeing real OBP and SLG and drooling. :shocked:

camisadelgolf
10-28-2008, 02:37 AM
stop looking at naughty websites...:)

Actually, I did a search for 'homo sapen' that took me to a naughty homosexual site. I'm guessing that's where it came from. :redface:

TRF
10-28-2008, 09:48 AM
I've heard that too and have wondered if it's correct. That certainly seems like it would cast a wide net of potential victims. Creepy, unemployed victims who hang out at the public library all day.

warez.com is the worst. never go there. p2p sites are just as bad.

a few tips. do not run more than 1 spyware scanner. it causes problems.

Ad Aware is great, but I'd go with a one stop shopping solution: AVG.

Anti-spyware/Anti-rootkit:
http://www.avg.com/home-and-office-security-comparison

Anti-virus:
http://free.avg.com/download-avg-anti-virus-free-edition

They have pay versions, but both of these will do for average users.

Also get a better firewall than the one provided by windows. Here is one free option:

ZoneAlarm:
http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall_b.jsp

There are probably a dozen more. Just google free firewall.

Mostly agree about the browsers. However, IE7 is much improved as far as security goes, and IE8 is due to be released some time in the next couple of months. The beta is available now, and it does have increased security as well. That said, IE will always be a bigger risk.

Unassisted
10-28-2008, 09:55 AM
While it's a bad idea to run more than one antivirus utility, it's OK and even a good idea to run more than one spyware utility. I run Ad-Aware every few weeks after the Norton suite does its thing.

camisadelgolf
10-28-2008, 10:52 AM
I have been using Spybot and Ad-Aware, and Ad-Aware didn't detect any of my latest problems (but Spybot did).

My whole problem stemmed from having the firewall turned off, I'm pretty sure. I'm going to give ZoneAlarm a shot.

TRF
10-28-2008, 11:12 AM
While it's a bad idea to run more than one antivirus utility, it's OK and even a good idea to run more than one spyware utility. I run Ad-Aware every few weeks after the Norton suite does its thing.

In previous versions of AdAware, it would detect Spybot as malware. that may have been corrected. It is NOT a good idea to have more than one inline scanner running at one time. that can cause some problems.