Turn Off Ads?
Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: Help!

  1. #1
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Help!

    First, let me apologize to allow of you who thought this would be a Beatles appreciation thread. I'm a big fan, but there's something a lot more important going on in my life right now . . .

    About an hour or two ago, my computer was infected with a trojan/virus. I don't know too much about how to handle this stuff, and I'm hoping I can get some free help before I break down and pay for software that I can't afford.

    Anyway, AntiSpywareXP 2009 (which I've never used before) did a scan, and detected 27 infections. Here they are:
    File name Malware name
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B46E70 F-CDA7-473E-89F6-DC9630A2390B}\Instance\{6FDDC324-4E03-4BFE-B185-3D77768DC92E}, {6FDDC324-4E03-4BFE-B185-3D77768DC92E} Registry item
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F12FDE6 A-9394-3C32-8E4D-F3D470947284}\ProgId, System.Reflection.AssemblyName Registry item
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{383 D4D97-FC44-478B-B139-6323DC48611C}\ProxyStubClsid32, {00020424-0000-0000-C000-000000000046} Registry item
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E86 85095-8543-4771-B2EE-E17C58379E47}\ProxyStubClsid32, {00020424-0000-0000-C000-000000000046} Registry item
    C:\WINDOWS\sozeza._sy BackWebLite
    C:\Documents and Settings\WSW\Cookies\akazuly._dl A-Trojan 2.0
    C:\Documents and Settings\WSW\Cookies\esydy.exe Backdoor.IRCBot
    C:\Documents and Settings\WSW\Cookies\mororebop.bin Adware.IpWins
    C:\Documents and Settings\WSW\Cookies\tejo.exe Msiebho
    C:\Documents and Settings\All Users\Application Data\romycy.vbs BackWebLite
    C:\Documents and Settings\WSW\Local Settings\Application Data\hifemyse.com Adlogix
    C:\WINDOWS\late.dl Adware.IpWins
    C:\Documents and Settings\WSW\Local Settings\Application Data\tili.inf Backdoor.IRCBot
    C:\Documents and Settings\WSW\Local Settings\Temporary Internet Files\dynana.reg Adware.IpWins
    C:\WINDOWS\system32\xegufo.bat AceBot
    C:\Documents and Settings\All Users\Application Data\sunyvenexi.dll A-Trojan 2.0
    C:\Documents and Settings\WSW\Application Data\limuku.inf Adware.IpWins
    C:\WINDOWS\qycodudyqy.dll A-Trojan 2.0
    C:\Program Files\Common Files\noqycu.bat BackWebLite
    C:\Program Files\Common Files\wabygu.db AceBot
    C:\WINDOWS\system32\zujyda.dat A-Trojan 2.0
    C:\Documents and Settings\All Users\Documents\febumuti._sy A-Trojan 2.0
    C:\Documents and Settings\All Users\Application Data\pewim.sys MPower
    C:\Documents and Settings\All Users\Application Data\upazaky.scr MPower
    C:\WINDOWS\gyzu.reg Msiebho
    C:\Documents and Settings\All Users\Application Data\zunew.vbs Msiebho
    C:\Documents and Settings\All Users\Documents\qaxa._sy Backdoor.IRCBot

    So anyway, I hate to do this to you all, but a lot of you know a lot more about this stuff than me, and I'm desperate. What can I do to take care of this? Like I said, I can't afford to buy any software at the moment, but if someone could just recommend some freeware that would rid me of this problem, I'd really appreciate it.

  2. Turn Off Ads?
  3. #2
    breath westofyou's Avatar
    Join Date
    Oct 2000
    Location
    PDX
    Posts
    42,999

    Re: Help!

    Ad Aware is free

    Note: Clear ALL your cookies, use Firefox or Google Browser or Safari to do most of your surfing, enable a firewall asap, set your cookie settings at advanced (only cookies going back to original site)

    Look at Regedit to get rid of some of the startup items that you're stuck with... if anything says TROJAN change the name, that will stop it calling in or out, without deleting taking some of your files with it.

    See these files:

    .vbs
    .db

    Those are database files, if they are not making a call to a DB that is running from your PC delete or change the name.

  4. #3
    Resident optimist OldRightHander's Avatar
    Join Date
    Sep 2002
    Location
    east of WOY
    Posts
    5,045

    Re: Help!

    Second that about Ad Aware. It's free and also pretty good. I have it on my PC. I don't get those nasty little buggers on my Mac, probably because they don't want to bother targeting them.
    The contents of this post may be disseminated without the express written consent of the Cincinnati Reds or Major League Baseball.

    Cincinnati's premiere expedited trucking company

  5. #4
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    I just did a full scan with Ad-Aware, and it found three MRU objects. Here's a funny question: Should I click on 'Add to Ignore' or 'Remove'?

    I know it's a silly question, but 'Add to Ignore' sounds like 'Ignore the problem', and 'Remove' sounds like 'Remove from the list without fixing the problem'.

  6. #5
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    All my cookies are cleared, I'm continuing to use Firefox, my firewall is on, and I didn't see anything in the registry (nor the rest of the computer) with 'trojan' in the name.

    I fond a .vbs file that was modified today, so I put it in my recyle bin. I did the same thing with five .db files. I have no idea if they were running from files on my PC because I don't know how to check that.

    I'm still getting messages that say I still have the infection, though.

  7. #6
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    Quote Originally Posted by camisadelgolf View Post
    I just did a full scan with Ad-Aware, and it found three MRU objects. Here's a funny question: Should I click on 'Add to Ignore' or 'Remove'?

    I know it's a silly question, but 'Add to Ignore' sounds like 'Ignore the problem', and 'Remove' sounds like 'Remove from the list without fixing the problem'.
    I got impatient and clicked 'Remove'. I'm pretty sure that was the right decision, but I'm still getting the message.

  8. #7
    breath westofyou's Avatar
    Join Date
    Oct 2000
    Location
    PDX
    Posts
    42,999

    Re: Help!

    Quote Originally Posted by camisadelgolf View Post
    All my cookies are cleared, I'm continuing to use Firefox, my firewall is on, and I didn't see anything in the registry (nor the rest of the computer) with 'trojan' in the name.

    I fond a .vbs file that was modified today, so I put it in my recyle bin. I did the same thing with five .db files. I have no idea if they were running from files on my PC because I don't know how to check that.

    I'm still getting messages that say I still have the infection, though.
    I delete the ones adware finds.

    as for the "Infection" it's probably tied to these items

    HKEY_LOCAL_MACHINE\, something like Regedit might help try this too:

    http://www.virusremovalguru.com/

  9. #8
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    Quote Originally Posted by westofyou View Post
    I delete the ones adware finds.

    as for the "Infection" it's probably tied to these items

    HKEY_LOCAL_MACHINE\, something like Regedit might help try this too:

    http://www.virusremovalguru.com/
    I've manually deleted the files I could find that AntiSpywareXP 2009 detected. At the moment, I'm downloading Spyware Doctor (it took me a long time to find a working link--I think it's a result of the trojan).

  10. #9
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    Okay, this is comical. And when I say 'comical', I mean I want to throw something heavy at a wall and/or window. I downloaded Spyware Doctor (which took about 20 minutes, oddly enough), and when I run the program, it tries to do an update, but every time, there is an error that prevents the software from proceeding. The "Smart Update" is being really stupid, in other words.

    Are there any other suggestions for similar software?

  11. #10
    So Long Uncle Joe BoydsOfSummer's Avatar
    Join Date
    Dec 2003
    Location
    Hamilton,Ohio
    Posts
    3,850

    Re: Help!

    Go to majorgeeks.com ,they havbe all sorts of great free progs. AVG and Avast are two pretty good anti virus progs for free.

    Ad-Aware and spyblaster and spybot-search and destroy are good.
    0 Value Over Replacement Poster


    "Sit over here next to Johnathan (Bench)...sit right here, he's smart."--Sparky Anderson

  12. #11
    Member Spring~Fields's Avatar
    Join Date
    Sep 2001
    Posts
    8,630

    Re: Help!

    Microsoft Virus scanner and removal
    http://onecare.live.com/site/en-us/center/howsafe.htm

    Malicious Software Removal Tool
    http://www.microsoft.com/security/ma...e/default.mspx

    Trend Micro's FREE online virus scanner
    http://housecall.trendmicro.com/

    Additional search list of "free" virus removal links.

    http://search.msn.com/results.aspx?s...+virus+removal
    Last edited by Spring~Fields; 10-27-2008 at 04:16 PM.

  13. #12
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    Thank you, everyone. I'm going to keep trying software until I find one that works. At the moment, I'm trying Malwarebytes' Anti-Malware. It's been running for 90+ minutes and searched 10,000+ files and has found three infections so far.

  14. #13
    Vampire Weekend @Bernie's camisadelgolf's Avatar
    Join Date
    Dec 2004
    Location
    Cincinnati, OH
    Posts
    11,449

    Re: Help!

    Okay, everything's all right now. The problem was brastk, which isn't rare, I believe. Malwarebytes' Anti-Malware took care of everything. And the "AntiSpywareXP 2009" that detected my original problems was actually the problem itself. It was a little clever. A big thank you to you all who helped. I guess it goes to show that not even Firefox is fool-proof.

  15. #14
    Member
    Join Date
    Jan 2003
    Location
    Lexington, KY
    Posts
    413

    Re: Help!

    stop looking at naughty websites...
    We'll win it all next year...

  16. #15
    First Time Caller SunDeck's Avatar
    Join Date
    Jun 2000
    Posts
    5,396

    Re: Help!

    Quote Originally Posted by bthomasiscool View Post
    stop looking at naughty websites...
    I've heard that too and have wondered if it's correct. That certainly seems like it would cast a wide net of potential victims. Creepy, unemployed victims who hang out at the public library all day.
    Next Reds manager, second shooter. --Confirmed on Redszone.


Turn Off Ads?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Board Moderators may, at their discretion and judgment, delete and/or edit any messages that violate any of the following guidelines: 1. Explicit references to alleged illegal or unlawful acts. 2. Graphic sexual descriptions. 3. Racial or ethnic slurs. 4. Use of edgy language (including masked profanity). 5. Direct personal attacks, flames, fights, trolling, baiting, name-calling, general nuisance, excessive player criticism or anything along those lines. 6. Posting spam. 7. Each person may have only one user account. It is fine to be critical here - that's what this board is for. But let's not beat a subject or a player to death, please.

Thank you, and most importantly, enjoy yourselves!


RedsZone.com is a privately owned website and is not affiliated with the Cincinnati Reds or Major League Baseball


Contact us: Boss | GIK | BCubb2003 | dabvu2498 | Gallen5862 | LexRedsFan | Plus Plus | RedlegJake | redsfan1995 | The Operator | Tommyjohn25