Malware-Virus re:"W32/Gaobot.worm.gen.u"/re:"feriopsedi.com" alert-...Protocol

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by LnBayGirl, Aug 23, 2009.

  1. LnBayGirl

    LnBayGirl Private E-2

    I am running Windows XP Professional version 2002, service pack2. Dell Dimension 2350 Pentium 4 CPU 2.00Ghz 1.99 Ghz 512RAMwith 7.31GB free of 27.9GB.
    Using "Internet Explorer 8 and/or "Mozilla 3.0.12".
    95% of the time i use Firefox.
    I have Glary Utlities and PC-Tools Spyware Doctor. Just REcently added UniBlue Registry Booster2009. I do not want to pay for removal and it reports over 400 registry problems(will only remove 15)
    ?? What to Do? please help.
    Originally i recieved this error/alert:

    ~Aug 1 09:
    re: VIrus : "W32/Gaobot.worm.gen.u"
    ______________________________
    Today: Aug 22 09:
    Spyware Dr. scan reports:
    19 threats and 3455 infections in my computer. :

    [ high-Trojan.CWS(3 infection). 422(low)application.tracking cookies. high-Trojan.FakeAlert(100 infec.) Elavated-Adware.Component.Claria (2479 infec.)
    Adware.BHO.GEN(19) Adware.eBates ~ Trojan.WinShow ~ Adware.IE_Driver,.. etc. etc.]


    AVG never downloaded properly to get req'd updates needed to even start it. (i have downloaded & removed it several times.) Same problem with Avira. (connection to server failed/access denied )

    Another Quirk i'm having is:
    Other than being slow(at times) and Browser hanging/or crashing,...
    Upon Reboot a black screen appears with only this text: E.S.C.D. updating ,, (Extended System Configuration Data) in which it started to hang. i reboot F2 or F10, exit the diagnostic test, hit F2 again and Widows started.

    When using use a search engine(Google) click on a link,
    it most often goes to an advertisement. Redirects me.
    I copy&paste the url into the browser. JUst today an Alert box keeps opening that basically states "Computer under threat of infection" and that "Microsoft Windows" recommends to download a particular application software. This box states it's name is "Online Protection Tool" and the publisher is "Microsoft Windows".
    The software application it wants me to run is from "feriopsedi.com".
    My inclintion is this may be some kind of malware.
    I did not download it.

    Thanks for any help.

    My system works
    i use it everyday for hours.
    I have done lot's of 'homework'~
    read up on whatever i could when problems occur.

    By the way,
    i love your site
    you guys do a GREAT JOB!

    ~~~~~~~~~~~~~~~~~~~~~

    I plan to:
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~~ ~
    * Run a scan from:

    http://housecall65.trendmicro.com/

    * I upated java runtime; Ver. 6 Update 15



    * Download & Update SPYBOT & AdAware:

    spybot: http://s89223352.onlinehome.us/mirror/spybot/index1.php
    unzip,notice everything in red. Reboot;not w/restart..Shut it down for full 2 min., RESTART,
    let Spybot run if indicates.check for "Spybot.us by Rootboxen.net.usa

    AdAware:
    http://www.lavasoft.de/

    * Download & Install any critical Updates(except for SP3,
    i don't think i want it) from Windows Update Site.

    * ? follow removal instructions at:
    W32.HLLW.Gaobot.genRemovalInstructions ?at
    ref> www.computing.net

    * If any of these files are found DELETEthen:
    F:\t.com
    F:\0hct8ybw.bat
    F:\ntdetec1.exe
    F: intdetec1 - a folder/file named anything like this.

    ~~~~~~~~
    * If find a virus RUN SWATIT:
    http://swatit.org/download.html

    REBOOT then download HiJackThis here:
    http://www.subratam.org/?page=removal
    post it here: http://www.pcguide.com/vb/forumdisplay.php?s=&forumid=34

    * After getting a clean log read, may wnat to do a general clean up,.. TIF, cookies, %TEMP%, recycle bin,DiskClean-up
    Scan Disk, Disk Defragmenter.

    * AVG , SPYBOT & AdAware

    * Check with these Diagnostics when it's cleaned up:

    http:www.jasons-toolbox.com/browsersecurity/

    http://www.grc.com/default.htm (Gibson's tests)

    * Try LeakTest, DCOMbobulator, ShieldsUp, and
    PlugNpray

    ** the last portion of this was from a post by Thresher

    *** LnBayGirl :wave whew!
    __________________________________

    Please let me know if i am on the right track
    i'm doing the best i can in learning as i go along,
    I have put in my homework~and not sure if a clean
    install and start from scratch is worth consideration.
    s ths swas a previously owned computer and as a
    novice user not fully understanding the complete 'sytem'
    and how where why when who da da dbla.

    ~ Thanks again,
    LnBayGirl~
     
    LnBayGirl, Aug 23, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
    READ & RUN ME FIRST. Malware Removal Guide

    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    TimW, Aug 26, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds