My friend's having malware and virus issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by JoshTheftAuto, Mar 30, 2006.

  1. JoshTheftAuto

    JoshTheftAuto Private E-2

    He can't even get on the internet anymore, we are networked though. Can you guys suggest a scan program so that I can post the log file on here and help us out with this problem?
     
    JoshTheftAuto, Mar 30, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and yes

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     
    DavidGP, Mar 30, 2006
    #2
  3. JoshTheftAuto

    JoshTheftAuto Private E-2

    Ok, here's a few of the things that spybot and adaware found. I have logs if you want them.

    Ad-Aware
    ----------
    MRU List 3
    Clickspring 14
    WindUpdates 5
    Zango 1
    Winad 7


    Spybot
    --------
    CoolWWWSearch.WinRes 3 Fixed
    Pest Trap 1 fixed
    Smitfraud-C. 1 fixed
    Vcodec 2 fixed
    Windows Security Center.AntiVirusDisableNotify 1 fixed
    Windows Security Center.FirewallDisableNotify 1 fixed
    Windows.ActiveDesktop 1 fixed




    I'm running the bitdefender scan now on his computer, it's going to take a good few hours. He also seems to have Spyware Quake.
     
    JoshTheftAuto, Mar 30, 2006
    #3
  4. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Please complete all the steps in the directions from Halo's post. Then post the 3 logs that were requested.
     
    Shadow_Puter_Dude, Mar 30, 2006
    #4
  5. JoshTheftAuto

    JoshTheftAuto Private E-2

    Ok, here's all 3 logs you requested. Help us out please.
     

    Attached Files:

    JoshTheftAuto, Mar 30, 2006
    #5
  6. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Uninstall Yazzle Sudoku

    Unistall WeatherBug unless this is the paid version.

    Follow the instructions for SpywareQuake Removal Procedure

    Download LSP-Fix

    After download is complete, Run LSP-Fix

    Check the Box labeled "I know what I'm doing" and then click on the farlsp.dll file (in the “Keep” section) to select it.

    Then, Select the >> button to move rlls.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.
    (Note: If the file farlsp.dll is already in the remove section, then just click FINISH.)

    Now run HijackThis and fix the following:
    Download
    - Pocket Killbox
    - ExplorerXP

    Now run Pocket Killbox:

    Choose Tools -> Delete Temp Files and click the RED X.

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.
    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

    Now boot into SAFE MODE

    Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)
    Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

    Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin

    And Click OK.

    REBOOT to Normal Mode.


    Submit the following file to Jotti.org for analaysis.
    Attach the smitfiles.txt from the Spware Quake procedure, the results of the Jotti scan and a fresh HijackThis log.
     
    Shadow_Puter_Dude, Mar 31, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds