Many Many Thanks to MG Team...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Motan9, Jun 10, 2006.

  1. Motan9

    Motan9 Private E-2

    I had trouble since one week by my computer. It's happened after starting to use Bearshare which is a p2p sharing program. I used the pro version of this program and paid about 20$ to have a clean version without any adware. I downloaded some movies and programs through Bearshare first with no problem but when I tried to open a program file which called "installer.exe", didn't start, happened nothing, I deleted the file (I was checking all downloaded files with Antivir Personal and have Zone Alarm as firewall, Spyware Doctor as spy controler). After some minutes my internet connection(adsl) went to slow down, I wanted to check the task manager but didn't open, gave alert as " program is in use by another program", tried to run "regedit" but gave same alert, understood that I have a virus, worm or someting like these in my system:(. I tried five days along everything to resolve the problem, scaned with different malware programs(in safe mode too), uninstalled Bearshare, it's tools and p2p tools, checked internet to find any solution, found some people who have same problem but no solution. At the end I was thinking about a disc format that found a web page which is written by Major Attitude from MG team. He told in details what I have to do to resolve these kind of problems. I applied his instructions step by step all night along and rebooted the computer again in normal mode for online checking by Bitdefender and Panda(could not connect to internet by safe mode), Antivir found a worm called WORM/IRCBot.857088 when the pc just started, I deleted it and tried to open first task manager, miracle happened, it opened, regedit opened too, all pc users can feel my happiness I think.

    To write this letter I connected to internet(speed is normal again), after connecting Antivir catched again the same worm above, I deleted.

    Onething else; After checking of Windows Defender by safe mode, program removed the finding threats except one, could not remove the threat WhenU.SaveNow which located by System Volume Information folder. I tried to open the folder but couldn't, says " is not accessible. Access is denied.". This situation is same also by normal mode, what can I do?

    I'll try also online checks by Bitdefender and Panda according of your advise.

    I can send all logs of programs which used by cleaning operation and HijackThis log if necessary.

    Thank you really very very much for your help, I'll follow any time this really professional forum for my activities.

    Motan
     
  2. Motan9

    Motan9 Private E-2

    CCleaner, Adaware and Hijackthis logs are attached.
     

    Attached Files:

  3. Motan9

    Motan9 Private E-2

    Spybot, Bitdefender, Panda logs are attached.
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Sorry it took so long! You appear to have slipped down to the third page without being noticed. That could be because you kept posting in your own thread which kept making you loose your place in the work queue.

    You did not post your Bitdefender log according to the instructions in step 6. What you posted is not useful to us. It is just a log summary.

    Also you did not follow the directions in step 7 of the READ ME. You are using MSconfig to control startups and we specifically request this not be used. Please select normal startup and attach a new HJT log. Also attach the proper Bitdefender log.
     
    Last edited: Jun 13, 2006
  5. Motan9

    Motan9 Private E-2

    Thanks for reply...

    Dear Master,

    Thanks for reply, excuse me please for missing points.

    1- I did another online scan by Bitdefender and saved the log as advised, attached.

    2- Sorry, MSconfig started with normal running mode before hjt scan but I forgot to close System Mechanic's options, closed them, scaned by hjt and log attached.

    Thanks again for your help.

    Best regards,
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Thanks for reply...

    Your HJT log is clean; however, your Bitdefende log showed some items laying around in emails that you should manually cleanup yourself since Bitdefender could not fix them.

    Other than that you appear to be clean. Are you having any malware problems?

    Is Spyware Doctor a free trial or a paid subscription version?
     
    Last edited: Jun 14, 2006
  7. Motan9

    Motan9 Private E-2

    Thanks for prompt reply. It's not seeming any malware problem at the moment, I just still can't open System Volume Information folder, is this normal?

    I'm using a paid subscription version of Spyware Doctor.

    Thank you again for your help to save me from the troubles, I'll never use again p2p network and any sharing program like Bearshare.

    Best regards,
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is your system restore folder. Do you mean "open" or do you mean you cannot delete files from it? You should be able to open it for viewing as long as viewing of hidden & system files is enabled per the READ ME.

    Okay then uninstall Windows Defender because you do not want to realtime blocking tools like this running.


    If you are not having any other malware problems, you should work thru the below link:

    How to Protect yourself from malware!
     
  9. Motan9

    Motan9 Private E-2

    Thanks for reply, when I try to open the System Volume Information folder, can not and giving alert as "C:/System Volume Information is not accessible. Access is denied". Why can't I open? What can I do to open?

    Best regards,
     
  10. Motan9

    Motan9 Private E-2

    I'm using the security programs below;

    Antivir Personal

    Zone Alarm Pro

    AdAware Personal

    Spyware Doctor

    Spybot

    CC Cleaner

    Reg Vac Registry Cleaner

    System Mechanic 4.0a

    HJT

    And Firefox 1.5.0.4 as web browser, Incredimail as e mail programme.

    Do you advise anything else?

    Best regards,



     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Everything we recommend is in the link I gave to you. You should be using SpywareBlaster.

    I have seen problems like this with view the System Volume Information folder sometimes. I'mnot sure why but it could just be
    a permissions issue within Windows. Why do you want to access this folder anyway? It is your System Restore folder. You cannot do anything with the files in it anyway unless you disable system restore.

    You can use the below program which will probably allow you to access it, but I still don't see the need:

    ExplorerXP
     
    Last edited: Jun 15, 2006
  12. Motan9

    Motan9 Private E-2

    I'm not looking to access this folder anyway, but as I wrote in my first message; "Onething else; After checking of Windows Defender by safe mode, program removed the finding threats except one, could not remove the threat WhenU.SaveNow which located by System Volume Information folder. I tried to open the folder but couldn't, it says " is not accessible. Access is denied.". This situation is same also by normal mode, what can I do?" That means the threat WhenU.Save is still in System Information folder. I tried to open the folder because of this stuation and am afraid that this or other threats don't let the folder to open. I can not use the computer for internet banking because of this suspicion.

    Best regards,
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read message number 11 again! You (that includes software that you run) cannot do anything to files in system restore unless you disable system restore. Also see step one of the READ ME.
     
  14. Motan9

    Motan9 Private E-2

    I installed ExplorerXP, it opened the System Volume Information folder and received information about SaveNow threat from internet, I think my computer is in safe enough, will go on to work, thanks again for your help.

    I installed also SpywareBlaster to protect the web browsers.

    Best regards,
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome but that means you have not complete step 1 of the READ & RUN ME which is necessary after removing all malware problems.
     
  16. Motan9

    Motan9 Private E-2

    You are right, I'll do, disable system restore, reboot and re-enable again, that's all, not?

    Do you know a freeware ip changer or keeper to use by internet?

    Best regards,
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No I don't use any so I have none to recommend. Try the asking in the Software Forum.
     
  18. Motan9

    Motan9 Private E-2

    Ok, thanks.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds