AIM "Best Friends" virus...analyze hijackthis thread?

Hi,
I clicked on a link on someone's away message and it installed the "Best Friends" AIM virus on my computer which automatically puts up the same away message, and makes my AIM sign on when I've exited, makes it run slower, etc... I ran HijackThis and I was hoping someone could take a look at my results or if anyone knows another way to rid my computer of this...I would be so grateful! Thanks!

Allison

 

I read your directions and followed them...my system is scanned & updated but no tool can seem to find the BestFriends.scr virus because it keeps popping up. A couple of my friends have "caught" the virus from me so I uninstalled AIM b/c it was signing on and putting up the away message without my permission. My computer is basically going haywire and I don't know what to do... Please help!

Thanks so much,
Allison

 

I've been searching on about 5 different websites like this one to help me get rid of this AIM virus. I think I removed it once last night, because the away message hadn't popped up for about 2 hours; So I signed off and went to bed. I woke up the following morning to find that I obviously hadn't removed it, or it was once again installed without me knowing it. I fear viruses very very much, from just having to give my laptop away to a computer-guy to have him remove a virus manually, which took about 2 weeks. I honestly don't want to have to do the same again, even though it's a virus for AIM. I don't want to have to pay another near $300 to get this type of problem fixed again. Sadly, giving me a link alone doesn't seem to help me, I think I need step-by-step to help me get rid of this. Please e-mail me at EquineEventer123@aol.com or you can try IMing me at: oOsweet as honey. I apprechiate all the help that has been given to me, and I hope to have this virus removed soon!

 

I've also been told to go to certain weblinks that will help me remove this virus, and most of them tell me to use CTRL+ALT+DELETE. Every time I hit CTRL+ALT+DELETE, it comes up for about half of a single second and then it goes away. I'm guessing this is part of the virus? Please help!!

 

For the person who cannot access the Task Manager: I had the same problem. I read somewhere else that you should go to your main drive, then Windows, then find the task manager. Copy it, paste it in the same directory, and change the name to something like "Newdirectory.exe". The worm is apparently looking for something with "task" or "manager" or both. You will be able to open this new copy and get to the problem at hand.

Unless, of course, none of the files that are suspect are on your task manager Processes tab, which is the case with my computer.

 

Major Attitude, I'm suffering this same problem. I've run the AIMFix, and I've tried a number of online fixes (in the middle of the TrendMicro scan right now, at your suggestion). I'm certain this has taken on a new name on my computer, as I looked through the Task Manager (once I copied it and renamed it) and none of the suspected names appear. There are some that are not familiar to me, so I'm pasting my task manager processes log here in hopes you can help me:

OUTLOOK.EXE
iexplore.exe
CCEVTMGR.EXE
symlcsvc.exe
SynchroAd.exe
realsched.exe
svchost.exe
SNDSrvc.exe
WinSync.exe
AcroTray.exe
NAVAPSVC.EXE
mdm.exe
gearsec.exe
CCSETMGR.EXE
CCPROXY.EXE
alg.exe
rundll32.exe
P2P Networking.exe
iPodService.exe
SAVSCAN.EXE
spoolsv.exe
CCAPP.EXE
iTunesHelper.exe
lsass.exe
services.exe
ezSP_Px.exe
winlogon.exe
csrss.exe
smss.exe
explorer.exe
voaxa.exe
SpySweeper.exe
jusched.exe
System
System Idle Process

I don't know if this helps or not, but thank you for any assistance.

 

Hi-

I have this same virus and tried the things you suggested but nothing has worked so far. I saw you wanted some sort of log file - can I send it to you and how do I do it? Thanks so much!

-Carly

 

Carly, start a new thread please so we can concentrate on your issue since nothing here has resolved it.

 

Hi Carly,

You should probably start a new thread for your problem.

Make sure that you follow all of the steps in this tutorial carefully:
http://forums.majorgeeks.com/showthread.php?t=35407

It is not as daunting as it looks. Note the steps you are able to complete and the ones that give you problems. This will make it easier for the experts to help you.

If a moderator requests a HijackThis log, follow the instructions here:
http://forums.majorgeeks.com/showthread.php?t=38752

Save the log as a .txt file and post it as an attachment via the "manage attachments" tool.

***Looks like Kodo was here at same time

Best luck,

PP

 

Best Friends Virus...

Unfortunately, I just got it today.

Within 5 minutes, I had tracked down most of the "prefetch" files and the original files that had been modified and deleted them.
But problems still persist.
I downloaded the AIM virus removal and it said that my AIM is clean.

The problem is that I can not see my task manager. The virus doesn't seem to still be active. Symantec picks up nothing. Is there anything I can do to fix the task manager problem? Any way to make sure my computer is free of virii? I tried your browser check, but it didn't like it because I'm using mozilla.

On a side note, I can't system restore.

What can I do?

Please Help.