Help infostealer.gamspot won't go away

Hi, ive been infected by infostealer.gamspot. i first noticed it when i ran a scan on monday(3-10-08). I'm unable to remove it with Norton. It simply gives the option to review. I've also tried running scans with SuperAnti Spyware and Spybot Search And Destroy. Neither of these is able to remove it. I've tried searching for the file itself to no avail. Last night(3-15-08), i noticed that i was unable to access hidden files(not sure if its the spyware or not). When i click "Show Hidden Files" and "Apply" It seems to do this, however the hidden folders never appear. Then when i go back to the option its still on "do not show hidden files". Is there anything that will get this thing off my computer? Or am i doomed to have it on there forever? Thank you for you help in advance.

 

Hi Buddha1108,
Welcome to Major Geeks!

To begin with, you need to go to Start / Run and type in msconfig, click on okay and in the window that opens up, make sure that Normal Startup is checked. Then click on apply and okay.

I think that Norton may be preventing you from making changes. Can you try turning off any of the service options Norton offers except for the antivirus and then try getting me a new copy of the MGlogs? To do this, go to the MGTools folder in C and open it and find the file called GetLogs.bat. Double-click on that to run it and allow it to go all the way to completion. When it's finished, upload the MGlogs.zip (located as a file directly under C just above the superman icon) here. The ones you attached didn't have a copy of HijackThis in it.

Thanks.
abri

 

alright.i disabled norton to try to get the new copy of logs. i hope it did them right. anyway ill update a bit, the hidden folders came back a couple hours ago. the infostealer.gamspot is still there. i attached the new logs. hope its helpful

 

Hi Buddha1108,

Does Norton give you the name Infostealer.gamspot?

I would like for you to do the following:

1) Go to add/remove programs and uninstall the below:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 1

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Doug B\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Do the following belong to programs you know or want to keep? If not, please fix them as well.

O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.profileheaven.com/images/multi-upload/ImageUploader2.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

After you click fix, just close hijackthis.


5) Run CCleaner.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

yes norton was the one giving me the name. i followed everything you said, i hope everything went well. i attached the new logs

 

i have the logs, but i cant upload them. i keep getting a message that i already uploaded them to this thread. im not sure what to do with it now...

EDIT: i guess my browser was lagging a bit, so sorry for the double post. also...i ran a virus scan and its still showing up

 

Hi Buddha1108,
I did a search of the Symantec website for infostealer.gamspot and it's not listed there. There is a trojan called infostealer.gampass (also without an e). I read about this and checked your logs for any of the symptoms for this, but there aren't any. In your Symantec report, where does it say it is finding this trojan? I'm wondering if it might be in the restore points or possibly in the Norton Quarantine. Can you give me any more information about its location?
abri

 

yeah sorry for the confusion, i put the wrong name of it down. but anyway, it doesnt give me a direct file or link to the file, but i noticed it always does it after scanning my external hard drive. im not sure if that makes any difference, i have norton set up to scan everything fully.

 

Hi Buddha1108,

Norton has a fix for that particular virus. Since you're using Norton and it's repeatedly picking up that infection, it must be finding something to detect. Our scans stay pretty much on the drive where your operating system is, so if it's showing up in an external drive, we wouldn't see it. Since Norton fixes that virus and continues to find it, I am guessing that it's being found in an archive somewhere. What you might try is running BitDefender online scan and see if it picks up the same thing and can point at where it is. BitDefender's online scan has several advantages. For one thing, you can point it at a specific drive that you want to have scanned. Also, it will look at archived data like zipped files. To run this particular scan, you need to use Internet Explorer and have active X enabled. After you click on I agree, you will get a box where you can start the scan. Just above the start scan button you'll see two possible options. One of those options is to select the location you wish to have scanned. I recommend trying this. It may or may not find it. It may possibly find it and give it another name since the security companies generally each assign their own name to the virus. To run this scan, go to Alternate Scans and find the group of scans which are Online Scans. Follow the instructions there and please note the special instructions for producing a log which will be of use to us. There are instructions in the link. Also, please note that this is a lengthy scan and can take awhile.

abri

 

Well, so far Norton is the only thing that even detects it. I'm really confused by this. Nothing else even picks it up. I attached the logs from the online scans(hopefully theyre the right ones)

 

Hi Buddha1108,
Did BitDefender find anything? Can you show me the report Norton is giving you, either as a screen shot or as a copy of the log?
abri

 

yeah, idk how to make a log for norton, so ill take a screenshot

 

im really not getting why it shows up elsewhere but not on the detailed results

 

well i disable system restore and it still happens. according to norton, my updates are current and it wont let me get any newer ones. i havent run the scan in safe mode yet,ill do that tonight when i get ready to sleep.ill post back in the morning

 

ok i ran the full system scan in safe mode and it still showed up and wouldnt let me remove it.im really not getting this at all

 

Yeah thats what threw me at first. I kept looking at the signs of infection and trying to figure it out, but i noticed it didnt seem to be doing anything. Symantec isnt exactly helpful whenever I try to get help with something. Usually they try to charge me for something before even suggesting or informing me of common information on their site. But thank you for all of your help. I appreciate it much. Hopefully symantec will be able to fix this.

 

i already plan on changing once this year expires