bestfriends.scr

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by vulture, Oct 10, 2004.

  1. vulture

    vulture Private E-2

    so my smart self clicked on the link and got the bestfriends.scr virus through AIM. Ive tried Norton scan, trendmicro scan, adaware, spybot, aimfix, etc and nothing seems to be working. a message from AIM will randomly pop up saying "the hyperlink you clicked on cannot be accessed" or something like that. also, EVERY web page i go to has the SP2 firewall block a active content file, even sites like google. i have my HijackThis log but apparently i shouldnt post it until asked to do so...if you anyone could help that would be great. Thanks.
     
    vulture, Oct 10, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    Hi Vulture,
    Please take a few minutes to read our guide. If you've already read it, please say so and then upload your log.

    http://forums.majorgeeks.com/showthread.php?t=35407
    MajorGeeks Support Forums - READ ME FIRST: Basic Spyware, Trojan And Virus Removal.
     
    Kodo, Oct 10, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 10, 2004
    #3
  4. vulture

    vulture Private E-2

    yes, i have read your guide and it hasnt seemed to work, and i also did download/use the aimfix from majorgeeks.com. here's the HijackThis log file...thanks.
     

    Attached Files:

    Last edited by a moderator: Oct 10, 2004
    vulture, Oct 10, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not run ALL the steps in the tutorial. There is no evidence of the online scans being run. If you ran them, they may have fixed this problem already. You have a trojan.
     
    chaslang, Oct 10, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure viewining of hidden files is enabled.

    Look in Add/Remove programs for anything with WildTangent and uninstall it.

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below process and End it:
    SVCHOSTE.EXE

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [Windows Logon Procedure] SVCHOSTE.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\RunOnce: [Windows Logon Procedure] SVCHOSTE.EXE
    O15 - Trusted Zone: http://*.windowsupdate.com


    Boot in safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\SVCHOSTE.EXE
    C:\Program Files\WildTangent <--- the whole directory


    Reboot in normal mode and post a new log and tell me how things are working.
     
    chaslang, Oct 10, 2004
    #6
  7. vulture

    vulture Private E-2

    this seemed to work for the AIM trojan...the away message doesnt pop up anymore. however when im in internet explorer, the information bar at the top pops up and says "To help protect your security, IE has restridted this file from showing active content that could access your computer". this comes up for every website i visit...even on this one. i have signed activeX controls enabled to download/run, but it still pops up for EVERY website. any ideas about this? thanks for your help.
     
    vulture, Oct 11, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Check out the rest of your Security Settings. Maybe you have something disable.
     
    chaslang, Oct 11, 2004
    #8
  9. vulture

    vulture Private E-2

    i have all the necessary security setting enabled...yet this message still pops up on websites that dont have active X controls.
     
    vulture, Oct 11, 2004
    #9
  10. vulture

    vulture Private E-2

    heres the new log also...
     

    Attached Files:

    vulture, Oct 11, 2004
    #10
  11. Digital Yellow

    Digital Yellow Private E-2

    Hey guys, so im having the same information bar problem, i had the bestfriends aim virus, but im pretty sure i took care of it, now, however, i get the security warning for every site i go to, i have tried to turn it off, but to no avail, if someoone has any idea what is causing this let me know, please, also if you need any other info from me let me know, thanks.
     
    Digital Yellow, Oct 26, 2004
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your HJT log looks okay! What is your Internet Zone Security level set to?
     
    chaslang, Oct 26, 2004
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can start you on thread or read along here. But we work on one user's problem per thread. So you can follow along and see if things done here work for you but if you want to get specific help for your problem please start a thread of your.
     
    chaslang, Oct 27, 2004
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds