Blue Desktop w/ Spyware warning

Discussion in 'Malware Help (A Specialist Will Reply)' started by daddyslilallie, Oct 19, 2008.

  1. daddyslilallie

    daddyslilallie Private E-2

    Hello All!

    I have come to you in much needed help! This morning, after being online, my computer started acting all crazy. My desktop background turned blue with a warning link that I needed to update my antispyware protection. I also started getting spyware is needed popups from my system tray, as well as warnings saying part of my aol was corrupt. Also when I tried alt+cntrl+delete, my task manager was disabled by the administrator (but I am an admin.)

    After several long hours, I did come to find that I may have a smitfraud or vundo infection, or possibly both by visiting multiple forums and have tried to download anitspyware programs (even paid for XP Antispyware). Most isntructions also mention booting up in safe mode, where my computer freezes when I try. And after all this, now my pc wont connect to the Internet via explorer or aol where it did b4 I tried to fix the issue. (I am on my laptop now with and praying nothing happens to it.)

    My bottom line is I need some major help from the beginning and realize I do not have the know how to do so alone. I am by no means a computer expert and have seen people post their logs which I don't know how to do. But am willng to try anything!!
     
    daddyslilallie, Oct 19, 2008
    #1
  2. daddyslilallie

    daddyslilallie Private E-2

    I now have tried to make use of the "Read and Run Me" thread. However, I cannot connect to the internet and therefore can't download the tools. I did however cross reference the add/remove programs, none of which I had to remove.

    So I still need help! TY!
     
    daddyslilallie, Oct 19, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The notes in the below give you some tips on how to get the programs you need onto your infected PC. Without logs, and the tools we nned you to get on your PC, we cannot help you.


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Oct 20, 2008
    #3
  4. daddyslilallie

    daddyslilallie Private E-2

    Ty for responding! I have done all steps on Read and Run and am upto running the downloaded software.

    I am trying to launch the SuperAntiSpyware. I did have to remane it in order to get the desktop icon, now, however, when I double click it, it will not launch! I read the FAQ for its trouble shooting and tried to find gpedit.msc on my computer, which cannot be found by windows. I also rebooted in safe mode by tapping the F8 key and was able to do so, yet, SAS still will not launch.

    Should I continue to launch the other programs SPybot, Malwarebytes, Et cetera? Help!
     
    daddyslilallie, Oct 25, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sure? Make sure you look in the System Tray as when it loads it puts an icon in the tray that looks like a little yellow bug. If you see this icon, you just need to double click it.

    If the above is not your problem. Try going directly to the C:\Program Files\SUPERAntiSpyware folder and see what you see here. Do you see SuperAntiSpyware.exe ? If so, you did not rename the program, you only renamed your Desktop shortcut. Double click the SuperAntiSpyware.exe file and see if it runs. If not, rename it to SAS.exe and then double click it to see if it runs.

    Yes continue on if you still cannot run SUPERAntiSpyware. Try running it one more time after running Malwarebytes, Spybot and ComboFix.
     
    chaslang, Oct 25, 2008
    #5
  6. daddyslilallie

    daddyslilallie Private E-2

    Hello and TY again.. apparently after shutting dowm my PC one too many times with the tower button, my PC did a system recovery. However I am still attaching the logs for the XP cleaning procedures as the programs still found malware.
     

    Attached Files:

    daddyslilallie, Oct 29, 2008
    #6
  7. daddyslilallie

    daddyslilallie Private E-2

    Apologies from the Idiot outside. I would attach the 4th log from ComboFix, however I cannot seem to find it! Is there something I can search for inorder to find it?

    Ty once more!
    ~Allie
     
    daddyslilallie, Oct 29, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    [The ComboFix log should be C:\combofix.txt if it was created.

    You still need to attach the C:\MGlogs.zip from MGtools. We did not ask for the HijackThis log.
     
    chaslang, Oct 30, 2008
    #8
  9. daddyslilallie

    daddyslilallie Private E-2

    Ok.. the idiot outside has found the appropiate MG log!! YAY for that. But I guess the ComboFix log was not created. :eek:(

    So now what?

    Sincerrely,
    ~Aliie

    Ps. Thanks sooo much for this help!
     

    Attached Files:

    daddyslilallie, Nov 4, 2008
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Possibly it did not finish running properly because you allowed Spybot's Teatimer to be installed when we specified not to do this in the READ & RUN ME. So please disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

    Also Symantec can get in the way which is why the instructions for ComboFix specify to shutdown protection software. It does look like the temp file for your ComboFix log may have been created though so please attach the below log:

    C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Local Settings\Temp\log.txt

    Do you know what the below files and folder are for?
    Code:
    "C:\Documents and Settings\All Users\Application Data\"
zateve~1.inf  Oct 28 2008       17268  "zatevexor.inf"
"C:\Program Files\Common Files\"
kaxyvi~1.db   Oct 25 2008       12961  "kaxyvinyg.db"
QIKO          Oct 19 2008              "qiko"

"C:\WINDOWS\"
QIKO          Oct 19 2008              "qiko"

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    After clicking Fix, exit HJT.

    After a reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Nov 5, 2008
    #10
  11. daddyslilallie

    daddyslilallie Private E-2

    chaslang ty so much for ur patience and help thus far!

    Ok.. I thought the tea timer was uninstalled, but i ( and a friend and i follwed ur instructions) as per ur last post. As for symantec, that popped upped when my system went into recovery and didnt think it was working as i have not registered or paid for it :eek:/

    As far as the forementioned codes go.. I have no clue as to what that are/were, however, my friend who is trying to ensure i follow ur directions correctly, found the times those files were created and i believe thats the time i started having issues!

    Now, when doing the system scan for the MGtools\analyse.exe ur 2 forementioned 09's werent options but we proceeded based on the assumption the other 2 could still be"fixed".

    as far as how things are working now:
    When my system went into recovery the blue desktop withthe spyware warning were gone as wella s the pop ups. I am just very affraid and am not sure if the problen is still there and hidden. So, I suppose things are working fine now!:confused

    My friend does have the question though: When the system went into recovery, how come desktop icons were still on the desktop but the prgrams were missing? (ie AOL, games, etc.)
     

    Attached Files:

    daddyslilallie, Nov 6, 2008
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Chas has gone on vacation so I will continue with your problems.

    You are running SP1....when we are finished, you must install either SP2 ( at least) or SP3!

    If Norton is expired, you should remove it asap...it is providing you little security if it can not update its virus signatures.

    You can use Norton Removal Tool.

    Please use add/remove programs to uninstall:
    Viewpoint Media

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\%username%\Local Settings\Temp

    After doing the above, you should work thru the below link:
    How to Protect yourself from malware! and download an anti-virus program.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Be sure to tell us how things are running.
     
    TimW, Nov 8, 2008
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds