DerBiz is killing me! Please help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by kingdoneg, May 2, 2005.

  1. kingdoneg

    kingdoneg Private E-2

    I have followed all your 4 point instructions on virus remover, adaware, HJT and many more besides. Yet I still cannot get rid of this stupid virus. This has resulted in a pop-up window that hides behind my browsers, therefore whenever I leave my PC on for more than 10 minutes of inactivity, I get the "cannot find site" I then have to reboot in order to access the internet, this is despite having broadband.

    Another fault which seems to have resolved through all the additional spyware protection I have now installed is the changing of my home page! My keys also used to be slow to type, it was as if some one was possibly trying to use my keyboard!

    Many of the virus protectors I have installed indicate the verification of adaware elite but all fail to remove it.

    I am running I.E.6 on windows XP2. Please help me!
     
    kingdoneg, May 2, 2005
    #1
  2. foot loose

    foot loose Private E-2

    i think you got that virus from MSN
    in task manager it is called projectone i think you can end the process and then delete the folder from c:
    or
    turn off system restore
    start up your pc in safe mode with networking
    then do a online virus scan
     
    foot loose, May 2, 2005
    #2
  3. kingdoneg

    kingdoneg Private E-2

    I think you are right about it's origin. However, as I have already stated I have thouroughly undertaken the 4 step tasks as asked to by the moderator including the one you described all to no avail! Any other advice would be appreciated though.

    Thanks in advance.

     
    kingdoneg, May 2, 2005
    #3
  4. kingdoneg

    kingdoneg Private E-2

    Please do not forget me, I am desparate for some help!
     
    kingdoneg, May 3, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL the steps from the READ ME FIRST thread, and you are still having problems, follow the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 3, 2005
    #5
  6. kingdoneg

    kingdoneg Private E-2

    Thanks for comming to my aid. I have attached the HJT log file. One of the many problems I am getting with this virus is a quiet pop-up window that operates in the background. When this is up I cannot browse without rebooting my computer. When in the Task Manager I have also noticed a program running called "pop64" I don't know what this is so I disable it when I see it.

    Thanks in advance for your help.
     

    Attached Files:

    kingdoneg, May 4, 2005
    #6
  7. Chris Bowes

    Chris Bowes Private E-2

    Hi There
    Could anybody help me get rid of derbiz.com its driving me mad.

    Cheers,Chris.
     
    Chris Bowes, May 4, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 4, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are in need of an antivirus application and some other tools. We will address that after fixing your current problems.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\System32\mpci.exe

    After killing all the above processes, click "Back".
    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
    O4 - HKLM\..\Run: [Windows Workstation] mpci.exe
    O4 - HKLM\..\RunServices: [win98 DNS] wingrd.exe
    O4 - HKLM\..\RunServices: [Windows Workstation] mpci.exe
    O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe
    O4 - HKCU\..\Run: [Windows Workstation] mpci.exe
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll (file missing)
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: BT - {8B6A9EEB-1667-4992-826E-DB01BE82286D} - http://www.bt.com (file missing) (HKCU)
    O9 - Extra button: Homepage - {F2AD7AB5-A4C8-485F-8D90-5F366E33CAFC} - http://bt.yahoo.com (file missing) (HKCU)
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\mpci.exe
    C:\WINDOWS\System32\wingrd.exe
    C:\WINDOWS\System32\sscs.exe
    C:\WINDOWS\seeve.exe
    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, May 4, 2005
    #9
  10. kingdoneg

    kingdoneg Private E-2

    Please find attatched my new HJT file. I was able to accomplish most of the tasks with the exception of finding and removing
    C:\WINDOWS\System32\wingrd.exe
    C:\WINDOWS\System32\sscs.exe

    I have completed a file search for them both in normal mode and was unable to find them.

    However, I did find them in safe mode under the windows\prefetch folder and deleted them there.

    Immediate changes I have noted on my PC performance since the changes are; I can now listen to my PC through all 5 speakers as opposed to the 3 front speakers as before. pop64, also appears to have dissappeared, the seeve pop-up has also gone. So now I gues I need to fully protect my PC from this type of recurrence. Thanks once again for your help and support.
     

    Attached Files:

    kingdoneg, May 5, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The below items are still in your HJT log:

    O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
    O4 - HKLM\..\Run: [Windows Workstation] mpci.exe
    O4 - HKLM\..\RunServices: [win98 DNS] wingrd.exe
    O4 - HKLM\..\RunServices: [Windows Workstation] mpci.exe


    Are you sure you selected Fix on them last time. Try the procedure again. Make sure the files do not exist in c:\windows\system32.

    You need to complete all the steps in: How to Protect yourself from malware!
     
    chaslang, May 5, 2005
    #11
  12. kingdoneg

    kingdoneg Private E-2

    I have run the HJT both in SAFE & NORMAL mode and posted the results below. I was unable to find any of the corrupted files you requested but did download windows XP service pack 2. Hope fully this will resolve my virus problem. I have also download some of your suggested program protections.

    The notable difference in my PC was a very slow mouse curser. I don't know the cause,but after rebooting it started to perform to it's normal standard.

    I hope this helps you, thanks for your support.
     

    Attached Files:

    kingdoneg, May 5, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're log is now clean. How are things working now?
     
    chaslang, May 6, 2005
    #13
  14. kingdoneg

    kingdoneg Private E-2

    I have been working on my PC all day without any problems at all. I am so greatful to you. Thanks for all your help.
     
    kingdoneg, May 6, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 6, 2005
    #15
  16. kingdoneg

    kingdoneg Private E-2

    Once again thanks for your help. The only problem I am having now is the erattic movement of my mouse. I currently use a cordless mouse and quite it slows down or stops working altogether. I have changed the batteries, cleaned it inside and out. Updated the driver that didn't need updatingand restarted my computer. All to no avail. It works fine for a while and then slows down to a crawl. Then inexplicably, stars working fine again without rhyme nor reason? I have also find that my key board (also wireless) has also begun to operate when it likes. I'll press the keys and nothing happens then another time everything works fine!

    Any advice will do. Thanks
     
    kingdoneg, May 10, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Sounds like you either have:
    1) defective hardware or something still needs to be cleaned
    2) or you have interference from something in the vicinity

    You could try leaving a message in the Hardware Forum about this.
     
    chaslang, May 10, 2005
    #17

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds