Malware problems, dont know if related to the last one or not.

Hi,

I just started having trouble last night. My mouse cursor seems to have a mind of it's own, and flies wildly around the browser opening menu items, and then freezes. I rebooted, then reinstalled the optical mouse via the disc. I had to run SpybotS&D and AdAwareSE in safe mode, because they both froze. I did the RAV online scan as well. Spybot and RAV said the machine is clear. AdAware found some items and deleted (2 of them had to be deleted on reboot) The problem seemed resolved last night.

Today, it's happened a few times now, plus I'm getting booted offline. The computer has frozen a few times and I'm unable to even use my windows key and keyboard commands. I just finished a Panda online scan and in excess of 20 malware items were found. The activescan report is in the attachment.

I dont know if any of this is related to the last problem I had or not. PhilliePhan did a great job helping me during this:

http://forums.majorgeeks.com/showthread.php?t=54761

Please help again?

 

Hi Chaslang and thank you! I did all the steps in the tutorial.

Symantec online found:

c:\ezStub.exe is infected with Adware.Ezula
c:\WrapperOuter.exe is infected with Adware.VirtualBouncer
c:\!Submit\SSTUP4.DLL is infected with Adware.Look2Me
c:\!Submit\DXMSSHRN.DLL is infected with Adware.Look2Me
c:\Program Files\TopConverting\arkanoid\arkanoid.exe is infected with Adware.ClickDLoader.B
c:\WINDOWS\exdl.exe is infected with Adware.BargainBuddy
c:\WINDOWS\cxtpls_loader.exe is infected with SecurityRisk.Downldr
c:\WINDOWS\cxtpls_loader.exe is infected with Spyware.Apropos
c:\WINDOWS\edow.exe is infected with Adware.Websearch
c:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites
c:\WINDOWS\Downloaded Program Files\webdlg32.dll is infected with Adware.Iwantsearch
c:\WINDOWS\Downloaded Program Files\YSBactivex.dll is infected with Adware.Istbar
c:\WINDOWS\SYSTEM\setup_incred_1.exe is infected with Adware.Incredifind
c:\WINDOWS\SYSTEM\mqexdlm.srg is infected with Adware.BargainBuddy
c:\WINDOWS\SYSTEM\laptreg.exe is infected with Spyware.Apropos

TrendMicro Houscalls found:
(not easy since they didn't include an option to log, so I shot a screen shot and copied from that)

TROJ MIEWER.A NONCLEANABLE C:\SYSTEM\1803.dll
TROJ MIEWER.A NONCLEANABLE C:\SYSTEM\pop7.dll
HTML COOLWEB.A NONCLEANABLE C:\application data\S...
TROJ RBLAST.DLL NONCLEANABLE C:\WINDOWS\Downloaded Prog...
TROJ SMALL.ACD NONCLEANABLE C:\WINDOWS\d8.exe

my Stinger scan came up clean. (?)

It's hard for me to fathom why all these different scans all say something different.

It's all still happening, and rather frustrating.

My hijackthis.txt is in the attachments, and thank you again for help.

 

They merely detected them, nothing was fixed.

I cannot run the online scans in safe mode, the computer wont connect at all in safe mode.

 

I'll give it my best shot.

It's been a long time since I eradicated MTX from my oldest computer (2000) so I dont remember how to do a ms dos prompt and deletion. Maybe doing the safe mode boot and deletion will work, as I remember ms dos was really complicated.

I know that IE homepage seems a bit odd to anyone else, but I am the help faq moderator at garageband.com and pretty much live there and have since 2000. That is their "who's in the BBS?" page and when my machine works I might hit that page several hundred times a day. I use Metacrawler as my default search page, and have hot keys to it on my keyboard.

The latest victim in my system is now my xkeys supplimental keyboard isn't working, or I'd be able to hit one key and the quote tags would enter without me having to type them.

will do, and I guess I better get to work. Thank you for help!

 

I do need more help, no matter what I do, it's now worse. Now, I cant even use the machine for more than a few minutes without it freezing up and requiring restart, regardless of regular or safe mode. I started a scan online, but it froze. (I'm posting from my laptop now.) the mouse cursor still flies all over the screen just before it freezes. I cant stay online on it for more than a few minutes usually.

I've looked in the files when I can manually, and don't see any of the malware I'd listed before has come back, but obviously something is going on that isn't being picked up by scans. I just wish I would have made back up copies of all my files a little more recently than last year.

I installed the AVG, but it says the machine is clear.. gut instinct and current events tells me something is still wrong.

(I should have chosen computers for electives in highschool, instead of music and sports)

 

That was how they were listed on the scan report. I did find those and deleted them.

When I was here before, I was grabbing the link to the page (tutorial) that had the scans on them. Apparently, even though I did check here for any new information in this thread, I didn't see any then. Glad I see them now, and just downloaded the tool, and copied your instructions on MS DOS prompt to a word pad so if needed I can use those. I'm unable to redo any of the online scans on this machine. Gotta go before the few minutes online is up before this posts.

 

Since the desktop computer is compromised, I'll be checking for updates in this thread with this laptop computer.. considering what happened before. My humble apologies that happened. I'm running the tool on the desktop now, and realized I needed the MSDOS info on this computer, since I wont be able to read a wordpad doc on the other. I can read them from the laptop while I work on the desktop.

 

I ran the istbar fix which said:

Symantec Adware.Istbar Removal Tool 1.0.7


Adware.Istbar has not been found on your computer.

Panda online scan said:


Adware:Adware/eZula No disinfected
Windows Registry
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/BHO No disinfected
Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/SBSoft No disinfected C:\WINDOWS\Application Data\SBSoft
Adware:Adware/TopConvert No disinfected
Windows Registry
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.???
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM\javex80.vxd[nls.exe]
Adware:Adware/SBSoft No disinfected C:\WINDOWS\Downloaded Program Files\webdlg32.inf
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.inf


Symantec online scan earlier said:

c:\_RESTORE\TEMP\BRIDGE.0 is infected with Adware.WinFavorites
c:\_RESTORE\TEMP\WEBDLG32.0 is infected with Adware.Iwantsearch

I will try the msdos eradication, but this computer is acting really messed up. It's taken me about four hours just to do those two scans, (to stay online) and to post this.

 

problem 1.

Before starting the MS DOS, I ran registry mechanic which said there were no problems. (and according to that earlier scan, there was) I did this in safe mode, as well as AdAwareSE, and SpybotS&D. Spybot said there were no problems, and AdAwareSE found only the usual Alexa, and removed that.

Problem 2.

that option doesn't exist on my winME shutdown menu. Only standby, restart and shutdown.

So... I found my old rescue disc floppy, and somehow stumbled my way into ms dos, but in A:\, figured out how to get it to C:\

Then, I typed in:

cd \ (and hit enter key)
attrib -s -h -r ezStub.exe (enter key)

and the error that came up was "bad command or file name".

with this one "cd c:\Windows" I got the error:
"Too many parameters - c:\Windows"

same with "cd c:\WINDOWS\Downloaded Program Files\"

When I tried just typing in WINDOWS\Downloaded Program Files, I got
"bad command or file name"

I'm thinking best to stop here, and wait until you see the two scan results I printed in one of my latest posts. Then follow the directions which may now differ. Thank you again, for your help and patience

 

chaslang, here's what is so strange (see attached screen shot)

Actually, that box remained checked from when PhilliePhan helped me with that last mess. I'd forgotten to uncheck the box afterwards, and I was surprised when I went to go disable it, that it was still off. The hiddens are all still checked to show as well. This computer isn't acting the way it should (insert totally perplexed look here)

I'll go get the laptop, copy all of the above and get to work, and thank you!

 

(from laptop, with ms dos eradication going on desktop)

I just wanted to let you know that last process is working. Most of what is coming up is "file not found" which I hope is a good thing, and means that my original deletion is still holding.

My question now would be, is there a ms dos command which addresses those which are in the registry? Since Registry Mechanic, AdAwareSE and spybot all claim it's clear, yet that scan shows:

Adware:Adware/eZula No disinfected
Windows Registry

Adware:Adware/BHO No disinfected
Windows Registry

Adware:Adware/TopConvert No disinfected
Windows Registry

or is that a step beyond where I am now?

thank you!

 

I just hit a snag on this:

cd c:\WINDOWS\Downloaded Program Files\

the error that comes up: "Too many parameters - Program"

 

I need to go do the laundry that I put off yesterday. am leaving the machine on in the section I got stuck at (downloaded program files) and will get back as quick as I can.

 

back, and still stuck at this step:

thank you in advance

 

someone suggested this:

cd c:\windows\downlo~1

and I can now continue with the steps

 

except that no matter which I type in, the error "bad command or file name" comes up.


attrib -s -h -r bridge.inf
attrib -s -h -r webdlg32.dll
attrib -s -h -r YSBactivex.dll

plus those in the newer list in this section.

 

thank you chaslang for trying.

Life is just too short for me to beat this dead horse any longer, I'm now restoring it to factory defaults.

 

Please allow him some time to post you a fix as he is extremely busy. Hang in there a little longer

 

chaslang, there is no need for any of the eradication techniques now. I gave up, restored the computer and it is as clean as virgin snow now. (well okay, perhaps snow in some desolate area far from any city pollution!) First three stops were here to grab AVG and Zone Alarm downloads, create the rescue discs... and I will install all the MS updates and the zillion other things I need in my day to day surfing tomorrow. (AdAwareSE, SpybotS&D, etc etc etc)

I am very grateful for all your efforts, but frankly, this machine not only stole three days of my life, but I'd simply had enough. It was either that or sledgehammer in the driveway. Enough is enough and I called out "Dégagé!!" after my seventh attempt to click the one button promising my freedom from being held hostage by this compromised machine. There it beckoned, one click away, yet the mouse kept freezing. Finally, I was able to click "restore to factory defaults"

During Friday's eradication, I was unaware that my roof leaked into the piano causing major damage to it and I didn't find out until 9am Saturday. My child doesn't understand now why she cant play the piano or her little games on "mommy's computer". Something had to give, or I was soon to wind up in a rubber room over it.

I'm also very grateful for all the easy downloads your site has set up, so I didn't have to risk surfing all over the place to get the utilities I need to protect it, now that it is clean.

What I discovered when reinstalling my keyboard and mouse, is that the mouse hardware was shot, and I retired it to the great cheese wheel in the sky and set up my Christmas present... a wireless mouse. Everything is running just garoovy now, and I am off to bed to rest up for a long long long long day of accepting EULAs, setting prefs and wrangling this machine back to where I had it, (sans.... the cooties, naturally ).

Thank you again for being there!