Win32Bugbear.a

Discussion in 'Malware Help (A Specialist Will Reply)' started by riprock, Mar 16, 2006.

  1. riprock

    riprock Private E-2

    First thanks then help.
    To Abby Sue and Chaslang for helping me help my son with his computer. I think we needed to give you more, but he is happy with what he has. While reading everything on your site, (Great Site) I decided to do a complete check on mine and found it had a few problems. I hope I hope I did all the right things. Attached files Bdscan1.txt , Activescan.txt, Blarc and HJT
    Thanks
    Riprock
     

    Attached Files:

    riprock, Mar 16, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    What are the below items for that show in your Panda log?

    C:\Program Files\Support.com\backup\in\inbox\98229510_5dd44f2b6_[Secret sister.doc.exe]
    C:\Program Files\Support.com\backup\in\inbox\98229510_5dd44f2b6_[setup.exe]
    C:\Program Files\Support.com\backup\in\inbox\130716929_596a530d3_[Secret sister.doc.exe]
    C:\Program Files\Support.com\backup\in\inbox\130716929_596a530d3_[setup.exe]

    Who is backing up files into this Support.com folder? Panda indicates they are infected. It also shows the below to files having the same infections as the above:

    C:\Documents and Settings\ALARRYP\Application Data\Mozilla\Profiles\larry\yd9jp15w.slt\Mail\pop.erols.com\inbox[Secret sister.doc.exe]
    C:\Documents and Settings\ALARRYP\Application Data\Mozilla\Profiles\larry\yd9jp15w.slt\Mail\pop.erols.com\inbox[setup.exe]

    Bitdefender also indicates they are infected!

    Is this really stuff from ComCast as your HijackThis log shows in the below line?
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

    If so, read the below! Perhaps you should uninstall this program unless it is something you really thing you will need. The fact that it is backing up malware makes me wonder about it.
    http://www.bleepingcomputer.com/startups/tgkill.exe-5733.html


    The only item in your HijackThis log that you need to fix is below:
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
     
    Last edited: Mar 17, 2006
    chaslang, Mar 17, 2006
    #2
  3. riprock

    riprock Private E-2

    Chaslang

    What are the below items for that show in your Panda log?
    Answer
    I have no clue; I thought support.com was part of Comcast. Should I try to manually delete this stuff?

    C:\Program Files\Support.com\backup\in\inbox\98229510_5dd44f2b6_[Secret sister.doc.exe]
    C:\Program Files\Support.com\backup\in\inbox\98229510_5dd44f2b6_[setup.exe]
    C:\Program Files\Support.com\backup\in\inbox\130716929_596a530d3_[Secret sister.doc.exe]
    C:\Program Files\Support.com\backup\in\inbox\130716929_596a530d3_[setup.exe]

    Who is backing up files into this Support.com folder? Panda indicates they are infected. It also shows the below to files having the same infections as the above:
    Answer
    No One that I know of, I see Erols.com in the profiles that hase not been used in years. Should I try to manually delete this stuff?

    C:\Documents and Settings\ALARRYP\Application Data\Mozilla\Profiles\larry\yd9jp15w.slt\Mail\pop.erols.com\inbox[Secret sister.doc.exe]
    C:\Documents and Settings\ALARRYP\Application Data\Mozilla\Profiles\larry\yd9jp15w.slt\Mail\pop.erols.com\inbox[setup.exe]

    Bitdefender also indicates they are infected!

    Is this really stuff from ComCast as your HijackThis log shows in the below line?
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    Answer

    I know I have Comcast Broadband, but I have no clue if the above is real or not.

    Thanks
    riprock
     
    riprock, Mar 17, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We will be deleting those files eventually but first I want to check on this Support.com stuff to see if it is actually installed.

    Let's get an installed programs list from HijackThis!

    Run HijackThis, click Open the Misc Tools section
    Click Open Uninstall Manager
    Click Save List (generates uninstall_list.txt)
    Click Save, to save it to a file where you can find it.
    Upload this file as an attachment.
     
    chaslang, Mar 17, 2006
    #4
  5. riprock

    riprock Private E-2

    Re: Chaslang Win32Bugbear.a

    List attached, It is installed just not sure if it something I need for getting on line. disabled it with Start up inspector, still have a connection. should I remove?
    Riprock
     

    Attached Files:

    riprock, Mar 19, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Chaslang Win32Bugbear.a

    Yes! I would uninstall it. Most of the time ISP put lots of junk on your PCs and usually none of it is required to get a connection. Sometimes for DSL providers you do need some software to dial into their PPPoE interface to login. But that has nothing to do with this ComCast Support stuff.

    I seriously doubt you need the below too:
    BroadJump Client Foundation

    Is this also part of ComCast?

    You also need to update to the current Sun Java and then uninstall the old one you have (Java 2 Runtime Environment, SE v1.4.0_03)

    What do you use the below for:
    WexTech AnswerWorks
     
    chaslang, Mar 19, 2006
    #6
  7. riprock

    riprock Private E-2

    Chaslang, I don’t have a clue about WexTech AnswerWorks first time I have noticed it. I can remember getting rid of Comcast Support and , BroadJump Client Foundation, one of them prevented me from getting back on line so I went through the installation avian. I do not knowingly use Sun Java is this something I need or can I get rid of that as well? I will get rid of Comcast support and see what happens.
    riprock
     
    riprock, Mar 19, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall WexTech unless you know you need it! See: http://www.wextech.com/

    Yes you need Sun Java but you must stay updated. That is what I'm saying. This along with many other important tips are covered in the below link.

    If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Mar 19, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds