Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problems


  • This topic is locked This topic is locked

#16
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looking good Macedon. :)

Now for some housekeeping and one final scan to make sure we didn't any.

First,

Please seriously consider removing

µTorrent
PPMate Network TV 2.0.0.40
UUSee НшВзµзКУ [4.4.1102.18]
UUSee ІҐ·ЕІејю»щґЎ°ь 4.4.0.69
.

Want to know why? They can be used to exploit vulnerabilities making them security threats to your system.
Read the articles from the following links below to learn more.

The Dangers of P2P File Sharing
The Dangers of Peer-to-Peer (P2P) File Sharing
The Dangers of P2P Networks


If you wish to proceed with the removal,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

µTorrent
PPMate Network TV 2.0.0.40
UUSee НшВзµзКУ [4.4.1102.18]
UUSee ІҐ·ЕІејю»щґЎ°ь 4.4.0.69


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\uTorrent
C:\Program Files\PPMate
C:\Program Files\uusee


next,

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

then,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Finally,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

Advertisements


#17
Macedon

Macedon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok Koko.

First of all i didnt uninstalled E-torent. Hope you dont mind as i havent used it last week since we talked. Out of precaution i will consider uninstalling it later.

I did uninstalled the ppmate and uusee programs though, along with combofix.

Considering ATF cleaner i allready had it installed after i read the "How to post on this forum" thread. I understand that the sweeping is to allow faster scanning. But since i ran the cleaner three days ago and had some difficulties putting together my bookmarks, i only cleaned the "main" option and not firefox again.

And finally the log from ActiveScan:


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-03 17:48:40
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Process.exe
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Vangel Ivanov\Application Data\Mozilla\Firefox\Profiles\wojhusih.default\cookies.txt[.statcounter.com/]
00224391 adware/startpage.amb Adware No 0 Yes No c:\documents and settings\vangel ivanov\favorites\online games
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Vangel Ivanov\Desktop\Flash_Disinfector.exe[nircmd.exe]
00861842 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCheck.exe
00863965 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaValidate.exe
00864649 Generic Backdoor Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\Windows Vista All Versions x86 x64\VistaCrack.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Vangel Ivanov\Desktop\SmitfraudFix\Reboot.exe
02377451 Adware/SaveNow Adware No 0 No No F:\System&Utilities\Software\Utilities\bsplayer227.958_clip.exe[AdVantageSetup.exe]
02917987 Generic Malware Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\2) XP-sp2 and Server 2003\iNGEn_XPsp2.exe
02960480 Trj/Qhost.IB Virus/Trojan No 0 Yes No F:\System&Utilities\Software\Utilities\Make Your Windows Genuine - For XP,Server 2003, Vista - iNGEn\WINDOWS XP and Server 2003\1) Windows XP SP2 V2.1\iNGEn_XPsp2_v2.1.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#18
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Macedon,

Your copy of Windows is not legitimate. We are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitimate copies of Windows.

Thank you for understanding.

This topic is closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP