Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unstopable chinese popups [RESOLVED]


  • This topic is locked This topic is locked

#16
Zraller

Zraller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Mike,
Everything seems to be ok...however I do notice something new. When I try to watch a movie online with my netflix i get "The instruction at "0x00000000" Referenced memory at "0x00000000". The memory could not be read" and explorer wants to either shut down or debug. Something that is the same is the debuging part, when this all started I got a lot of popups that made the computer go into debugging mode. I suspect maybe thats how they got a foothold the first time. So now I just shut down explorer. But maybe that has nothing to do with anything and I just have a wrong driver or something. Let me run your lates list of things and I will let you know.

Thanks very much for your help,

Steve

Edited by Zraller, 12 July 2008 - 11:01 AM.

  • 0

Advertisements


#17
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
OK, let's see what the scan catches and we will go from there :)
  • 0

#18
Zraller

Zraller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey Mike,
Wow, that scan took a long time.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 12, 2008 19:40:49
Records in database: 945956
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 311251
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 06:35:59


File name / Threat name / Threats count
C:\System Volume Information\_restore{AAA3F75C-BE01-4EC4-AC6B-BDC4D8C39304}\RP1474\A0278343.DLL Infected: Trojan-Spy.Win32.Pophot.bjy 1
C:\System Volume Information\_restore{AAA3F75C-BE01-4EC4-AC6B-BDC4D8C39304}\RP1474\A0278393.DLL Infected: Trojan-Spy.Win32.Pophot.bjy 1
C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp Infected: Trojan-PSW.Win32.QQPass.jd 1

The selected area was scanned.
  • 0

#19
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Looks good :) Just as a reminder, like I said before you had a lot of password stealers on your computer - make sure that you changed the passwords.
For your other issue, I don't believe its malware related and I wouldn't be of much help, so try posting in the Operating system forums here at geekstogo.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp
    C:\Program Files\Internet Explorer\PLUGINS\unixsys08.sys
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

And your logs look clean :)

Let's remove the tools I had you use.

You can keep or uninstall MalwareByte's Anti-Malware - it's up to you.

Please open OTMoveIt2:
  • Double click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.
  • Check the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Wait while your system deletes existing Restore Points, this may take a few moments.
  • Uncheck the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Your system will now create a new Restore Point.

Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to aviod downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web broswer. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.

Edited by Mike, 13 July 2008 - 04:30 AM.

  • 0

#20
Zraller

Zraller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Mike I will get to these last few things tonight and post reply - thanks again for all of your help.

Steve
  • 0

#21
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
OK :)
  • 0

#22
Zraller

Zraller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK Mike I did everything however I don't know how I did it but the OTMoveIt folder is gone so I don't have a log to post. What would you like me to do??? :)
  • 0

#23
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
The cleanup deleted the OTMoveIt folder, if everything is OK your good to go :)

Any questions?
  • 0

#24
Zraller

Zraller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope. Everything is seems fine. :)

Thanks much,

Steve
  • 0

#25
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Gad to hear it is all running well :)

Take care and have a great day still!

Mike
  • 0

Advertisements


#26
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP