Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm getting thousands of Symantec email pop-ups, Please help!


  • This topic is locked This topic is locked

#16
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hi, I'm still having some problems disableing Norton 100%, I'm not sure what version I'm runing but none of the instructions on that link you sent works so I just did same thing as before and disabled Nortons indivisulel funktions.

Here's the MalwareBytes log:
---------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4379

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

02/08/2010 15:32:22
mbam-log-2010-08-02 (15-32-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 345254
Time elapsed: 2 hour(s), 32 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0084711.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  • 0

Advertisements


#17
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And here's the Kaspersky log:
P.S in the log I think I saw some stuff about 'system restore' or 'rescue and recovery'; I'm only bringing this up as when windows starts I'm getting a crash/error mesage about rescue and recovery not being able to start.

-----------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 03, 2010 00:18:13
Records in database: 4157054
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 214576
Threats found: 4
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 06:35:45


File name / Threat / Threats count
C:\Documents and Settings\geoffrey\My Documents\Azureus Downloads\Multimedia Fusion 2 + Extras.rar Infected: Trojan.Win32.Agent.ekhn 2
C:\Program Files\Multimedia Fusion 2\Extensions\kcmouse.mfx Infected: Trojan.Win32.Agent.eerw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir_ Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pciide.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0084637.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP339\A0084663.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP340\A0084996.exe Infected: Trojan.Win32.Buzus.evrv 1
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP340\A0084997.exe Infected: Trojan.Win32.Buzus.evrv 1

Selected area has been scanned.
  • 0

#18
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello skinny,

Those logs look fine, but I'd like more info about that error.

Could you give me a screenshot of it?


Follow the instructions here:


How to post a screenshot


Also, what is the make and model of your computer?

Other than that error, how's it running?
  • 0

#19
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Awesome!
The machine is a Lenovo 3000 N200 with 3 gigs of ram.
It now seems to be running just fine, I've just re-enabled Nortons outward email scanner and the spam seems to have stoped!

I've attached the screen shots; I clicked on the "show technical data" button so you can see all the details.

Should I be worried about any external hard drives and usb sticks that may have been conected to this machine while infected?
I use a number of large external drives one of which was very briefly conected to the machine when this all started. I was also using an SD card to move all the OTL, Combofix stuff I downloaded from a second machine (as the fist thing I did when this computer became infected was to disconect it from the internet). This seconed machine has now allso become infected and I'm concerned it might have caught something from the SD card.

However, befor all this happend I was also using both machines to download torrent files (which I now know can be a sure fire way of catching viruses) so I might not neserseraly be down to me using this same card on both machines.

Attached Thumbnails

  • error-1.jpg

  • 0

#20
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
#2

Attached Thumbnails

  • error-2.jpg

  • 0

#21
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
#3

Attached Thumbnails

  • error-3.jpg

  • 0

#22
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Well, if your other computer is infected then you could just go ahead and follow the GUIDE and post here.

As far as that error goes, there doesn't seem to be a solid fix for it online. The only thing I can think of to do, is to download a new version from HERE and uninstall the version you have now and then reinstall with the updated package. I'd suggest you start a new topic in the Applications forum. Make sure you include a link back to this topic.


Also, from your logs you seem to be running AVG and Norton. Running more than one Antivirus is bad. The different Antiviruses can conflict, and they can also cause your computer to bog down. Having multiple Antiviruses on your computer actually places it at greater risk of infection, since all the Antiviruses are fighting each other. Please only use one.

Let's make sure your removable drives are clean. You may also want to scan them with MBAM after running the following program.


Step #1


Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.


  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Excellent Job! :) The logs appear to be clean!

We now need to finish cleaning up



Step #1


Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2


Please Re-Open OTL and click the Cleanup button to remove all the tools we used as well as OTL.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster - to help prevent spyware from installing in the first place.
  • SpywareGuard - to catch and block spyware before it can execute.
  • IESpy-Ad - to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
  • Google Toolbar - Get the free google toolbar to help stop pop up windows.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And to help keep your system clean I recommend running one or two of these free malware scanners weekly


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a different Internet Browser


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It is also extremely important to keep your operating system up to date:

Turn on automatic updating
  • Click Start.
  • Select Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Have a Backup Plan

Keep a backup of your important files - This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To learn more about how to protect yourself while on the internet read these articles:
Safe Computing! :)

~Cold Titanium :)
  • 0

#23
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hi, I can't figure out how to get mbam to scan my external drives, I'm sure I'm missing something really odviouse but at the moment it will only scan C:

thanks
  • 0

#24
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Click Perform Full Scan and then click Scan. A box should pop up asking you to choose which drives to scan. Put a check-mark on the drives you want scanned and then click scan
  • 0

#25
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
awesome! I think I was clicking quick scan instead.
thanks again
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP