Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

badjoke infection


  • This topic is locked This topic is locked

#16
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's reset IE to the default settings, follow the instructions below please.


1. Restore Internet Explorer default settings.
  • Open Internet Explorer
  • Go to Tools > Internet Options
  • Click Advanced Tab
  • Under "Reset Internet Explorer setting", click the Reset Tab.
  • Put a check mark on Delete Personal Settings.
  • Click Apply > OK.
Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.


2. Click Start > Run > copy-paste the bolded text below > press Enter. A text file will pop up, please post the contents of that file.

"C:\Qoobox\Add-Remove Programs.txt" > uninstall.txt& start uninstall.txt


  • 0

Similar Topics: badjoke infection     x


#17
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
ok, that seems to have ie back to normal now, thanks. here is the log:


3Connect
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Agere Systems AC'97 Modem
AlphaZIP
Apple Application Support
Apple Software Update
avast! Free Antivirus
Conduit Engine
DivX Setup
DVDVideoSoft Toolbar
Evrsoft First Page 2006
Facebook Plug-In
FBP - Facebook Blaster Pro
Free Studio version 5.0.9
GIMP 2.6.8
Google Chrome
Google Update Helper
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hotspot_Shield Toolbar
Intel® Extreme Graphics 2 Driver
Java Auto Updater
Java™ 6 Update 23
K-Meleon 1.5.4 en-US (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Miro
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NirSoft VideoCacheView
Phoenix Twitter Desktop
QuickTime
RealPlayer
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sophos Anti-Rootkit 1.5.4
SUPERAntiSpyware
Tudou Downloader(xmlbar)(remove only)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
WebFldrs XP
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZTE_1.2059.0.8
  • 0

#18
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
i probably should have mentioned this before, although i don't think it's down to any malware, but my mbam isn't working properly. it won't update anymore and it won't uninstall either so i am unable to do much about it. when the virus first started causing problems again it wouldn't enable it to get online and i couldn't update so i went into town with a flash and DLed mbam onto the flash and then tried to transfer it onto my system. this didn't seem to work as i'd hoped and i have had this problem ever since. do you know any other way i could remove it, it has been a pretty handy program in the past so i would like to keep a working copy if possible.

when i try to remove it, whether through the mbam uninstall or through add/remove i just get a box appear saying:

Runtime Error (at -1:0):

Cannot Import dll:F:\mbam\Malwarebytes' Anti-Malware\mbam.dll

Edited by jhnb, 02 July 2011 - 08:28 AM.

  • 0

#19
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
You can try the free version of Revo Uninstaller to remove MBAM.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#20
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
the eset scanner found 4 infections, here's the log:



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e7a03f511d3820479ad80eee250e6772
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-04 12:56:47
# local_time=2011-06-04 10:56:47 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 36869388 36869388 0 0
# compatibility_mode=1024 16777215 100 0 36452971 36452971 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 769437 769437 0 0
# scanned=70384
# found=2
# cleaned=2
# scan_time=7941
C:\Documents and Settings\jhn barrett\My Documents\Downloads\HSS-1.41-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jhn barrett\My Documents\My Videos\Miro\Miro_Installer.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
DLL:pipe not connected. attempts=120
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e7a03f511d3820479ad80eee250e6772
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-02 07:40:32
# local_time=2011-07-03 05:40:32 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 39313550 39313550 0 0
# compatibility_mode=1024 16777215 100 0 38893533 38893533 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3209999 3209999 0 0
# scanned=73955
# found=4
# cleaned=0
# scan_time=7219
C:\Documents and Settings\jhn barrett\Desktop\installers\produkey.zip Win32/PSWTool.ProductKey application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Evrsoft First Page 2006\Iscripts\Games\games-scripts.izs JS/BadJoke.KillFiles.A application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B1345870-9C57-4F74-84F2-0A7BFF5F33FC}\RP280\A0203691.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
  • 0

#21
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How's the computer running now?


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :Files
    C:\Documents and Settings\jhn barrett\Desktop\installers\produkey.zip
    C:\Program Files\Evrsoft First Page 2006\Iscripts\Games\games-scripts.izs
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


3. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Click download to download the file and install it by following the prompts.

  • 0

#22
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
i hope this is right, that is all the otl log produced:



========== FILES ==========
C:\Documents and Settings\jhn barrett\Desktop\installers\produkey.zip moved successfully.
C:\Program Files\Evrsoft First Page 2006\Iscripts\Games\games-scripts.izs moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 07052011_012604


both jre and adobe reader have been uninstalled and reinstalled. i have been able to get online a lot better now, although the computer itself still seems very slow, keeps hanging while i type and i get 'not responding' in ff now and then. it is a pretty old computer tho so i wouldn't expect it to be too quick. if i see how things go for now and i get back to you if any problems re-occur. would it be possible to keep this thread open for say a week just in case? the thing is it's hard to tell as the problem has never been constant, rather it tends to come and go.


edit: i now seem to have no adobe acrobat. just to clarify, adobe acrobat and adobe reader are the same thing yes? as in adobe acrobat reader. i'm now wondering if i uninstalled the wrong thing and re-installed something else. the download i got seemed to install as a ff extention. i just tried to open a pdf online and it had no option for a pdf reader to see it and now i notice that pdf files i have on the computer are showing the unknown file format icon. have i got this wrong or what?

Edited by jhnb, 05 July 2011 - 12:32 PM.

  • 0

#23
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
I'm not sure what happen there but you can simply re-download and re-install it again from the link I provided, you must see "Adobe Reader X (10.1) (37.86 MB)" as the file named in the link, save it to your desktop and the installer's file named should be "AdbeRdr1010_en_US" once downloaded.
  • 0

#24
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
i just worked it out, when i open the link in ff it opens a different page to what it did when i opened it in kmeleon. see the difference in the file size in these screenshots. the first is kmeleon and the second and third are ff and shows the screen that it takes you to when you click to DL while in ff. when i clicked the button in kmeleon it opened the DL window and didn't open that page at all. i don't know if it was just me but i thought it might be worth looking into it so you can let people know.

Posted Image



Posted Image



Posted Image
  • 0

#25
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Good job and thanks for letting me know. How's the PC running?
  • 0

#26
jhnb

jhnb

    Member

  • Member
  • PipPip
  • 17 posts
it seems ok'ish, no problems getting and staying online but the computer does still seem a lot slower than normal. i have managed to locate a new screen for my other laptop so i can live with this until i get that one fixed up now, this is still handy to keep as a spare if needed tho. the main problem that is worrying me at the moment tho is with mbam, i uninstalled with the program you recommended and then i re-installed. but i still cannot get it to update which is the problem i had with it before, so i'm thinking it is something on my system that is causing the problem. when i try to update it goes to start then a window opens with this:

an error occured. please report the following error code to the mbam support team.

error code:732(0,0)

i don't know if you have any suggestions. i can live with it for now tho, so i will get back if it causes any major problems. i just like to have mbam on here as its been very helpful in the past.

thanks so much for your help tho :)
  • 0

#27
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

From this link: http://forums.whatth...howtopic=106689

Please add the following files to Avast exclusions:
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\WINDOWS\system32\drivers\mbam.sys
  • C:\WINDOWS\system32\drivers\mbamswissarmy.sys
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

If you don't know how to exclude them then please refer to this topic, it is in post #2 (post by Bluesman).



==========================


Try this please and check if the PC speed improves.


1. Please check volume for errors.
  • To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.



2. Please go to this link -> http://www.bleepingc...tutorial55.html and follow the steps to perform a Disk Defragmentation.
  • 0

#28
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured