bestfriends virus
Started by
almcg
, Oct 27 2004 01:08 PM
#16
Posted 11 November 2004 - 04:54 PM
#17
Posted 11 November 2004 - 06:59 PM
Try reseting your IE settings to default. On your IE toolbar click Tools -> Internet Options... -> the Advanced tab, and the Restore Defaults button.
#18
Posted 11 November 2004 - 11:25 PM
I restored them, but there isn't a change. The message still comes up.
#19
Posted 11 November 2004 - 11:34 PM
I fixed a friend's computer a couple of weeks ago and she had a problem downloading items off of certain sites, such as Pandasoftware...the message you are getting is the same message her computer received which denied me the ability to download. Are you just getting the message or are you unable to download?
#20
Posted 12 November 2004 - 10:53 AM
I'm getting the message, but if I click on it to allow blocked content, I can download things.
#21
Posted 12 November 2004 - 11:17 AM
That's just XP's security measures... it stops drive by downloads. You can lower your security in Tools if you want...
#22
Posted 12 November 2004 - 03:08 PM
I can't lower them any lower than they already are. And if that is the case, why was this not happening before? It is also happening to a friend who had the same virus previously...
#23
Posted 12 November 2004 - 03:14 PM
You must be very frustrated, I can sympathize.
I previously asked why you think you still have the virus? What is occurring now - "the warnings" - may be due to what mpfeif101 explained earlier.
Why don't you try downloading firefox in my signature and use that as your browser and see if you experience the same problems? It may just be a glitch in IE. I will continue looking into the best friends virus to see what I can come up with.
If you have any of the data of what occurred when you were infected with the best friends virus, that would be helpful.
I previously asked why you think you still have the virus? What is occurring now - "the warnings" - may be due to what mpfeif101 explained earlier.
Why don't you try downloading firefox in my signature and use that as your browser and see if you experience the same problems? It may just be a glitch in IE. I will continue looking into the best friends virus to see what I can come up with.
If you have any of the data of what occurred when you were infected with the best friends virus, that would be helpful.
#24
Posted 12 November 2004 - 03:29 PM
As I said in my initial post, I had clicked on something in an away message which then added files to my computer and put the same away message on my screen name for AIM. I first scanned with symantic because that is the softward that the college I attend provides. It found a file named "best friends" and so I deleted it. I also scanned with Ad-Aware SE and spybot and deleted everything they found. In addition, my friend who also had the virus instructed me to remove "Viewpoint" and "Mediapiayer" from my registry whereever they were found. So I did that as well. I also ran the all other scans as suggested through this thread. I hope that helps.
I downloaded FireFox and it doesn't seem to have the same problem...
I downloaded FireFox and it doesn't seem to have the same problem...
#25
Posted 12 November 2004 - 03:44 PM
firefox is a much better browser which is much cleaner...i believe i know of the virus u have...its from a picture source u might have clicked and then prompts you to download something, u must be really careful to download these things, try booting up in safemode, removing aim, and scan with pandasoftware off of firefox, then run a trojan scan (The Cleaner- google that and click on the companies website) then please download the CCleaner(same instructions for downloading that as the cleaaner) and run that too
please post back and see if that helped any
please post back and see if that helped any
#26
Posted 15 November 2004 - 06:32 PM
Sorry it took me a while to respond...
While in safemode I:
1) I removed AIM
2) I couldn't run the pandasoftware off of Firefox, it said I needed to use IE v. 4 or higher. So I ran it on IE and it didn't find anything.
3) I downloaded and ran The Cleaner and it found some Gator files on my old hard drive (I recently upgraded my computer and all of my old hard drive was transferred to my new hard drive.) I told it to remove this files, but when the scan had completed, I couldn't see the bottom of window so I'm not sure if I needed to do anything else.
4) I downloaded and ran CCleaner and it found and removed a bunch of stuff under Windows. I also scanned for Issues and it found a lot, but I didn't want to fix them because I didn't know if they were actually issues, or what they were.
Let me know if there is anything I can post that may help. I haven't restarted out of safe mode yet, though, to see if anything is better.
While in safemode I:
1) I removed AIM
2) I couldn't run the pandasoftware off of Firefox, it said I needed to use IE v. 4 or higher. So I ran it on IE and it didn't find anything.
3) I downloaded and ran The Cleaner and it found some Gator files on my old hard drive (I recently upgraded my computer and all of my old hard drive was transferred to my new hard drive.) I told it to remove this files, but when the scan had completed, I couldn't see the bottom of window so I'm not sure if I needed to do anything else.
4) I downloaded and ran CCleaner and it found and removed a bunch of stuff under Windows. I also scanned for Issues and it found a lot, but I didn't want to fix them because I didn't know if they were actually issues, or what they were.
Let me know if there is anything I can post that may help. I haven't restarted out of safe mode yet, though, to see if anything is better.
#27
Posted 15 November 2004 - 07:26 PM
You're not going to be able to run the scan in Firefox because it doesn't support ActiveX. Will you please reboot, post a HJT log, and tell us if the problem persists. If so will you please take a pic of your screen and post it here (Click the prt scr button on keyboard).
#28
Posted 15 November 2004 - 09:29 PM
I rebooted, but the IE problem didn't go away. Here is my HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 10:25:26 PM, on 11/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alicia\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.etown.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
Logfile of HijackThis v1.98.2
Scan saved at 10:25:26 PM, on 11/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alicia\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.etown.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
#29
Posted 15 November 2004 - 09:32 PM
I understand how to take the picture of my screen, but how do I post it?
Thanks for all of your patience and help so far!!
Thanks for all of your patience and help so far!!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users