Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bestfriends virus


  • Please log in to reply

#16
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
As I stated a few posts ago, every time I go to any web page (at all) a warning comes up saying "to help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options..." It started doing this right after I got the bestfriends virus. While I've gotten rid of the other components of the bestfriends virus, this is still happening. Last time I posted this, you asked what my IE security settings were, and so I replied with them, but nothing was ever said back to me...
  • 0

Advertisements


#17
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Try reseting your IE settings to default. On your IE toolbar click Tools -> Internet Options... -> the Advanced tab, and the Restore Defaults button.
  • 0

#18
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I restored them, but there isn't a change. The message still comes up.
  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I fixed a friend's computer a couple of weeks ago and she had a problem downloading items off of certain sites, such as Pandasoftware...the message you are getting is the same message her computer received which denied me the ability to download. Are you just getting the message or are you unable to download?
  • 0

#20
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm getting the message, but if I click on it to allow blocked content, I can download things.
  • 0

#21
mpfeif101

mpfeif101

    Member 1K

  • Retired Staff
  • 1,411 posts
That's just XP's security measures... it stops drive by downloads. You can lower your security in Tools if you want...
  • 0

#22
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I can't lower them any lower than they already are. And if that is the case, why was this not happening before? It is also happening to a friend who had the same virus previously...
  • 0

#23
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You must be very frustrated, I can sympathize.

I previously asked why you think you still have the virus? What is occurring now - "the warnings" - may be due to what mpfeif101 explained earlier.

Why don't you try downloading firefox in my signature and use that as your browser and see if you experience the same problems? It may just be a glitch in IE. I will continue looking into the best friends virus to see what I can come up with.

If you have any of the data of what occurred when you were infected with the best friends virus, that would be helpful. <_<
  • 0

#24
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
As I said in my initial post, I had clicked on something in an away message which then added files to my computer and put the same away message on my screen name for AIM. I first scanned with symantic because that is the softward that the college I attend provides. It found a file named "best friends" and so I deleted it. I also scanned with Ad-Aware SE and spybot and deleted everything they found. In addition, my friend who also had the virus instructed me to remove "Viewpoint" and "Mediapiayer" from my registry whereever they were found. So I did that as well. I also ran the all other scans as suggested through this thread. I hope that helps.

I downloaded FireFox and it doesn't seem to have the same problem...
  • 0

#25
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
firefox is a much better browser which is much cleaner...i believe i know of the virus u have...its from a picture source u might have clicked and then prompts you to download something, u must be really careful to download these things, try booting up in safemode, removing aim, and scan with pandasoftware off of firefox, then run a trojan scan (The Cleaner- google that and click on the companies website) then please download the CCleaner(same instructions for downloading that as the cleaaner) and run that too

please post back and see if that helped any
  • 0

Advertisements


#26
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry it took me a while to respond...

While in safemode I:

1) I removed AIM

2) I couldn't run the pandasoftware off of Firefox, it said I needed to use IE v. 4 or higher. So I ran it on IE and it didn't find anything.

3) I downloaded and ran The Cleaner and it found some Gator files on my old hard drive (I recently upgraded my computer and all of my old hard drive was transferred to my new hard drive.) I told it to remove this files, but when the scan had completed, I couldn't see the bottom of window so I'm not sure if I needed to do anything else.

4) I downloaded and ran CCleaner and it found and removed a bunch of stuff under Windows. I also scanned for Issues and it found a lot, but I didn't want to fix them because I didn't know if they were actually issues, or what they were.

Let me know if there is anything I can post that may help. I haven't restarted out of safe mode yet, though, to see if anything is better.
  • 0

#27
mpfeif101

mpfeif101

    Member 1K

  • Retired Staff
  • 1,411 posts
You're not going to be able to run the scan in Firefox because it doesn't support ActiveX. Will you please reboot, post a HJT log, and tell us if the problem persists. If so will you please take a pic of your screen and post it here (Click the prt scr button on keyboard).
  • 0

#28
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I rebooted, but the IE problem didn't go away. Here is my HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 10:25:26 PM, on 11/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alicia\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.etown.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#29
almcg

almcg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I understand how to take the picture of my screen, but how do I post it?

Thanks for all of your patience and help so far!! <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP