Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Bancos - Is my machine being used as a spam bot? [Solved]


  • This topic is locked This topic is locked

#16
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I reran it and it failed each time at the very same point.

So, when I got the initial problems, I paused the scan and did the fix.

The next time I ran a quick scan, got two more problems and it failed at the same point. So, I reran it and paused it when the two problems came up and did the fix.

I reran the scan again and had no more problems up to the point where it fails.

Here are my two logs:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/05/2010 at 08:32 AM

Application Version : 4.38.1004

Core Rules Database Version : 5035
Trace Rules Database Version: 2847

Scan type : Complete Scan
Total Scan Time : 00:03:41

Memory items scanned : 687
Memory threats detected : 0
Registry items scanned : 7686
Registry threats detected : 10
File items scanned : 0
File threats detected : 16

Adware.Tracking Cookie
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@questionmarket[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@doubleclick[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@serving-sys[3].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@mediaplex[2].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@advertising[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@yieldmanager[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@imrworldwide[3].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@zedo[4].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@atdmt[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@insightexpressai[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@apmebf[1].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt

Browser Hijacker.Tubby
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

Adware.Flash Tracking Cookie
C:\Users\The Reeve Family\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8H9HTUT2\MSNBCMEDIA.MSN.COM


The second log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/05/2010 at 09:45 AM

Application Version : 4.38.1004

Core Rules Database Version : 5035
Trace Rules Database Version: 2847

Scan type : Quick Scan
Total Scan Time : 00:03:17

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 691
Registry threats detected : 0
File items scanned : 0
File threats detected : 2

Adware.Tracking Cookie
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@zedo[4].txt
C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Cookies\the_reeve_family@atdmt[1].txt
  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well done that man. :)

How is your machine now?
  • 0

#18
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you so much!

I'm testing the computer right now. I did have it lock up on me while using Windows Media Center streaming to my tv which is connected to my computer as a second monitor. I had to do a hard boot as my cursor was even gone and I couldn't even bring up my task manager to kill the application.

I'm retrying the test to see if it was just something or if it is a pattern.

Also, I haven't had any bounce-backs off my email, but I deleted my contact list about a week ago before we started working on this.

Do you have any ideas?

  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AZCMer,

I did have it lock up on me while using Windows Media Center streaming to my tv which is connected to my computer as a second monitor. I had to do a hard boot as my cursor was even gone and I couldn't even bring up my task manager to kill the application.


I think that is a technical problem.

You could try running chkdsk and sfc /scannow just to make sure there are no bad patches on your disk and no corrupt or missing system files.

CHKDSK (short for Checkdisk) is a command on computers running DOS, OS/2 and Microsoft Windows operating systems that displays the file system integrity status of hard disks and floppy disk and can fix logical file system errors.

How to run Chkdsk using the Command Line:

Before running Chkdsk, be aware of the following:

* Chkdsk requires exclusive access to a volume while it is running. Chkdsk might display a prompt asking if you want to check the disk the next time you restart your computer.

* Chkdsk might take a long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

* Chkdsk might not accurately report information in read-only mode.

Now

Go to Start > Run and type:

chkdsk C: /f /r note the spaces. They are meant to be there.

Hit OK

If chkdsk does not start immediately reboot your computer. Chkdsk will run during the start up process. It can take a very long time... so be patient.

After that

Go to How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7

Some of it is a bit complicated but if you take your time you should be fine.

If your machine is still experiencing problems after that you could look at starting a topic in the Vista/Windows 7 Operating System forum here http://www.geekstogo...dows-7-f79.html.

for now

I think your machine is clean.

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

Next, we need to clean your restore points and set a new one:

Please go here for directions on how to do this. You need to turn System Protection off to delete all old restore points, reboot and then turn System Protection back on to create a new restore point.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.

  • Click Start > Control Panel > Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#20
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you so much for your kind patience and help. I do appreciate the time and resources you have provided here.

Thank you, thank you, thank you.

>>I don't think I can thank you enough. You have helped save a fairly new machine from becoming a problem.

I appreciate your guidance and advice. I've learned a lot these past couple of days.

Thanks again, AZCMer

  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You are very welcome. Posted Image

I will keep this topic open for a day or two in case any issues arise.
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP