Computer Virus

[Savor the Stick]

Quote:

Originally Posted by icehog3

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore

I had the same thing happen to mine. I hate these v's

[SeanGAR]

Ran a scan on a student's computer yesterday. She had around a dozen viri/trojans and around 60 spyware program instances (bunch of different ones) including this fake antivirus thing. Had to do some manual registry edits as well as dos boot antivirus scans and spybot. Quite a royal mess. Now I need to convince her to install Linux.

[RGD.]

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes

A month or so ago I had it real bad and took two weeks working with the guy that developed that and with the Eset team. In the past I have just done a format - don't have the time now so I was determined to clean it. There is a previous post I made on it somewhere.

Here is one of my logs from when I had it - it will give you some of the file names to look for and delete:

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyappf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm87154a51 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\javomanene (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sekuseva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sekuseva.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SysWOW64\wilelazi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\SysWOW64\sekuseva.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\awtsqoNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLedcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnKbcBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnoopN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJcAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxXPfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyApPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lamahazi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Also on edit: When a window pops up - don't click to stop it. Go to your processes and stop the iexplore32 process.




Ron

[rack04]

A couple years ago I came to the realization that Antivirus software is not something that I needed. As long as you don't open email attachments from people you don't know and don't download programs from unknown sources I think you should be OK. I've been clean and sober for 2 years.

[poker]

Malwarebytes and AVG AV is what I use.

[dunng]

Quote:

Originally Posted by poker

Malwarebytes and AVG AV is what I use.

Same here and for most of my home users...

Quote:

Originally Posted by poker

Malwarebytes and AVG AV is what I use.

Malwarebytes is awesome. It was recommended by our IT guys when my mom's system slowed to a crawl. It found 75 problems. Once I ran it and followed the instructions it started running just fine. I use the free version, and just scan it once a week.

I wish I could use AVG, but the company requires that I run McAfee and I hate it.

[icehog3]

Quote:

Originally Posted by butterB

buy a Mac... all your virus problems will be gone

Next computer.

Quote:

Originally Posted by RGD.

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes

Ron

Thanks Ron.

[icehog3]

Ron, I looked at the website but was not sure which download was the right one, can you guide me?

[AD720]

Quote:

Originally Posted by icehog3

Ron, I looked at the website but was not sure which download was the right one, can you guide me?

Tom it looks like Ron went offline - I believe this is the free trial of the latest version:

http://download.cnet.com/Malwarebyte...=dl&tag=button