• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Viruses and spyware deteced wont stop need help

I have been getting a lot of fake trojans and fakeav. Alot of the spyware is marked removed but the viruses are only blocked I have run norton and I am to date on live update. I have run spyware doctor it just keeps finding and removing the same things and so does malewarbytes . here is a list of the ones that are not going away.

Adware.lop blocked several times

Trojan.FakeAV blocked many times

tried running Hijackthis but The option to run as admin is not there so it is denied access

and im running malwarebyts to get the log file to post  not sure what to do about hijackthis

Replies

Kudos1

Re: Viruses and spyware deteced wont stop need help

Jerry,

Can you boot into SAFE mode and run Norton from there?

Otherwise I believe that turning off System Restore my stop malware from being reinstalled but wait for someone more knowledgable to help about that one.

But if you can boot into SAFE Mode which usually involves pressing a specific KEY while booting up and which depends on your computer so check your instructions.

Hugh
Kudos0

Re: Viruses and spyware deteced wont stop need help

I can do either. and safe mode is F8 when booting on mine but turning off restore was first thing i did when the problem presented itself. Should I go run Norton in SAFE. It finds everything but only blocks the high risk. and it comes right back. But if you think it would be better in safe mode I can do that.

Kudos0

Re: Viruses and spyware deteced wont stop need help

OH I though I should also mention my windows mail errors out and i Cant receive my mail at the moment either so this is getting out of hand it all started yesterday.

Kudos1

Re: Viruses and spyware deteced wont stop need help

HI Jerry015,

I'd like to suggest that you run the NBRT (Norton Bootable recovery tool). This tool has the same scanning engine as NIS but because it is run in an off-line mode it has a better chance of proper detection.

You can download this from: http://security.symantec.com/nbrt/nbrt.asp

Please see instructions on how to create the CD from here.

When you boot to the NBRT, pay careful attention to whether the tool is able to download new definitions, the date of last definitions will be noted at the bottom of the screen.

If this date does not change then you will need to create a Custom NBRT containing your network drivers. The reference link I posted also includes instructions on this.

Note: If possible download this tool and create the NBRT from a non-infected computer.

Please let us know how it goes.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: Viruses and spyware deteced wont stop need help

I only found instructions on how to update NBRT does not say how to put it on disk its only a .exe file not in image file such as ISO or anything.

Kudos0

Re: Viruses and spyware deteced wont stop need help

Not sure if this will help was able to run Hijackthis But i expected more it scanned and finished in like 5 seconds and posted this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:15 PM, on 7/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jerry\AppData\Local\Temp\Lgl.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [BroadCam] "C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe" -logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [JDK5SWFMZY] C:\Users\Jerry\AppData\Local\Temp\Lgl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB0B6EF-2D2F-47E3-83EA-9843EF7BA09C}: NameServer = 24.25.5.147,24.25.5.148
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Video Streaming Server (BroadCamService) - NCH Software - C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca26fe790bb4a6) (gupdate1ca26fe790bb4a6) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14250 bytes

Kudos0

Re: Viruses and spyware deteced wont stop need help


Jerry015 wrote:

I only found instructions on how to update NBRT does not say how to put it on disk its only a .exe file not in image file such as ISO or anything.


Hi Jerry015,

At the link I posted there are two links within the document itself. One is a link to a PDF document which then contains a link for downloading the ISO,  from which you can create the initial NBRT CD. The link for NIS ISO is:

ftp://ftp.symantec.com/public/english_us_canada/recovery/2009/NIS/recovery_nis_x86.iso

I would recommend burning the CD initially with this. Once you boot to your NBRT, and try to do a scan it will attempt to download new virus definitions from the Internet. Just notice the date at the bottom of the screen and make sure it updates to today's date. If it still retains a date of (I believe) October 2009 or some other past date, it would be an indication that you need custom network drivers to access the Internet from the NBRT. This is when you would need a Custom NBRT containing your specific network card drivers.

The PDF document linked also contains information about how to burn the ISO to CD if you don't already have such an application.

You might be interested to know that a new NBRT is in BETA now and will make this process MUCH easier. It is a fully self-contained package which will do everything for you. I expect this new version of NBRT to be released at probably around the same time as NIS 2011, sometime this fall.

Hope this helps and please let us know if you have any problems creating the NBRT CD.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: Viruses and spyware deteced wont stop need help

Hi Jerry015,

Are you using 32 or 64 bit Windows?

I see indications from the log you just posted that you also have Spyware Doctor. I would recommend removing this as it will not play nicely with NIS. Did you have Spyware Doctor installed when you first installed NIS?

Do you have any other security (anti-virus, etc) software installed?

Thanks very much.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: Viruses and spyware deteced wont stop need help

I installed spyware doctor yesterday i was trying everything to make it stop. Normally the only things i use is Malwarbytes and NIS . I am running 64 bit windows Vista Home Premium

Kudos0

Re: Viruses and spyware deteced wont stop need help


Jerry015 wrote:

I installed spyware doctor yesterday i was trying everything to make it stop. Normally the only things i use is Malwarbytes and NIS . I am running 64 bit windows Vista Home Premium


Hi Jerry015,

Thanks very much for the update. I understand where you are coming from. I think we can probably deal with getting rid of Spyware Doctor a bit later one but let's not lose sight of this.

Let's see if you are able to burn the NBRT ISO image to create the CD and try to do an offline scan. Have you tried to burn the CD yet?

I have also asked a colleague to take a second look at the HijackThis log.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos2

Re: Viruses and spyware deteced wont stop need help

Jerry015 -

I looked at your HiJackThis log and you have some very serious infections.  If you still have problems with the NBRT, I would suggest a look at www.bleepingcomputer.com .  You have a double trojan running and the longer you stay on the net the worse it will get.

Win7 x32 SP1
Kudos0

Re: Viruses and spyware deteced wont stop need help

Hi Dbrisendine,

Thanks for taking a second look at the log. And I whole heartedly agree if there are problems getting the NBRT going, then BleepingComputer is the absolute best alternative.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: Viruses and spyware deteced wont stop need help

Hi Jerry015,

If you have trouble getting the NBRT going you should go to BleepingComputer as mentioned by Dbrisendine as the most important thing is getting rid of your infections.

If you do open a ticket with them be sure to include a copy of HijackThis as I am sure they will want to see this. Also be aware that once you ask for their assistance they have very strict rules that you cannot continue asking for help elsewhere. They do this because they don't want to run the risk of you getting any other advice which can make their already difficult job, even more difficult.

But whether you use the NBRT or go to BleepingComputer please be sure to keep us advised of the status.

Once your infections are clean we can further assist you in getting things related to NIS, etc back to normal.

Until this is cleaned I would highly recommend you keep yourself disconnected from the Internet. Only connect back to the Internet when absolutely necessary until your computer gets a clean bill of health or when the NBRT needs to go online to download new definitions.

Best wishes and please don't waste any time on this.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: Viruses and spyware deteced wont stop need help

C:\Program Files (x86)\Internet Explorer\iexplore.exe          Times 5,  acted on maybe

C:\Users\Jerry\AppData\Local\Temp\Lgl.exe

Quads

Kudos0

Re: Viruses and spyware deteced wont stop need help

Hey guys sorry for the delay I have been keeping it disconnected I have been a little busy and it was late when I started this Topic I will run NRBT  and then see what happens then I will try bleeping if neede which probably will. Thanks for all the help so far . the Iexplore is really annoying it makes mouse click sound every so often its annoying i keep closing it.

Kudos0

Re: Viruses and spyware deteced wont stop need help

I thought i should add theres ielowutil.exe running as well.

Kudos1

Re: Viruses and spyware deteced wont stop need help

That particular .exe should be connected to the running of Internet Explorer.  You should find it in taskmanager. Just check the spelling and location of the file to be sure.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Viruses and spyware deteced wont stop need help

Sorry guys cant get my computer to boot that NBRT or whatever it is. I tried booting from disc and booting from  a USB drive. I hit F12 it pulls up boot menu I select my DVD drive and it just goes to windows same with the Flash and even set them up as the first boot device. I formatted the flash drive and everything correctly I dunno why everything is being a pain.

Kudos0

Re: Viruses and spyware deteced wont stop need help


Jerry015 wrote:

Sorry guys cant get my computer to boot that NBRT or whatever it is. I tried booting from disc and booting from  a USB drive. I hit F12 it pulls up boot menu I select my DVD drive and it just goes to windows same with the Flash and even set them up as the first boot device. I formatted the flash drive and everything correctly I dunno why everything is being a pain.


HI Jerry015

Were you able to burn the NBRT .iso image to a CD using something like Roxio CD Creator.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos2

Re: Viruses and spyware deteced wont stop need help

As mdturner indicates, you can't just copy the NBRT file to the CD (or to a thumbdrive) and have it boot. You have to burn the image using a special part of your CD burning software or use a dedicated program.

Although I have a general program I use ImgBurn to take a downloaded ISO file and make a bootable CD from it -- it's free and very very easy to use:

http://www.imgburn.com/ 

Don't be put off by that blue invitation to have your PC checked! I wouldn't use it but the people are reputable and ImbBurn is safe.

Just click on the Downloads TAB and download the latest version.

One can go from an ISO to a bootable thumbdrive but it is more complicated so use the CD route would be my advice.

Hugh
Kudos0

Re: Viruses and spyware deteced wont stop need help

I used the same software I always use to burn the Image. I used UltraISO

Kudos0

Re: Viruses and spyware deteced wont stop need help

OK Jerry -- I just didn't know how you'd done it and wanted to eliminate one possiblity.

Hugh
Kudos1

Re: Viruses and spyware deteced wont stop need help

HI Jerry

Since the NBRT route isn't working for you then you should follow the advice given earlier by dbrisendine and AllenM to go to the free malware removal forum at Bleeping Computer as they will be able to help with their specialist tools.

www.bleepingcomputer.com

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: Viruses and spyware deteced wont stop need help

Do you guys know what exact viruses I am dealing with so i can explain to them  i dunno where to start over there.

Kudos0

Re: Viruses and spyware deteced wont stop need help

HI Jerry015

If you post your HijackThis log over there they will be able to see what dbrisendine was referring to when indicating "serious infections" in an earlier post to you.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: Viruses and spyware deteced wont stop need help

Hello Jerry015

I would describe to them the symptoms you have been having and the malware you do know you had. Please read the instructions on how to set up an account and I think it also tells you what tests to run. Once you do start with them, they do have strick rules about going to other sites for help and also running or doing things to your computer other than what they tell you to do.

Put in your subject what you mentioned in your first post in this thread.


Adware.lop blocked several times

Trojan.FakeAV blocked many times


Success always occurs in private and failure in full view.
Kudos1

Re: Viruses and spyware deteced wont stop need help

Bleeping Computer also have tools like I have to look deeper into the Computer to get more information and or programs that can give bigger more detailed logs.

Quads

Kudos0

Re: Viruses and spyware deteced wont stop need help

Thanks for trying guys. Ill post any progress or solutions I find out.

Kudos0

Re: Viruses and spyware deteced wont stop need help

Hi Jerry015,

Yes, please keep us posted on the progress. Once BleepingComputer starts helping you with this we cannot provide any more guidance (per their rules) on the malware removal aspect but you are allowed to keep us posted as to status.

We all wish you the best and will be happy to hear when your computer gets a clean bill of health.

Once your computer is clean we can pick up here again and make sure that NIS is operating normally after all this.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19

Replies are locked for this thread.