08-09-2009 10:28 AM - last edited on 08-09-2009 03:05 PM by shannons
I think i just got hit with this same problem. last night i was checking my email and this pdf file tries to open and then a song track starts to play out of my speakers. i closed the pop up windows that resulted and ran my norton and spybot programs but nothing came back so i just closed my computer and went to bed. today my computer is acting really slow and firefox is haviing issues trying to start up.
I should say that spybot keeps blocking b.exe from running because i wont allow the "value change ". i read some other posts on this issue and found the a.exe b.exe and c.exe files in my temp folder. i deleted them and emptyed the trash but b.exe and 2 other files remained. i have downloaded HJT and posted the log result blow. also i ahve downloaded and installed Malware bytes and it isscanning my C (local dick) D (partiation) and E (stroage drive) drive currently.
im not sure what else to do... can you please give me some advice?
[edit: Changed subject for clarity.]
Solved! Go to Solution.
08-09-2009 10:35 AM
You can try scanning with:
malwrebytes - www.malwarebytes.org
Superantispyware - www.superantispyware.com
Should help... :-)
08-09-2009 11:00 AM
thanx for the info... im running malware bytes right now... its found 7 infected files and has been running for about 35 min... once its done i plan to install and run SUPERAntiSpyware and see if that cleans this stuff off my computer.
08-09-2009 11:15 AM - last edited on 08-09-2009 11:28 AM by shannons
CRAP! now i got something else running on my computer called msa.exe... its taking up more memory than fire fox.... What is msa and how do i get rid of it????
08-09-2009 11:50 AM
that msa.exe is related to the b.exe.
try installing and updating SAS (and make sure MBAM is also updated) then restart ur pc in safe mode and do a full scan with both.
08-09-2009 12:07 PM
Mattsegers has given you some very good advice. I would also like to see you disconnect from the internet while running the scans, disable your system restore, clear your browser caches, and dump all recent temp files. When you get to your temp folder, you will be able to click on view in the menu bar, by modification date. Choose a time well before the date of infection and dump everything after that point.
MBAM and SAS should clear whatever has been causing the problem. We do not have a HJT analyst available online at the moment, but we will ask you to produce another log once all the scans have been completed. If anything is left that cannot be deleted by either of those programs and Norton, then we have a problem.
In the meantime, remain calm, you have at least six hours of scanning time ahead of you. Been there, done that.
08-09-2009 12:34 PM
thank you for the info again... i run a custom buid PC with XP and i am having trouble getting it to boot into safe mode. after pressing f8 it asks for a first boot device and lists both of the HD and my dvd drive.... but nothing about safe mode. i am not sure if i should just discoonect from the internet (my computer is disconnected and i only reconnect it to reply to these messages... thank god for ipod touch) and run the scans normally because i am unsure how to load safe mode. i contacted my friend who helped biuld this computer and he tells me i should just back up my files (did that as soon as i noticed something was wrong yesterday) and reformat my computer.... but i would like to avoid that as much as possable.
any ideas on how to load safe mode?
08-09-2009 01:18 PM
No kidding. I would not choose to reformat for anything less than a major disaster, which this probably isn't. You might be tapping F8 late. Try again as soon as you reboot, and tap repeatedly until the safe mode menu comes up. You should have a choice of start normally, safe mode, safe mode with networking, and last good configuration. It's been a long time since I was there and the memory isn't what it used to be.
This link also provides information
If you are still unable to get into safe mode look at this info
08-09-2009 05:40 PM
ok i got the boot safe mode thing worked out... pressing f8 to early i guess. i ran MBA and SAS in safe mode and claned some tracking cookies and 2 trojan viruses off the computer, and just finised running MBA and SAS in normal mode. SAS found only 63 tracking cookies which i was able to delete, however i was unabe to see the cookie folder when i went to the dir abvoe it. i attached the log files for HJT and MBA below. MBA returned 9 times infected and i beleve it only removed 4 of them. im not sure what else to do but i am happy to report that a.exe b.exe and c.exe files are gone from my temp folder (deleted them from the folder afer the safe mode vuris scans) and i can no longer find them when running search. can you please check my HJT results and let me know if there is anything elsae i nned to do?
thank you again for every ones help.
08-09-2009 05:46 PM
MBAM will delete the others when it reboots the PC in the log it states that by saying "Delete on Reboot"
You also have Spybot S&D in realtime (TeaTimer etc).