Norton 360 has found virus/spyware on my system but after fix.....problems accure

Well this is my sister computer using my norton 360 but when she use the IE to browse the internet she always get pop-up waring her aboout  an web page wanted to use a program on her computer and is givin 2 options to do so the problems is that she cant allow/ dont allow it...since the pop-up is frozen, so when i see such things... i guess her computer is infected...so i run a compenhensive scan on the computer and found out there is an virus/spyware.

 

After that i think she told me there is a pop up from a chinese web page she has clicked accidently...and downloaded a programs... which i think is the actually the virus...

 

Now the system is really low compare to it newly state...(she has this computer 2-3 months...)

 

Can anyone help me doing a scan or check any unusal status on the system?? what is the first step i ned to do before i know im infected/ has been spyed on lol??

 

Once again thanks you.

Hi polo

 

Welcome to the Norton Community

 

Which version of N360 do you have?

 

I would recommend as a first step to run a full scan with the free version of Malwarebytes.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread. You can post the log by using the add attachment below the post button. Thanks

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.

Check in your Task Manager to see if there are any processes running in the name or similar to the popup.  If you find a process, end it and then run Malwarebytes.  Also can you give us a Hijackthis log.  Download the .exe file to the desktop and run from there.  The log can be posted by using the "add attachments" link below the orange post button.

 

http://free.antivirus.com/hijackthis/

 

 

 

Message Edited by delphinium on 12-16-2009 01:51 PM

hi floplot ,

 

My version is a retail version from shop... is norton 360 3.0

 

and ive runned a full scan already...and checked there is a track cookies. and is been solve etc..but the thing is she said there is a program she cannot remove and she think is a viruse : name called ku6speedupper.exe

 

That program cannot be remove from add/remove program etc...

 

And when she used the IE there is a Pop-up said windows host process (rundll31) some web page try to open or use a program from you computer with only allow/dont allow...but sometime it frezze up -.- i clicked dont allow...since i was on google...and i guess no program want to use any program while im on goolgle home page if you know what i mean...

 

well i will run a full scan with malwarebyts :D and show you my log.

That the Hi jack this report and the malwarebytes is still scanning :S and found 1 so far…

there we go....ive found out 1 trojan horse....

 

Trojan.BHO    c\:programdata\partner\partner.dll

 

 

shall i remove it ?? with malwarebytes....

Yes have MBAM remove that entry.  I will attempt to locate an analyst for the HJT Log.

yeah nice one :D well she want to remove this program called ku6speedupper.exe from her computer do you think that the cause of all these problems...e,g slow my computer down etc?

 

 

Anyway thnks for your great work :D hope to hear from you about that report log.. of HJT.

 

 Kind Regards

Polo

It would seem likely that it is the cause.  If you are able to open task manager, are you able to see it running under processes.  If so, end the process and update Malwarebytes again.  Run another full scan.

polohaha -

 

Run HiJackThis and mark (check) the following -

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [¼«ËÙ¿á6] "C:\Program Files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe" /start
O4 - HKLM\..\Run: [???6] "C:\Program Files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe" /start

 

Then click on "Fix checked" on the Main menu.

After you remove the start-up entrie of that Ku6SpeedUpper.exe , go to its destination in C:\Program files\ ... and send the file to Symantec https://submit.symantec.com/websubmit/retail.cgi

 

This would help them analyze it and create a signature or some other update.

Message Edited by 3GUSER on 12-16-2009 08:58 PM

polohaha wrote:

yeah nice one :D well she want to remove this program called ku6speedupper.exe from her computer do you think that the cause of all these problems...e,g slow my computer down etc?

 

 

Anyway thnks for your great work :D hope to hear from you about that report log.. of HJT.

 

 Kind Regards

Polo


Hi Polo,

 

I did a quick research on the KU6 SpeedUpper. This seem to be a program related to handle logins and more on ku6.com which looks like an asian movie/news page similar to YouTube and others.

 

It is not a threat/infection, but if you install this program you will get a lot of notification boxes and questions. This is because it will try to log in to the site and if you do not have an account it will give an error upon boot. Your startpage in IE will be set to new one by the program (this is probably stated in the installer but I do not understand the language). You will also get asked to install language packs on several occations if your OS is of a different language than the sites/program.

 

Simply uninstalling this program from Add/Remove programs should do just fine. You will however need to change the start page of IE manually afterwards.

 

If anyone is interested in what the installer does you have a ThreatExpert analysis on the link below.

http://www.threatexpert.com/report.aspx?md5=b1df1304e6321939c265effcfa1a5224 

 

The HijackThis log looks ok otherwise.

 

Regards

jAW


jAW wrote:

 

Your startpage in IE will be set to new one by the program (this is probably stated in the installer but I do not understand the language).


Actually, when looking at your log it does not seem as you have any change in the startpage. Either you changed it already or you unchecked that option when installing the program. I installed it with all settings as predefined.

 

Regards

jAW

Ive fixed the checked items...but here i saw still 1 left on 04 line.

 

So im just wondering is it still infected? kenal32?? or something?? i think it was....when i clicked items info etc.

 

Anyway here the Update.

 

Thanks Guys :D

 

Ive neve been fixing a computer myself -,- all i do is recovering it...but now ive got 360 norton i wonder will it really protect me 100% hehe?

Hi Delp :p ive run a full scan again and will wait for the scan finish then will give you updated log again, also you mean end task it right? ive done that.. but internet exploro keep asking me to allow/dont allow a program to be used on my computer etc...so i clicked Dont allow...it sometime freeze and make me retype... -,-

 

so i will get back to you ASAP :S thanks you guys so much... i was so lost..and my sister expect me to fix this....but you know...im not as clever as you guys :( , i just cant do it...and dont know how to deal with virus/trojan etc.

 

Any tips i can do next time if i recon there is something wrong e,g virus infections ?

Hi jaw :D

 

Ive try to look inside of add/remove program...but is seem not in there :S i looked were it installed...shall i just click the file and delete from my program file??

 

And shal i go to msconfig to change the start up unchecked then so it wont start up auto??

 

And also thanks for the webpage about installer :D this will give her an idea what to do etc in future.


polohaha wrote:

Hi jaw :D

 

Ive try to look inside of add/remove program...but is seem not in there :S i looked were it installed...shall i just click the file and delete from my program file??

 

And shal i go to msconfig to change the start up unchecked then so it wont start up auto??

 

And also thanks for the webpage about installer :D this will give her an idea what to do etc in future.


I think that the installed program only lists as SpeedUpper with a green icon but I do not have access to a machine where I can check it on atm. You should be able to find it on Add and Remove Programs, on the startmenu as Uninstall under SpeedUpper or a file called Uninstaller.exe in the C:\Program Files\¿á6Íø\¼«ËÙ¿á6 folder.

 

If you cannot find any of the uninstallers you could fix the O4 - HKLM\..\Run: [???6] "C:\Program Files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe" /star and then delete the ¿á6Íø folder from C:\Program Files. This would however leave a lot of remains in the system that uninstalling the program properly would remove.

 

Regards

jAW

Hi polo

 

How about trying to clean it up with ccleaner if you know how to use that program properly without deleting anything which you shouldn't delete.?

CCleaner? nope not used it before ...ummm btw ive had an full scan from MWAB again(malwares thingy...) and is show no sight of viruse, but i still get an pop up after reading what everyone was saying i think is also the internet exeploror has error or whats...

 

Any other way i can remove that ku6speedupper.exe? and i cannot find it anywere frommy start menu or add/remove didnt show too...

You can open Hijackthis again and tick the entries indicated by jAW. Then click "Fix"

 

O4 - HKLM\..\Run: [???6] "C:\Program Files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe" /start

 

 

You can also do a search.  Start>Run>search>for files and folders for "Ku6" and see what comes up on the search.  If all else has failed you can delete items from there.