Announcement

Collapse
No announcement yet.

Virus ???? pls help

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Virus ???? pls help

    About an hour ago I clicked on a link and got a popup asking me to install some anti virus software. I hit cancel and then the computer opened up my documents folder and seemed to install something really quick so I didn't see what it was. The only thing there now is a word document called jessica alba which contained a picture of someone else . The screen then flickered a couple of times and it seemed like for a minute or two I had lost graphics drivers. I also had a usb stick inserted which opened up in the folders window as well. I've got ad - block and Security essentials and am doing a full scan now. How ****** am I ? should I just re-install ?

    Edit* I can get Sophos virus protection from my college, is it any good ?
    Last edited by Fargo; 18-10-2009, 00:04.
    Tags: None
    #2
    Many people recommend AVG or Avast! Get Spybot too.

    Unplugging your computer from the internet before scanning is sometimes a good idea.

    Comment

      #3
      Used to have a lot of people running into this (or similar) when I was working, it assisted in killing 2 of my PC's.

      The IT guy had to install AVG on all our PC's which helped stop the initial stumble, I would suggest Spybot full scan and all that, followed by a Avast install? I personally found AVG to frustrating to work, I hear it suits a lot of others though

      IIRC that thing you have collected gets into the registry btw

      Comment

        #4
        malwarebytes is a good add on too its free and compliments the others suggested

        Comment

          #5
          Wow, I didn't know viruses still used Word Macros...

          There's a chance not only windows is infected, but it will have spread to your office documents.

          Golden Rule for fake malware dialogue boxes: click the X not cancel (and definately not ok) or hold down escape. If that fails, ctrl+alt+delete it.

          get hijack this, run a scan, post the log here. I suspect you'll have something not easy to uninstall but it's worth a try. Also, you're probably getting a fake anti-virus saying "You are infected", post the name of it and there may be an automated removal tool.

          As for my recommendations for anti-malware: Comodo is a pretty effective combination firewall/anti-virus. You can still fall victim to stuff but it's very hard for something to install or send your details to a server. Malwarebytes is one of the best scanning tools.

          Do not rely on AVG (or at least AVG alone), AVG will not stop things installing which makes it useless for regenerative viruses (ie most of them). I stopped using it because it only detected stuff once it was installed.
          Last edited by abigsmurf; 18-10-2009, 14:10.

          Comment

            #6
            Don't forget to press ALT and F4 together should a dodgy popup appear, too.

            Works successfully 8 times out of 10.

            Comment

              #7
              The ultimate annoyance:
              Code:
              <script>
function annoying()
{
alert ("annoyed yet?");
annoying();
}

annoying();
</script>

              Comment

                #8
                Sophos seems to have deteched and deleted a trojan. I'm presuming that was what I got from the popup. Hopefully thats the end of it. Cheers for the advice

                Comment

                  #9
                  Sadly if that's the end of it, I'll be amazed.

                  Reboot your PC, do another scan. Does it detect it again?

                  Comment

                    #10
                    Originally posted by abigsmurf View Post
                    Sadly if that's the end of it, I'll be amazed.

                    Reboot your PC, do another scan. Does it detect it again?
                    I do a reboot and further scan in the morning so. I had my bloody ipod and everything plugged it at the time

                    Comment

                      #11
                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 21:47:52, on 18/10/2009
                      Platform: Unknown Windows (WinNT 6.01.3004)
                      MSIE: Internet Explorer v8.00 (8.00.7100.0000)
                      Boot mode: Normal

                      Running processes:
                      C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
                      C:\Program Files (x86)\Steam\Steam.exe
                      C:\Program Files (x86)\uTorrent\uTorrent.exe
                      C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
                      C:\Program Files (x86)\Java\jre6\bin\jusched.exe
                      C:\Program Files (x86)\iTunes\iTunesHelper.exe
                      C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
                      C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
                      C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
                      C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
                      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                      C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                      F2 - REGystem.ini: UserInit=userinit.exe
                      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                      O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
                      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
                      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
                      O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE. EXE /FU "C:\Windows\TEMP\E_SFCA.tmp" /EF "HKCU"
                      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
                      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
                      O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
                      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
                      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
                      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
                      O13 - Gopher Prefix:
                      O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
                      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
                      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
                      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
                      O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
                      O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
                      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
                      O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
                      O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32serve r.exe
                      O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64serve r.exe
                      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
                      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
                      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                      O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
                      O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
                      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
                      O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
                      O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
                      O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
                      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
                      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
                      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
                      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
                      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
                      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
                      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
                      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
                      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

                      --
                      End of file - 9337 bytes

                      Thats the log file from Hijack this

                      Comment

                        #12
                        Looks clean.

                        Lots of weird and unusual services with missing files which are probably leftover from an infection but there's nothing there that looks harmful.

                        Comment

                          #13
                          Cheers for the help mate, really appreciate it

                          Comment

                          Previous template Next
                          Working...
                          X

                          We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                          By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                          I Agree