Jump to content
Sign in to follow this  
Gamekid

Infections

Recommended Posts

Gamekid   

Running a full scan with AVG 8.0, I came across the folloiwng. I would have posted this on the AVG forum, but no such option exists.

 

AVG 8.0

File

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00002

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005:\$JK\utility.dll

 

Infection

Trojan horse Startpage. CQS

 

Result

Infected

 

Warnings

HKLM\SOFTWARE\Classes\Software.IEToolbar

 

Infection

Found Adware.CoolWebSearch

 

Result

Potentially danagerous objecy

Share this post


Link to post
Share on other sites
Wademan   

Hello Gamekid,

 

Please download Ccleaner if you dont already have it( if you already have Ccleaner then simply run it). It will help clean out cookies and temp files which will speed up the SuperAntiSpyware scan and the BitDefender scan as well.

 

Ccleaner> http://www.ccleaner.com/ tutorial if you need> http://www.ccleaner.com/help/tour/1-after-installation

 

> Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.
You will see an install for Google toolbar, uncheck it if you don't want it added in the download.

 

Some of what AVG found looks like a false positive. But Run SuperAntiSpyware And also use BitDefender online AntiVirus scanner>

http://www.bitdefender.com/scan8/ie.html Allow the active x component to be installed and follow the prompts. ( Note you will need internet explorer to run BitDefender ) Post the SuperAntiSpyware log along with the BitDefender log. :)

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites
Gamekid   

Hello Gamekid,

 

Please download Ccleaner if you dont already have it( if you already have Ccleaner then simply run it). It will help clean out cookies and temp files which will speed up the SuperAntiSpyware scan and the BitDefender scan as well.

 

Ccleaner> http://www.ccleaner.com/ tutorial if you need> http://www.ccleaner.com/help/tour/1-after-installation

 

> Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.
You will see an install for Google toolbar, uncheck it if you don't want it added in the download.

 

Some of what AVG found looks like a false positive. But Run SuperAntiSpyware And also use BitDefender online AntiVirus scanner>

http://www.bitdefender.com/scan8/ie.html Allow the active x component to be installed and follow the prompts. ( Note you will need internet explorer to run BitDefender ) Post the SuperAntiSpyware log along with the BitDefender log. :)

 

Wademan

 

I ran a full scan with super antispyware free edition. I used the professional version, I hope that is ok because you ask for the home version. Here is the log:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/24/2008 at 05:34 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3489

Trace Rules Database Version: 1480

 

Scan type : Complete Scan

Total Scan Time : 01:40:42

 

Memory items scanned : 446

Memory threats detected : 0

Registry items scanned : 5743

Registry threats detected : 0

File items scanned : 45396

File threats detected : 0

 

I also ran bit defender, here the log for that:

C:\Documents and Settings\Owner\Desktop\Misc\report for bit defender.html

I also came across this.

Potentially unwanted program

 

file name: C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll

 

Threat name: Adware Generic3.HBW

Detected on open

 

move to vault Add to exceptions Ignore Help

 

I clicked on add to exceptions. May not have been a good idea.

Share this post


Link to post
Share on other sites
mme   

do a couple of online scans

one is trend housecall...found here

it will clean whatever it finds

 

http://housecall.trendmicro.com/

 

the other is kaspersky

 

http://www.kaspersky.com/virusscanner

 

file name: C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll

i believe that in your system restore it appears to be infected Edited by mme

Share this post


Link to post
Share on other sites

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00002

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005

C:\Documents and Settings\All Users\Application Data\AOL Downloads\HelixSuite\2.0.70.1\comps\prcnlink.exe:\ns_00005:\$JK\utility.dll

Trojan horse Startpage. CQS

HKLM\SOFTWARE\Classes\Software.IEToolbar

Adware.CoolWebSearch

 

All part of AOL/AIM.

 

Link 1

 

Link 2

 

Link 3

 

"C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll}"

 

Navigate to Windows -> Prefetch Folder, You can delete it from there.

Share this post


Link to post
Share on other sites
Gamekid   

All part of AOL/AIM.

 

Link 1

 

Link 2

 

Link 3

 

"C\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP306\A0070819.dll}"

 

Navigate to Windows -> Prefetch Folder, You can delete it from there.

 

If I go to housecall 6.6, what kind of scan do I want to run? If I go to the kaspersky online scanner, it tells me that

You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0

OK

 

I have the latest version of java at this time. If I go to the windows folder and the prefetch folder, I don't see any file with the mentioned file name.

Share this post


Link to post
Share on other sites

If I go to the windows folder and the prefetch folder, I don't see any file with the mentioned file name.

 

Sorry, brain fart.

 

You will be able to remove it by turning off System Restore AFTER you are sure the rest of the pc is clean.

Share this post


Link to post
Share on other sites
Gamekid   

Sorry, brain fart.

 

You will be able to remove it by turning off System Restore AFTER you are sure the rest of the pc is clean.

 

OK, I'll make a mental note of that. What about the online scanners?

Share this post


Link to post
Share on other sites
mme   

http://housecall.trendmicro.com/

 

1-Click scan now its free

2-Next click on Launch HouseCall free scan

3-Accept Agreement

4-Choose Browser plugin..Housecall Kernel

5-Press starting housecall

6-Install active x..right click yellow bar at top of page

7-Press on the Run and choose

8-Scan Complete Computer For Malware,Grayware and Vunerabilities

9-Wait until scan is compltete

10-Once it complete your given an option to delete any infections

your asked to run housecall again but you can if you want to....but if your dealing with trojans ...running it a second time is a good idea Recomended One.....

 

Good Luck

Edited by mme

Share this post


Link to post
Share on other sites
Gamekid   

Hi Gamekid,

It looks like most of what AVG found was indeed false positives. And the only left over is in your system restore, read this short guide on turning it on an off to clean virus from your system> http://www.pchell.com/virus/systemrestore.shtml

 

After you do that, then re-run scanners, they should be all clean.

 

Wademan

 

I ran the housecall scan and come across the following. I don't believe that there is any reason to keep any of this stuff?

ADWARE_INETTRAFFIC

ADWARE_SOFTOMATE

ADWARE_MEMWATCHER

Share this post


Link to post
Share on other sites
Wademan   

Hi Gamekid,

Yes those are all malware/junk. if you want to double check you can add this free scanner an run it> http://www.emsisoft.com/en/software/free/

 

I hope you turned off system restore an re enabled it? That was the only way to remove that one malware entry from your pc, since it was routed in system restore.

 

The a2 scanner I am referring you to is just as powerful as SuperAntiSpyware. And best of all it's free. Make sure you select the free version. :)

 

Wademan

Share this post


Link to post
Share on other sites
Gamekid   

Hi Gamekid,

Yes those are all malware/junk. if you want to double check you can add this free scanner an run it> http://www.emsisoft.com/en/software/free/

 

I hope you turned off system restore an re enabled it? That was the only way to remove that one malware entry from your pc, since it was routed in system restore.

 

The a2 scanner I am referring you to is just as powerful as SuperAntiSpyware. And best of all it's free. Make sure you select the free version. :)

 

Wademan

 

I'll run the scan again and get rid of the malware. I just flushed system restore. I have quite a few scanners available on me.

Edited by Gamekid

Share this post


Link to post
Share on other sites
Gamekid   

I'll run the scan again and get rid of the malware. I just flushed system restore. I have quite a few scanners available on me.

 

I have a reason to believe that the stuff that I have is causing my internet connection to go out, however I'm more concerned that when I run the housecall scan, my internet connection will go out before the scan is completed. My internet connection doesn't go out all the time, but it seems to be a chance of luck. I need to know if there is another way that I can get rid of that stuff without using an online scanner or another way of getting rid of the stuff with an online scanner? I did try going to safe mode with networking, however if I do that and go to the website, internet explorer crashes on me before the scan even starts. I'm in a very odd situation here. As a last resort, I can always reinstall windows, although I want to avoid that at all costs.

Share this post


Link to post
Share on other sites
Juliet   

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode

 

 

Scan with DrWeb-CureIt as follows:

 

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.

* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

 

* Once the short scan has finished, Click Options > Change settings

* Choose the "Scan tab" and UNcheck "Heuristic analysis"

* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)

* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

* When done, a message will be displayed at the bottom advising if any viruses were found.

* Click "Yes to all" if it asks if you want to cure/move the file.

* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".

(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.

* Save the DrWeb.csv report to your desktop.

 

* Exit Dr.Web Cureit when done.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Share this post


Link to post
Share on other sites
Gamekid   

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode

Scan with DrWeb-CureIt as follows:

 

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.

* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

 

* Once the short scan has finished, Click Options > Change settings

* Choose the "Scan tab" and UNcheck "Heuristic analysis"

* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)

* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

* When done, a message will be displayed at the bottom advising if any viruses were found.

* Click "Yes to all" if it asks if you want to cure/move the file.

* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".

(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.

* Save the DrWeb.csv report to your desktop.

 

* Exit Dr.Web Cureit when done.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

 

Here is the report from the DrWeb CureIt program.

RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0077383.reg;C:\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP341;Trojan.StartPage.1505;Deleted.;

Share this post


Link to post
Share on other sites
Gamekid   

Here is the report from the DrWeb CureIt program.

RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

A0077383.reg;C:\System Volume Information\_restore{70404123-C311-4498-A114-DA48295D8599}\RP341;Trojan.StartPage.1505;Deleted.;

 

My internet connection has been working up until up, low and behold, tonight my internet connection goes out again. I'm hoping that I don't have what I had a week ago. Is there anything else that I can do or check so that my internet connection doesn't go out on me anymore?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×