Avast WEBforum

Other => Viruses and worms => Topic started by: ruby7birthstone on August 11, 2010, 12:44:22 AM

Title: viruses and worms need help
Post by: ruby7birthstone on August 11, 2010, 12:44:22 AM
hello, I am new at this forum and computers also. I have purchased Avast internet security 5.0
2 months ago. My computer was over run by "virus- malware-worms " or what ever you call them.
These constant "pop-up messages" windows security alert.........or Antivirus software alert.....
saying my computer is infected (4 different pop ups keep appearing-like popcorn!)
or application cannot be executed sf.bin file is infected  . I did not open them. I turned off internet access-ran a full system scam, found 4 viruses, put them into virus chest. pop ups still there, rebooted computer , pop ups still there. I cannot access control panel- pop ups stop this.
I am on a library computer now.
I have an IBM think pad with Windows XP
What ever I need to do scans or whatever I need detailed instructions on how to do this !
I will appreciate any help and suggestions- THANKS
Title: Re: viruses and worms need help
Post by: modati on August 11, 2010, 01:44:49 AM
Sf.bin is used by Avast!.  I don't know about those errors.  Do you run multiple antivirus suites with resident protection?  Could you provide a screen-shot of the errors I'm curious to see what they are.  People will recommend you get HiJackThis and post a log as well as running MalwareBytes Anti-Malware and update your Avast! to the most current definitions.  Good luck :)

Also could you provide the virus types/file names that were found by avast and put into the virus chest.  That would help greatly :)
Title: Re: viruses and worms need help
Post by: Tarq57 on August 11, 2010, 03:08:31 AM
What antivirus or other security (if any) was used on this computer before installing Avast, please?
Title: Re: viruses and worms need help
Post by: SafeSurf on August 11, 2010, 09:02:54 AM
ruby7birthstone,  Welcome to the forum.  :)

What antivirus or other security [software] (if any) was used on this computer before installing Avast, please?
1. This includes antivirus, firewall, any other security-related software.

2. Please give us your OS (XP, SP?), 32 or 64-bit for your machine?

3. Please give us the name(s) of the malware listed (or a screen shot) of what is contained in your Avast Virus chest.  Leave the malware there and do not remove it.

4. Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next post.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts -- Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.
Title: Re: viruses and worms need help
Post by: ruby7birthstone on August 12, 2010, 01:22:19 AM
This computer is an IBM think pad with windows XP
I purchased computer used several years ago
Before purchasing Avast I had free Avast and problems (viruses got through so I went with the purchased
Also a malware program that I believe was deleted when installing the new avast.
** I will try to write down virus types and file names from the virus chest ***
I am on a library computer, my computer will not get onto internet past the "pop ups"
I cannot  access www.malwarebytes.org
Every time I used computer, voice said Avast virus definitions data base has been updated
The purchased Avast is only protection, not sure what resident protection means ?
Will research virus names, Thanks for help so far !!!
Title: Re: viruses and worms need help
Post by: modati on August 12, 2010, 02:51:00 AM
You can boot into safe mode with networking support to bypass the issue with the popups.  Pressing F8 periodically during the start-up process, every few seconds, will bring this menu up.  After you select Safe Mode with Networking you will select the OS you want to boot.  IT should only be one, select it and press enter.

Be careful what sites you go to!  Be careful, let me reiterate it again :)!  Having NoScript installed is a really good feature in Mozilla Firefox.  As most resident protection will not work in safe mode or firewalls for that matter due to they tend to use windows services.  You should be able to download any software you need from trusted sites and scan with software.  Avast! will work in safe mode and Malewarebytes Anti-malware.  Good luck getting the viruses written down will check back.  You should try to get the virus names as well while you are in safe mode.  Then you can seek better advice through the web on what the individual virus do to your machine so you can verify you are completely clean.  Just be careful where you go and what you download!
Title: Re: viruses and worms need help
Post by: Tarq57 on August 12, 2010, 03:29:12 AM
Lets take things one step at a time.

What I'd do, is try getting MBAM installed on your computer. (Instructions below, a bit of background, now.)
Something is hijacking your internet settings, and, to put it simply, perverting sites you would want to go to and substituting its own. MBAM is likely to fix that.

There is a bit of a trick to getting it up and running, and it might seem a bit involved. The idea is to download the installer to a flash (usb) drive using another computer, and renaming it. The reason to rename it is that some malware identifies security programs by name, and blocks them. So the procedure will be to go to another computer, go to malwarebytes.org, save it as a renamed file to a (clean) flash drive, and then get it going on the sick computer. Make sense?

-On a clean computer with a flash drive inserted, go to www.malwarebytes.org and click on the blue download button.
-It should ask you to save the file somewhere. Save it to the flash drive and name it something like 7birthstone.exe (the ".exe" is important, the name you choose should be unique; not likely to be an already-used file name. You choose. 7birthstone would probably be good.)
-Once it has downloaded, disconnect the flash drive from the good computer. Connect it to your infected computer.
-Drag the installed file from the flash drive to your desktop. (Or copy and paste it there.)
-Start the installer by double-clicking it, and let it install on your computer.
-Following installation, open the "my computer" icon, and navigate to C:\program files\Malware Byte's Anti-Malware, and inside that folder you will see an icon that looks like the picture below. Rename that file to 7birthsotne.exe
-Open the program by double-clicking that renamed file (you will not be able to use the desktop icon to open it after it's renamed.)
-Select the update tab, and update the program. (This may or may not work. If not, skip this step.)
-Run  a quick scan. At the finish of the scan select "show results" (or similar) and place a tick beside anything and everything found, then select "remove selected''. If prompted for a reboot (restart) to finish removal, do so promptly.
-Following reboot, if you were unable to update the program earlier, do so now, and run another quick scan.

Please post the scan reports here (see "additional options" ) to the lower left of the forum reply window), or let us know if anything didn't work, with brief details.