Help !!!!! please aspparantely have a virus worm.........

[*tisha*-uk]

Hi Essexboy,
I thought i sent both files...
here it is:
and hi there bong2 give me some pointers then cus my daughter downloads lots of music
she needs to for the band she sings in....
lol.. tisha

[essexboy]

Hi not a great deal there which is curious - I feel it may be a scam

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
O4 - HKCU..\Run: [d1a8e7e173cc22d4acf2bb3a23339ad8] C:\Users\Public\Public Downloads\3DMahjonggSetup-dm[1].exe File not found
[2010/01/27 16:08:36 | 000,000,004 | ---- | C] () -- C:\Users\tricia\AppData\Roaming\1rq1mqcv5kerdomfscuz4235redqf8gaz7x

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[Abraxas]

Just poke my nose in here for a second to remind people about Limewire, and P2P programs in general.

bong2x said:

:'( not good for limewire :'(
limewire is not bad but the ability of this software to get the music of what you want is the cause. but avast has resolve it, by using sandbox.

i also use limewire but i open it in sandbox to avoid some infection that come from the site that limewire download the music.

nevermind my post.!!!!

Best Regards!!!

Really unfortunate advice bong2x, no offence, just some need for education ? Please read to end of my post, thanks .

*tisha*-uk :

" ... and hi there bong2 give me some pointers then cus my daughter downloads lots of music
she needs to for the band she sings in....
lol.. tisha"

As essexboy is working here (please excuse !) I don't want to cloud your cleanup with extra distractions, But ... and essexboy may offer same advice, just thought best to nip this in the bud 

*tisha*-uk please read this very important info when time permits.
http://www.malwareremoval.com/p2pindex.php

"As prevailing opinion holds that the use of P2P software, even clean P2P software, more often than not results in infection of the computer(s) engaged in such practice, and that said P2P software has been determined to be a primary vector for the spread of malware..."

Please read the following information regarding the use of P2P filesharing programs.
http://www.malwareremoval.com/forum/viewtopic.php?p=491394#p491394

Kind Regards,

Abraxas

[*tisha*-uk]

Hi essexboy.. I've done the fix.. do i have to paste anything for the quick scan
by otl??

[*tisha*-uk]

Essexboy, I just did a quick scan with otl: attached are the results..
after the fix scan i found 2 icons on my desktop..
desktop.ini with a gear on page??? what is this??
I'm going further with the combo
be back when finished
tisha

[essexboy]

Those are system - hidden files.  We will reset them on completion 

[*tisha*-uk]

phew!!!!!!!!!!!!
well after doing a scan with the combo
i could not open anything got message that illegaal temt etc and was s-thing?? deletion
so because i could not open even restore i did a F8 opening to the last good conf. boot and got to the position just before i did the combo scan...lol...
so after checking your instructions again i tried it once more..
Again the same thing so i do not think i will try again tonight...
gonna sleep onit... try again later
greets tisha*

[*tisha*-uk]

Hi is Essexboy about??........

I did a restore to before i installed the combo so i have s-antispy & otl ..
i have done a fix and quick scan again...
before i attempt to install the combo i would like to know how to close
the s-antispy program?.. i was not sure if i did that correctly yesterday
so maybe that was the problem why i could not open anything etc...
i don't wanna have to boot again to the last good conf.....
can you help please...
attached is the last fix i did..
 tisha*

[*tisha*-uk]

Hello is there anyone who can help???
am waiting for a respons...
 

[Pondus]

relax....... ...........Essexboy will be here, he works in more than one forum.....

[essexboy]

I am concerned that CF did that so I would like to run a rootkit analyser

GMER Rootkit Scanner - Download - Homepage

• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.

• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
  
  Click the image to enlarge it
  

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[*tisha*-uk]

Hi essexboy..
do i need any software to unzip it with first??
Idont have so much on my vista.. used to have alot more on the xp..
tisha*

[essexboy]

With vista once you enter the folder (double click it ) you can extract it to the desktop by either right clicking or using the tools bar at the top of the folder

[*tisha*-uk]

Thanks I'll get right on..
 

[*tisha*-uk]

Pondus..
Sorry to be too stressed.. but needed to eat and been hanging around a few hours
my appologies.. had to keep my sugar level ontop..