Author Topic: Boot time scan and Fun Web/ Fun Cards  (Read 18589 times)

0 Members and 1 Guest are viewing this topic.

JENT1701

  • Guest
Boot time scan and Fun Web/ Fun Cards
« on: May 24, 2011, 06:16:08 PM »
Holy cow, I'm havin some problems here!  I was doing a boot scan on a friends computer. Running Win XP SP3 with all the updates. Came up with infected file Win 32 Fun Web, couldn't repair, so I stuck it in the Virus chest along with some other files also with the same Fun Web virus or Malware name. When I was done and went to reboot, the computer would barely operate. Had to go into safe mode in order to get it to work.  :o Can anybody throw me a bone?   ???  By the way, my name is Jonathan. I'm a newbie...nice to meet you.  :)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #1 on: May 24, 2011, 08:17:14 PM »
With funweb the easiest way to get rid of it is use Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #2 on: May 24, 2011, 10:23:51 PM »
Ok, thank you. It will be a little while b4 I get back to my friends house, but I will do that. Thanks for the info. I am going to have her restore the files until I get there so she can use it.

SafeSurf

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #3 on: May 25, 2011, 07:02:29 AM »
I am going to have her restore the files until I get there so she can use it.
No need to...just run MBAM as suggested.  If you restore, these bad files will remain on your machine unless you delete your system restore files.

Just follow the directions of the MBAM (Malwarebytes) as posted.  Let us know if you have any questions.  Thank you.

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #4 on: May 25, 2011, 07:34:29 AM »
Ok, downloaded the program, and installed it, ran it. (This is something my friend did over the phone with me. She lives 2hrs away) Came up with a ton of files that we removed. Aaaand no difference in performance.  >:( Saved a log and did a restore from about a week or 2 ago. No change. Barely boots up in normal mode. The thing that really bugs me is that it was running fine until I did that boot scan with Avast and after that it all went downhill. This happened to once before with this computer, but I don't remember exactly what I did to fix it. This shouldn't be happening. I always get all the fun jobs. Ugh!  :o On the bright side, I did install Malawarebytes on my laptop and desktop and found some stuff on my desktop that I cleared up, so thanks for that. Any thoughts???   ???
Oh yea, I will have her send me a copy of the report to send to you.
« Last Edit: May 25, 2011, 07:36:43 AM by JENT1701 »

SafeSurf

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #5 on: May 25, 2011, 07:45:19 AM »
Did your friend quarantine any infections found?

What version and product of Avast is he/she using?

What is the OS?  Fully updated?

Is the machine acting normally prior to doing the boot scan?

Edit:  Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0

Follow the directions for obtaining the OTS logs (save them as ANSI and not Unicode).  Post the OTS log as an attachment (Additional Options > Attach > Post).  Please do not make any further changes to your machine after you have provided the logs.  Thank you.
« Last Edit: May 25, 2011, 11:48:51 AM by SafeSurf »

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #6 on: May 25, 2011, 10:08:40 PM »
Ok, this is a lot for me to digest, since I am not as familiar with all the terms being used, but I will get all the info together. I downloaded OTS on my computer so I will be familiar with it. (What does OTS stand for?) Also what is ANSI and Unicode? Sorry for my ignorance, I'm still learning. Thanks, Jon

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #7 on: May 25, 2011, 10:13:03 PM »
OTS is an acronym for Old Timers Scanner (the auther is Old Timer  ;D)

For ANSI

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #8 on: May 26, 2011, 05:01:59 AM »
Okay, that's simple enough, I noticed that one way of saving a file was Unicode Indian.  Does that mean it stores the information and sends it as smoke signals?   :P  Boy now that's what I call an old style of internet. LOL  :D

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #9 on: May 26, 2011, 08:28:52 AM »
Spent time with her on the phone last night and had her send me the info. She is really doing well for somebody that was not computer savvy.  I decided to copy and paste your questions with my responses to keep a clear channel of communication. I also attached the logs from MBAM and OTS Hope this will help.  Thanks for your assistance.

Did your friend quarantine any infections found?              Yes she did

What version and product of Avast is he/she using?         Avast Free    version 110525-1

What is the OS?  Fully updated?      Windows XP Home Edition Version 2002 SP 3  All updates installed.

Is the machine acting normally prior to doing the boot scan?    Yes, all seemed fine until after the boot scan.

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

She is still having problems after running MBAM AND OTS.  Should I create a new topic as mentioned in the above thread?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #10 on: May 26, 2011, 10:38:29 AM »
Quote
Should I create a new topic as mentioned in the above thread?
you already have when you started this   ;)


Quote
What version and product of Avast is he/she using?         Avast Free    version 110525-1
This is the virus signature version and not the program version
(11=year - 2011 / 05=month - may / 25=day / -1= number of release that day

latest program version is 6.0.1125

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #11 on: May 26, 2011, 10:45:52 AM »
Ooops my bad on both counts. The current version installed is 6.0.1125  I had just reinstalled it recently.  Sorry 'bout that.

SafeSurf

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #12 on: May 26, 2011, 10:55:47 AM »
Thank you for providing the logs and the information.  How is the machine running after performing the MBAM scan and quarantine?

Essexboy will be giving you instructions and have you perform things on the machine.  He is on the forum late UK time zone.  In the meantime, please instruct your friend not to use her machine unless it is for malware removal and not to sync anything with it.

When we are all done with the malware removal and then removing tools from the machine, we will need to update some software on the machine that is outdated as well, but we will instruct you how to do this and cannot do it now.

Let us know if you have any questions.  Thank you.

JENT1701

  • Guest
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #13 on: May 26, 2011, 07:18:12 PM »
Unfortunately it is still running very slow on normal boot up, but she says it is fine in safe mode. I had her run a full scan before going to bed last night and she sent me the results this morning which I have attached. Nothing found, so at least we know that is good. I have a feeling that we need to go into task manager under normal boot up and see if there is something running there. Thanks for your help so far. This is more knowledge under my belt for future reference.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan and Fun Web/ Fun Cards
« Reply #14 on: May 26, 2011, 07:20:01 PM »
Hi lets see what this does, on completion of this run could you go back to normal mode and let me know how it runs

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > ->
YY -> Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
YY -> Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[Files/Folders - Modified Within 30 Days]
NY ->  Disk Cleanup.job -> C:\WINDOWS\tasks\Disk Cleanup.job
NY ->  dfrg.job -> C:\WINDOWS\tasks\dfrg.job
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.