Jump to content

I think I have a virus; please help. (removed successfully)

Boogie

By Boogie
in Tech and Computers

 Share

Recommended Posts

Boogie

Boogie

Posted
Posted

I just turned on my computer and this program called SpyFalcon 2.0 is on my computer. It's in the tray, and it shows a message often that I'm infected with a virus, buy their spyware deleter, blah, blah. There's also a Windows icon blinking a red X and a "!" blinking in the tray. I also get lots of pop-ups when I'm not browsing.

 

 

 

 

 

 

 

I try to uninstall "SpyFalcon 2.0", but when I do it shows to buy the product before it's done uninstalling. After cancelling, it says that it has been uninstalled, and it's gone, while the blinking Windows icon and the blinking "!" in the tray remains. I delete the SpyFalcon folder after, too.

 

 

 

 

 

 

 

I restart my computer and the SpyFalcon is back. It's in the desktop again and it's installed on my computer again. My Internet Security Level automatically changes to low everytime my computer starts.

 

 

 

 

 

 

 

I ran both a spyware and antivirus scan in safe mode with Ad-Aware and Norton AntiVirus 2005 (both up-to-date) with no success to remove this.

 

 

 

 

 

 

 

Also, it pops up sometimes, and when I start my computer, saying "Please wait while Windows configures Norton AntiVirus 2005." Then another pops up over it saying, "Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall." I did uninstall and reinstall, and it still does the same thing.

 

 

 

 

 

 

 

I have no idea which website infected me with this. Please guys, help. Excuse my grammar, please; I'm typing this quickly.

 

 

 

 

 

 

 

Here's the Hijackthis log (not sure if it's of any help):

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 10:01:39 PM, on 3/6/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\mssearchnet[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\nvctrl[Caution: ExecutableFile]

 

 

 

C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile]

 

 

 

C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

 

 

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\AOL\1138145585\ee\AOLSoftware[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]

 

 

 

C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

c:\progra~1\intern~1\iexplore[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinZip\WZQKPICK[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]

 

 

 

C:\Program Files\SpywareGuard\sgbhp[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\msiexec[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Ronald\My Documents\Unzipped\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

 

 

 

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpCEE8.tmp

 

 

 

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

 

 

 

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

 

 

 

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

 

 

 

O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

 

 

 

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: ExecutableFile] -startup

 

 

 

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: ExecutableFile]" -start

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NOUN PLATFORM LOCKS TOOL] C:\Documents and Settings\All Users\Application Data\OpenTrayNounPlatform\BUILDBLAH[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: ExecutableFile]" /pause

 

 

 

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138145585\ee\AOLSoftware[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer

 

 

 

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: ExecutableFile]" /startup

 

 

 

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]" /WinStart

 

 

 

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]" /autostart

 

 

 

O4 - HKCU\..\Run: [Global bash] C:\DOCUME~1\Ronald\APPLIC~1\HOLELI~1\MultiThunkMeta[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: ExecutableFile] -quiet

 

 

 

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch[Caution: ExecutableFile]" /d locale=en-US ee://aol/imApp

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

 

 

 

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

 

 

 

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 

 

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab

 

 

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

 

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: DLBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTserv[Caution: ExecutableFile]

 

 

 

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

Link to comment
Share on other sites
Mercifull

Mercifull

Posted
Posted

Its not really a virus but actually spyware pretending to be a virus so scare you into purchasing their rogue software.

 

 

 

 

 

 

 

http://www.bleepingcomputer.com/forums/topic43659.html

 

 

 

 

 

 

 

Press ctrl+alt+del and end the following processes

 

 

 

 

 

 

 

C:\WINDOWS\system32\mssearchnet[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\nvctrl[Caution: ExecutableFile]

 

 

 

 

 

 

 

Then "fix" the following but remember that Hijackthis must be run in its own folder, not on the desktop or from within the zip file. Only if Hijackthis is extracted to its own folder it will create backups!

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

 

 

 

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpCEE8.tmp

 

 

 

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

 

 

 

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

 

 

 

O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

 

 

 

O4 - HKLM\..\Run: [NOUN PLATFORM LOCKS TOOL] C:\Documents and Settings\All Users\Application Data\OpenTrayNounPlatform\BUILDBLAH[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Global bash] C:\DOCUME~1\Ronald\APPLIC~1\HOLELI~1\MultiThunkMeta[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

 

 

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

 

 

 

 

 

 

 

I would also STRONGLY advise uninstalling BearShare. It is renound for being a major source of spyware.

 

 

 

 

 

 

 

Restart PC and then post a new log and say if you are still having symptoms

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites
Boogie

Boogie

Posted
  • Author
Posted
Its not really a virus but actually spyware pretending to be a virus so scare you into purchasing their rogue software.

 

 

 

 

 

 

 

http://www.bleepingcomputer.com/forums/topic43659.html

 

 

 

 

 

 

 

Press ctrl+alt+del and end the following processes

 

 

 

 

 

 

 

C:\WINDOWS\system32\mssearchnet.e3e (CAUTION - executable file)

 

 

 

C:\WINDOWS\system32\nvctrl.e3e (CAUTION - executable file)

 

 

 

 

 

 

 

Then "fix" the following but remember that Hijackthis must be run in its own folder, not on the desktop or from within the zip file. Only if Hijackthis is extracted to its own folder it will create backups!

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

 

 

 

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpCEE8.tmp

 

 

 

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

 

 

 

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

 

 

 

O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

 

 

 

O4 - HKLM\..\Run: [NOUN PLATFORM LOCKS TOOL] C:\Documents and Settings\All Users\Application Data\OpenTrayNounPlatform\BUILDBLAH.e3e (CAUTION - executable file)

 

 

 

O4 - HKCU\..\Run: [Global bash] C:\DOCUME~1\Ronald\APPLIC~1\HOLELI~1\MultiThunkMeta.e3e (CAUTION - executable file)

 

 

 

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

 

 

 

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

 

 

 

 

 

 

 

I would also STRONGLY advise uninstalling BearShare. It is renound for being a major source of spyware.

 

 

 

 

 

 

 

Restart PC and then post a new log and say if you are still having symptoms

 

 

 

Thanks, dude...

 

 

 

 

 

 

 

Did you want me to do what that site said to do, or did you just want me to do what you said? I tried to do what you said but "C:\WINDOWS\system32\mssearchnet.e3e (CAUTION - executable file)" doesn't end when I click for it to, and if it does end it, it just pops back on. The other process ends.

 

 

 

 

 

 

 

Do you have any IMs? I'm having trouble with the link's instructions. Thanks a lot, man.

 

 

 

 

 

 

 

EDIT: I think I successfully removed it, thanks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept