WinBlueSoft Attacked My Computer

View previous topic View next topic Go down

WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 6:10 am

It looks like my computer joined the club.

I got these virus warnings, along with an offer to register with WinBlueSoft. I managed to delete the WinBlueSoft program, but it still says in big letters on the main windows screen about my virus etc,.
I cant run most programs. I Tried running Malwarebytes but it just gives error messages. Also, I can only stay logged in for a few minutes, before it automatically logs me out.

Any help would be appreciated!

Thanks!

This is the text from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:13 AM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\sipgate X-Lite\sipgateXLite.exe
E:\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080318
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Z-5 Speakers] C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe"
O4 - HKUS\S-1-5-18\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet 4.12\PdaNet.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: sipgate X-Lite.lnk = C:\Program Files\sipgate X-Lite\sipgateXLite.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9986 bytes

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 2nd June 2009, 9:11 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O20 - AppInit_DLLs: blocker.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

WinBlue Soft Still Attacking

Post by yabad on 2nd June 2009, 1:32 pm

Hi,
Thanks for your quick response.

I tried doing what you said, but it still won't let me install Malwarebytes etc, and still logs me out after a few minutes.

I did a System Scan a second time, and it still shows the O20 - AppInit_DLLs: blocker.dll as being there. I tried a second time as well.

Please help!

1: A few more points about this Virus/Trojan:
Once in a while it just shuts off the computer, and all I see is a blue screen with this text: STOP: c000021a {Fatal System Eroro}
The Windows Logon Process System process terminated unexpectedly with a status of 0x00000000 (0x00000000 0x00000000).
The system has been shut down.
2: Often, when I log on to the computer, it will say something to the affect that it can't find Malewarebytes, or that it cant find C:/Program Files etc.

Once again, thanks for your help!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 2nd June 2009, 4:07 pm

Try this.

  • Now open a new notepad file.
  • Input this into the notepad file:

    [Version]
    Signature=$CHICAGO$

    [DefaultInstall]
    AddReg=Del.Settings

    [Del.Settings]
    HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
    HKLM,software\microsoft\windows\currentVersion\Run,WinBlueSoft,0x00000000
    HKU,DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run,setup2.exe,0x00000000
    HKLM,software\microsoft\windows nt\currentversion\windows,AppInit_DLLs,0x00000000

  • Save this as fixreg.inf, save it to your desktop.
  • Right click fixreg.inf and select install.


Last edited by Belahzur on 2nd June 2009, 4:35 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 4:32 pm

I did that. Nothing seems to have changed. It still logged me off. What do I need to do now?

I saved on a different computer first, because I couldn't open Notepad on the infected computer.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 2nd June 2009, 4:35 pm

Hello.
I have edited my above post because of a slight mistake on my half.

Re-run it again for me please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 4:42 pm

Done. Now what do I do?
Thanks again btw!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 2nd June 2009, 4:44 pm

Can you run any exe files now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 4:50 pm

I still cannot open Notepad.

I tried installing Malewarebytes, it installs, but gives me runtime erros "Run-time error '0'" and "Run-time error '440': Automation error" Then when I try running it, it gives me error messages again.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 2nd June 2009, 5:06 pm

Lets try a bat file instead.

Now open a new notepad file.
Input this into the notepad file:

@echo off
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows /v AppInit_DLLs /t REG_SZ /d "" /f
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 5:21 pm

Done. Still can't open notepad etc.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 2nd June 2009, 6:09 pm

Also, Malewarebytes still doesn't work either.
Thanks again for all your help!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Origin on 2nd June 2009, 10:47 pm

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in teh start up menu select Safe Mode with Networking, then do the following instructions:


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 1:49 am

Doesnt work :-(
When trying to run it, I get an error message "A device attached to the system is not functioning.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by dougiefresh504 on 3rd June 2009, 2:22 am

i have the exact same problem.

dougiefresh504
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Origin on 3rd June 2009, 2:44 am

Hello dougiefresh504, Please refrain from posting in other members topics and start your own Wink


yabad please do the following:


Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 3:01 am

Doesn't let me open it!
When I click it, it opens winrar (Though it doesnt look like winrar to me), and then it stops.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 1:35 pm

Also, I don't see any 'launch.exe' or 'cureit.exe'. Only a 'drweb-cureit' file.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 1:48 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot..."
  • Now locate this file: C:\WIndows\system32\blocker.dll
  • Okay any prompts and select yes to reboot.

After reboot, try running Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 7:17 pm

Wow!!! My computer stays on, and I can even actually see the blue screen!
My internet doesn't work yet, but I can open programs etc!
Thanks!!!

Is there anything else I should be doing? Also, which Anti Virus/Spyware/Trojan do you recommend I install and use on a regular basis? All these programs that I downloaded based on your help was only for now, right? (HijackThis, combofix, Cureit etc.).
I currently have Malewarebytes, Spybot and Trojan Remover. I also downloaded Avira and AVG.

Here is the log from Combofix. I ran it a second time (not knowing that it went through ok the first time, so if you need the info from the first time, I think I have it too (it has all the c:\windows\xx that it deleted).

"
ComboFix 09-06-01.03 - S 06/03/2009 14:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1508 [GMT -4:00]
Running from: c:\documents and settings\S\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 02:29 . 2009-06-02 00:20 3371384 ----a-w- C:\mbam-setup.exe
2009-06-03 02:27 . 2009-06-03 01:44 3129946 ----a-w- C:\Combo-Fix.exe
2009-06-03 02:27 . 2009-06-02 21:30 30075904 ----a-w- C:\avira_antivir_personal_en.exe
2009-06-02 21:23 . 2009-05-18 18:47 3007352 ----a-w- c:\documents and settings\S\Application Data\Simply Super Software\Trojan Remover\ghm1.exe
2009-06-02 16:47 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 16:47 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 04:45 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-02 04:45 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-02 04:45 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-02 04:45 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-02 04:45 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-02 04:45 . 2009-06-02 21:08 -------- d-----w- c:\program files\Trojan Remover
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- c:\documents and settings\S\Application Data\Simply Super Software
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-02 00:22 . 2009-06-02 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 00:01 . 2009-06-02 00:01 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\NOS
2009-06-01 23:58 . 2009-06-01 23:58 1164288 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-01 23:58 . 2009-06-02 00:03 418 ----a-w- C:\autorun.inf.vir
2009-05-28 02:57 . 2009-05-28 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-28 02:56 . 2009-05-28 02:56 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-28 02:56 . 2009-05-28 02:56 -------- d-----w- c:\program files\Logitech
2009-05-28 01:48 . 2009-05-28 01:48 390664 ----a-w- c:\documents and settings\S\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-10 05:28 . 2009-05-10 05:28 127877 ----a-w- c:\documents and settings\S\Application Data\Move Networks\uninstall.exe
2009-05-10 05:28 . 2009-05-10 05:28 1685856 ----a-w- c:\documents and settings\S\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 21:23 . 2008-03-18 05:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 02:56 . 2008-03-18 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 05:19 . 2008-09-14 02:35 -------- d-----w- c:\documents and settings\S\Application Data\Move Networks
2009-05-18 00:45 . 2008-05-30 22:08 -------- d-----w- c:\documents and settings\S\Application Data\U3
2009-05-13 07:01 . 2008-04-30 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-10 05:28 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\S\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\S\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-30 13:47 . 2009-04-30 13:47 -------- d-----w- c:\program files\Enounce
2009-04-22 19:11 . 2008-04-28 05:46 -------- d-----w- c:\program files\DivX
2009-04-22 19:11 . 2009-04-22 19:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-03-19 23:44 . 2009-03-19 23:44 1047072 ----a-w- c:\documents and settings\S\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-03-06 14:22 . 2004-08-10 18:51 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe" [2008-06-12 542096]
"Vbuzzer Messenger"="c:\program files\vbuzzer\VBuzzer.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-07 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-05-30 550160]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"="c:\windows\system32\tempo-setup2.exe" [2009-06-01 1164288]

c:\documents and settings\Family\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\S\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-27 91440]
sipgate X-Lite.lnk - c:\program files\sipgate X-Lite\sipgateXLite.exe [2008-5-30 3424256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^S^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\S\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\S\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 7:29 PM 5376]
R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\GizmoPlugin\GizmoPlugin.exe [11/18/2008 9:04 PM 962048]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [9/4/2008 6:51 PM 8576]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/11/2008 1:53 PM 33752]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\1w59sq0t.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 14:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-03 14:14
ComboFix-quarantined-files.txt 2009-06-03 18:14
ComboFix2.txt 2009-06-03 18:09

Pre-Run: 204,737,974,272 bytes free
Post-Run: 204,716,752,896 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
169 --- E O F --- 2009-05-13 07:01
"

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 7:21 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\autorun.inf.vir
c:\windows\system32\tempo-setup2.exe

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 8:14 pm

Here it is.

I might have deleted C:\autorun.inf.vir on my own before, I'm not sure.

"
ComboFix 09-06-01.03 - S 06/03/2009 15:57.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1479 [GMT -4:00]
Running from: c:\documents and settings\S\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\S\Desktop\CFScript.txt.txt

FILE ::
"C:\autorun.inf.vir"
"c:\windows\system32\tempo-setup2.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tempo-setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 02:29 . 2009-06-02 00:20 3371384 ----a-w- C:\mbam-setup.exe
2009-06-03 02:27 . 2009-06-03 01:44 3129946 ----a-w- C:\Combo-Fix.exe
2009-06-03 02:27 . 2009-06-02 21:30 30075904 ----a-w- C:\avira_antivir_personal_en.exe
2009-06-02 21:23 . 2009-05-18 18:47 3007352 ----a-w- c:\documents and settings\S\Application Data\Simply Super Software\Trojan Remover\ghm1.exe
2009-06-02 16:47 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 16:47 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 04:45 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-02 04:45 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-02 04:45 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-02 04:45 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-02 04:45 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-02 04:45 . 2009-06-02 21:08 -------- d-----w- c:\program files\Trojan Remover
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- c:\documents and settings\S\Application Data\Simply Super Software
2009-06-02 04:45 . 2009-06-02 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-02 00:22 . 2009-06-02 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 00:01 . 2009-06-02 00:01 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\NOS
2009-05-28 02:57 . 2009-05-28 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-28 02:56 . 2009-05-28 02:56 130208 ------r- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-05-28 02:56 . 2009-05-28 02:56 -------- d-----w- c:\program files\Logitech
2009-05-28 01:48 . 2009-05-28 01:48 390664 ----a-w- c:\documents and settings\S\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-10 05:28 . 2009-05-10 05:28 127877 ----a-w- c:\documents and settings\S\Application Data\Move Networks\uninstall.exe
2009-05-10 05:28 . 2009-05-10 05:28 1685856 ----a-w- c:\documents and settings\S\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 21:23 . 2008-03-18 05:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 02:56 . 2008-03-18 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 05:19 . 2008-09-14 02:35 -------- d-----w- c:\documents and settings\S\Application Data\Move Networks
2009-05-18 00:45 . 2008-05-30 22:08 -------- d-----w- c:\documents and settings\S\Application Data\U3
2009-05-13 07:01 . 2008-04-30 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-10 05:28 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\S\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\S\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-30 13:47 . 2009-04-30 13:47 -------- d-----w- c:\program files\Enounce
2009-04-22 19:11 . 2008-04-28 05:46 -------- d-----w- c:\program files\DivX
2009-04-22 19:11 . 2009-04-22 19:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-03-19 23:44 . 2009-03-19 23:44 1047072 ----a-w- c:\documents and settings\S\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-03-06 14:22 . 2004-08-10 18:51 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe" [2008-06-12 542096]
"Vbuzzer Messenger"="c:\program files\vbuzzer\VBuzzer.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-07 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-05-30 550160]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

c:\documents and settings\Family\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\S\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-27 91440]
sipgate X-Lite.lnk - c:\program files\sipgate X-Lite\sipgateXLite.exe [2008-5-30 3424256]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^S^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\S\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Program Files\\Gizmo5\\Gizmo5.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\S\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 7:29 PM 5376]
R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\GizmoPlugin\GizmoPlugin.exe [11/18/2008 9:04 PM 962048]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [9/4/2008 6:51 PM 8576]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/11/2008 1:53 PM 33752]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\1w59sq0t.default\
FF - plugin: c:\documents and settings\S\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Z-5 Speakers\LU\LULnchr.exe
c:\program files\Logitech\Z-5 Speakers\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2009-06-03 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 20:02
ComboFix2.txt 2009-06-03 19:27
ComboFix3.txt 2009-06-03 19:01
ComboFix4.txt 2009-06-03 18:09

Pre-Run: 204,732,174,336 bytes free
Post-Run: 204,716,158,976 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
194 --- E O F --- 2009-05-13 07:01
"

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 8:18 pm

Now the internet works as well!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 8:45 pm

Good.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 8:54 pm

Done. Everything looks great! Thanks a million!!!

A few more questions:

Am I all clean?
Should I delete HijackThis as well?
Which antivirus/spyware do you recommend I use so this and other ones shouldn't happen to me in the future?
I currently have Malewarebytes, Spybot and Trojan Remover. I also downloaded Avira and AVG.

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 8:57 pm

Hello.

Shocking Whoa Don't install AVG! It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

I'd say your clean now, the logs look good. You can uninstall Hijack This too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 9:02 pm

Ok, so I shouldn't install AVG because its not good, or because I already have a different one?
And which program do you recommend should be the one? Also, it should only one for everything (Viruses, Spyware, Trojans etc.?)
Once again, thanks a bunch!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 9:09 pm

Hello.
Don't install AVg because you've already installed Avira.

Have you uninstalled Hijack This already? just noticed you have a very old out of date Java installed.

If you don't have it anymore, I need you to download and install it again.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 9:44 pm

I did not install Avira yet. I tried when this virus first started but couldn't.
I have now Spybot and Malewarebytes installed. Should I uninstall them and just install Avira and nothing else?

Here is the uninstall_list.txt:

"2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AIM 6
Browser Address Error Redirector
Critical Update for Windows Media Player 11 (KB959772)
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Gizmo Plugin
Gizmo5
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IE7Pro
IKEA Home Planner
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
iVocalize Web Conference 4
J2SE Runtime Environment 5.0 Update 6
Logitech Desktop Messenger
Logitech Z-5
Magic ISO Maker v5.4 (build 0256)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySpeed v3.0.4
Palm
PdaNet 4.12 for Treo 700p/755p/Centro
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
sipgate X-Lite 1105c eng
Sonic Activation Module
Spybot - Search & Destroy
Trojan Remover 6.7.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
"

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 9:46 pm

Hello.

Install MBAM + Avira.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • J2SE Runtime Environment 5.0 Update 6


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 3rd June 2009, 10:00 pm

Done.
The free version of Avira is fine, or do I need the premium edition?
Also, so I should delete Spybot?
And, Hijack This looks like a great program to keep. Or is it dangerous if I don't know exactly what I'm doing?
Thanks again for all your help!

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 3rd June 2009, 10:14 pm

Hello.
The free version is fine, you can keep Spybot if you want to.

Hijack This can be dangerous if you fix something on your own. Hijack This shows only loading points, not everything found is malware.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 4th June 2009, 5:01 am

Thanks again!
Just curious, what I had would be considered a Virus, Spyware or Trojan?
Also, if I wanted to check a different computer, should I start a new thread?

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 4th June 2009, 10:58 am

Trojan more than anything, because spyware is stuff that tracks you/watches what you surf, that's why its "spy"ware.

If you want us to check a different machine, open a new topic. Either me or Origin will drop by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 4th June 2009, 9:14 pm

One more question. Just to clarify, would I be getting any better protection if I get a antivirus the costs money, or are the free ones just fine?

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by yabad on 4th June 2009, 9:20 pm

Also, I'm recommending people should get antivirus installed on their computers... If they already have AVG, should they change it over for Avira?

yabad
Novice
Novice

Posts Posts : 20
Joined Joined : 2009-06-02
OS OS : XP
Points Points : 27492
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Attacked My Computer

Post by Belahzur on 4th June 2009, 10:02 pm

Free AV's are fine.
Don't run more than one AV, otherwise it's dangerous.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum