get rid of this Safemass.exe!!

View previous topic View next topic Go down

get rid of this Safemass.exe!!

Post by cyrusNEW on Mon Jan 25, 2010 3:02 pm

Hi! It's my first time to write here. My computer has been infected with the virus safemass.exe(I know its name because I open my infected USB in UBuntu and found this bastard sitting there inside the of a folder with a auto.inf) or smass.exe if you look on the process manager. AVG can detect it but cannot remove it. So, I reinstall my OS and software again but this time I enable the Turnoff autoplay in the gpedit. It prevent the virus from exec when I plug my USB so I could remove it with Salamander software...but some of the virus I think reside in my phone memory(I think it got infected when I try to download mp3)...how can I remove this??? please help me? :sad:

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by Dr Jay on Mon Jan 25, 2010 6:01 pm

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by cyrusNEW on Sat Jan 30, 2010 1:30 am

ok...thanks! I'll do that. but what is it for?

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by Dr Jay on Sat Jan 30, 2010 3:15 am

Removing malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by cyrusNEW on Mon Feb 01, 2010 5:40 am

Sir, i-downloaded Combofix but I just learn before that. Avira Personal AV detected the trojan in my USB. even if it's inside a rar file. I'll also going to try Combofix just to be sure. Thanks!

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by cyrusNEW on Mon Feb 01, 2010 8:33 am

I use Avira Personal AV. It deect the virus. its in my maxtor 160gig portable drive. Avira detects an Df27.exe object with TR/Dropper.Gen detection its in my RECYCLER directory.

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by Dr Jay on Mon Feb 01, 2010 2:40 pm

Detects what? A trojan, or the removal tool, ComboFix.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by cyrusNEW on Sun Feb 14, 2010 10:12 am

Not sure. I look in the Quarantine Manager , it detects: 2 files "Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus"
and the other 2 files "Is the TR/Dropper.Gen". I might not making sense to you but I did try Combofix after scanning my PC. In the logfile, it deletes my "winlogin.bak". i never had a problem afterward.

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by Dr Jay on Sun Feb 14, 2010 8:34 pm

Hi again. Please do these steps in order.

1. Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: get rid of this Safemass.exe!!

Post by cyrusNEW on Wed Feb 17, 2010 9:36 am

Ok. :smile2:

cyrusNEW
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-22
OS OS : Window XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum