Malware? I think so....

View previous topic View next topic Go down

Malware? I think so....

Post by Moogan on 3rd April 2011, 4:22 am

Halp!

I get these random warning pop-ups that a trojan virus has been detected on my computer. I know this is malware/spyware so I close the window. However, if I try to open a video file, the warning pops up again and I can't watch any video files on my computer using any of the video players (VLC, Media Player, etc). I think I might have located the infected file as it is hidden as a .exe file but I can't get rid of it. Even if I try to delete it, an error pops up saying I must close the program first and then try again. But of course I don't know where to find the file in order to close it. It comes up as: C:\Users\**username**\AppData\Roaming\Microsoft, and the file is called "xcwyfv" and is a movie icon.
Am I screwed? :sad:

I'm not exactly a techie, so I'm not sure what other info is needed....I'm on a HP Pavilion Laptop with Windows 7. I use Norton 360 anti-virus software, and somehow this must have slipped by. I don't even know where this could have come from.

How can I get rid of it? Any help would be greatly appreciated!!

Thanks

Moogan
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-04-03
OS OS : Windows 7
Points Points : 20843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Kenny94 on 3rd April 2011, 4:00 pm

Hi Moogan and Welcome to GeekPolice!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt

Next

Download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply

In your next reply, please include these log(s):

1.DDS.txt
2.Attach.txt
3GMER.txt


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Moogan on 4th April 2011, 3:19 pm

Hi Kenny,

Thanks for the reply! Unfortunately, since I made the original post, I tried to restart my computer in safe mode and now I can't open any programs on my computer at all, including my browser; so, I'm reading your reply from work, since now that's the only access I have to the 'net! :sad:

Every time I try to open a program or my browser from my computer the stupid fake warning window pops up and blocks the program from running. So, I think that downloading anything will be a bit impossible since I can't even open this website from my computer >.<
A friend says I should just reinstall Windows, but this won't completely get rid of the virus will it? And if so, is it safe to save my important files to a flash drive before doing so?

Thanks for the help!

Moogan
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-04-03
OS OS : Windows 7
Points Points : 20843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Kenny94 on 4th April 2011, 3:31 pm

I can remove this malware, but if you want to Reformat and Reinstall will remove it as well.


  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined [You must be registered and logged in to see this link.]

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Moogan on 4th April 2011, 7:23 pm

Hi Kenny,

How can I go about getting it removed? Can it be removed without having to download a program or anything? Because basically I can't open anything on my computer at the moment.....every program I try and open gets blocked and closed immediately by the malware pop-up. I've tried opening just anything and the minute the program opens, the pop-up opens and closes the program. I'd follow all your instructions from the previous reply if I could actually open my browser Sad tearing
Sorry, if I'm being obtuse No way!

Ultimately I'd prefer not to have to reformat and reinstall Windows if it can be helped.

Thanks so much for your help

Moogan
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-04-03
OS OS : Windows 7
Points Points : 20843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Kenny94 on 4th April 2011, 7:52 pm

Please copy and paste this post to a new text document or print it for reference later.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select Safe Mode with Networking and press Enter.



Next



  1. Download ComboFix from below:

    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Moogan on 4th April 2011, 8:07 pm

Hi Kenny,

I will try this later when I get home to the laptop.
I really hope I'm not being a complete dough head in saying this, but I'm not sure how I can accomplish this method because if I have to download a program it might not work, because as I mentioned above, I cannot open any windows at all on the computer, which would include links to a download. I haven't tried this yet obviously, since I'm at work, so I will definitely try it and report back.

When I restarted in safe mode last time, I had the same issue where I wasn't able to open the browser window (neither Firefox or Internet Explorer).

Thanks!

Moogan
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-04-03
OS OS : Windows 7
Points Points : 20843
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Kenny94 on 4th April 2011, 8:25 pm

In Safe Mode with Networking:

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button.

.
Then download and run ComboFix

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware? I think so....

Post by Moogan on 4th April 2011, 8:39 pm

Ah! I'll try that!

Thanks Kenny Smile

I'll report back on how things go.

Moogan
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-04-03
OS OS : Windows 7
Points Points : 20843
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum