Soft virus

Ok. I look forward to seeing the MBAM log. As for an anti-virus program:

Personally, I use Avast but, any of these are good:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It's all about personal preference

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

just got done with the scan and here is what it says
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

6/2/2010 2:51:06 PM
mbam-log-2010-06-02 (14-51-06).txt

Scan type: Quick scan
Objects scanned: 113708
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

There was an error in my last script. Sorry.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
  O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
  
  
  
  
  NOTE: If you added the O6, O7 and O15 entries manually please DO NOT remove them. If you did not add them, please include them in the fix
  
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====


Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

========= OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.

OTL by OldTimer - Version 3.2.5.2 log created on 06022010_170600

Last edited by Ronnieballs on Wed Jun 02, 2010 5:07 pm; edited 1 time in total (Reason for editing : wrong info posted)

EDIT: missed the follow up post.

How is the Kaspersky log coming along?

Sorry havent gotten it yet, we had a pretty decent storm roll thru and the power has been out for a couple hours I`ll post that in the morning when I get home from work...

sounds good . I eagerly await your results

ok finally got it , Thanks for waiting
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 03, 2010 08:47:46
Records in database: 4196542
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 168436
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:02:03


File name / Threat / Threats count
C:\Users\Dad\AppData\Local\Temp\argK.exe Infected: Trojan.Win32.VBKrypt.zk 1
C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\d188a2c-24960021 Infected: Trojan-Downloader.Java.Agent.af 1
C:\Users\Dad\Documents\LimeWire\Incomplete\T-3259657-theory of a deadman hate my li.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

Selected area has been scanned.

Hi,

This should be it

The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean (Older and newer version may not be) Chances are junk was bundled with this product even if you paid for it. If you are going to use p2p file sharing, I suggest you choose a safe program from here: http://p2p.malwareremoval.com/.

• Click Start
  
• Go to Control Panel
  
• Go to Add/Remove Programs
  
• Find and click Remove for the following (if present):
  LimeWire
  

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
=======
Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following folders: if found, delete them

• Folders:
  C:\Users\Dad\AppData\LocalLow\Sun\Java
  C:\Users\Dad\Documents\LimeWire\Incomplete
  

========

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :commands
  [emptytemp]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post back confirming you've done the above, and I'll follow up with some preventative measures you can take to keep this from happening again

Ok thats all done, here is the newest log ...
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 13578548 bytes
->Temporary Internet Files folder emptied: 10299296 bytes
->FireFox cache emptied: 58197638 bytes
->Flash cache emptied: 3880 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 203880 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1619645 bytes
RecycleBin emptied: 89804689 bytes

Total Files Cleaned = 166.00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 06032010_140434

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hi,

Congratulations!! Your PC is all clean!

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See this page for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

Sorry for the delay in replying Chris, I found a warning this morning on windows defender that said I had a Trojan called spypro and that windows defender had stopped it, I hadnt been on the net since our last exchange on here. I also found and manually removed all the programs you said could be bad. I am still unable to launch several programs from my desktop short cuts and Im thinking it has to be firewalled.
I turned off windows firewall but they still wont launch, I am looking at my super anti spyware now to see if something in there is stopping the programs from launching.....
I really appreciate your time and patience

Hi ronnie,

Run CKScanner

• Please download CKScanner by from Here
  
• Important: - Save it to your desktop.
  
• Doubleclick CKScanner.exe and click Search For Files.
  
• After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify the file saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Ok here is the log for that..

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\htc\aces high ii\cache\stdshape\gcrack_1024.tca
scanner sequence 3.AP.11
----- EOF -----

Hi Ronnie,

That shows a cracked version of aces high ii. I recommend removing it.

What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

I deleted that game, My son downloaded it from somewhere on the net, it being a cracked game if that terminology is correct may very well be why he never could get it to play...
Is there some way to find out where he downloaded it? I will surely report it to who ever handles such cases...Whats even worse is we payed for the download, and I eventually had to go to my bank and put a stop to them charging my account...I think the site was called hitech creations something or other . It really makes me mad that these cyber crooks use a kids game to hack a computer

Hi Ronnie,

After conferring with the experts behind the scenes we feel the problem is non malware related. Try the following:


Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

• Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  
  
• Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  
  
• Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
  

Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

Hi Chris, I tried to install the fixit but I got this error meassage
an unexpected error occured.Setup cannot continue.Please exit and try again.
Error.no connection could be made because the target machine actively refused it.127.0.1:5555.
whatever that means lol,
I did go and look at a new computer today and Im not sure what the guy was telling me but it had 8gig memory and a 1 tera hard drive witha quad core processor, not sure what all that is either but apparently the mfg thought pretty highly of it and had a pretty high price tag,
Maybe I could just wipe this one clean and start over lol

Oh after running thru all that you have told me the fake virus stuff is all gone but Im still unable to launch alot of things from my desktop like I could before I got the virus, I have even uninstalled and reinstalled the launchers,
verything you told me to do worked like a charm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%desktopcommy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:ComboFix.txt in your next reply.

I get a error saying c/: app failed to start, or something in that order..
maybe that new computer is in order lol can we do the remote access thing? This is going way beyond my computer abilities lol

hi Ronnie,

If you want to start fresh, you can just reformat (which is free) or purchase a new pc. Up to you

what involved in reformatting?

Hi Ronnie,

Do you have access to the CD's that came with your PC?

In reformatting you wipe the drive clean with those CD's and start fresh with a new Operating System, just like the day you bought it.

You will lose all your programs and files but, you can back your files up to a flash drive or CD's before the reformat to ensure you can put them back on when you're ready to do so.

I don't recommend backing up any executable files for programs. They can always be reinstalled later.

If you let me know what you plan to do: continue with the disinfection or reformat I can direct you to the proper forum so you can get help from our other Staff and members. Currently, only pre-approved users can respond to this topic.