Go Back   The Scream! > COMPUTER RELATED > Spyware Removal

Reply
 
Thread Tools Display Modes
  #1  
Old 13-November-2010, 13:19
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default I have a IE virus I think

Hi all,

My computer has got a virus I think cos IE keeps opening up by itself and I don't even use IE my browser is Firefox from the start.
It just doesn't open one window it opens several and different sites as well.
A few times its asking me to save the file but I always cancel it and do not save.
What can i do to remove this virus or whatever it is thats causing the problems?

Many thanks and hope you can help
Reply With Quote
  #2  
Old 13-November-2010, 14:57
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

First thing I would do is, download Malwarebytes.

http://majorgeeks.com/download.php?det=5756

Once downloaded, close any browsers, open programs/windows, etc.

Install Mbam, let it update, Quick scan should already be check marked, so just click on the Scan button..

When its finished, it will popup a log, close that log, make sure all/any tick boxes in the results are checked, now click on the Remove Selected button.

It may ask to reboot the PC, if there are some hard to clean infections, so OK that if asked. If not close Mbam and reboot the PC anyway to give it a fresh start.

See if that helps.
__________________
JR51.
Reply With Quote
  #3  
Old 13-November-2010, 15:15
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: I have a IE virus I think

If you haven't got one download and install a decent internet security suite, their are several free fully functional 30 trial 's from av companies like bitdefender kaspesrsky ect, or go to their web site and find and run their free online scanner, or you have super anti spyware, malwarebytes free versions and a number of others like avast , things you can do,if the nirus hasn't disabled it alt.ctrl and del or with mouse pointer on taskbar right click ,run windows task manager and see if you see any unfamiliar processes running, if so select them and select end process, but without seeing it or more detail, there isn't really that much we can do to help, except install good av or security suite,most have firewalls another advantage

superantispyware
Malwarebytes

Bitdefender internet security 2011 -32bit

Bitdefender internet security 2011 64bit
both are full versions, but time limited to 30 days

eset OnlineScanner/
http://www.kaspersky.co.uk/trials,
__________________

Reply With Quote
  #4  
Old 13-November-2010, 19:22
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

I have just updated my Malwarebytes and then did a scan and it seems to have found 24 infections which I have removed and re-booted my computer.Now will wait and see if the 'Pop Up' IE problems occurs.
Reply With Quote
  #5  
Old 13-November-2010, 19:26
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Let us know how it goes.
__________________
JR51.
Reply With Quote
  #6  
Old 14-November-2010, 11:31
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Doing a quick rescan this morning and its still found 2 infections when yesterday after a reboot I just switched it off.


14 Nov 2010 10:54
I have done a reboot and quick scan and it still giving me the sality virus and also the files are popping up for download as I have shown in the pic below.

I think will have to install bit defender as well and see what happens....


Last edited by jin799; 14-November-2010 at 11:58.
Reply With Quote
  #7  
Old 14-November-2010, 12:57
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Can you post a HiJackThis log.

Link is below, run it with the scan and log option.


http://free.antivirus.com/hijackthis/
__________________
JR51.
Reply With Quote
  #8  
Old 14-November-2010, 15:54
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

hi thanks for the quick replies....

I have installed bit defender but it seems to find sality virus on everything that I use.
I have a DVD of bit defender (valid for 180 days) which I got with PC PRO magazine.

@JR51
here is the log file mate please help cos when Bit D is on my compuuter just becomes dead slow and Bit seems to be finding none stop sality viruses in the same places like firefox,skype. etc

Attached Files
File Type: txt hijackthis.txt (5.3 KB, 279 views)
Reply With Quote
  #9  
Old 14-November-2010, 17:40
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Thumbs up Re: I have a IE virus I think

Hiya.

There isnt anything in that log thats dangerous, just a couple of minor problems, so we will leave that alone for now.

This sality virus, will infect any .exe/.scr you run, hence why everything you are doing is infected. So the less you run on the PC, the less chance of the virus spreading.

I want you to keep solely to the cleaning process and do nothing else on the PC, unless really necessary.

First turn off System Restore as a precaution.

Press the Windows flag key ( Bottom left of your keyboard ) and the Pause/Break key ( Top right of your keyboard ) together, to open the system properties window. Click on the System Restore tab and tick the box for Turn off System Restore on all drives. Click Apply and a popup will appear to ask if you want to proceed. Click YES and then OK out of System Properties.

You will now need to restart the PC in Safe Mode, usually by rapidly tapping the F8 key/other, (depending on the PC make) as soon as the PC restarts. A menu will appear and you can select Safe Mode from there using the Up/Down arrows on the keyboard. Once selected, just press the Return/Enter key on the keyboard and wait till it loads up fully in Safe Mode. OK the S/Mode desktop when/if asked.

I dont know the effect of this virus in S/Mode, but one way of tricking the virus is to name an .exe to .com

So for now, I want you to go into C:\Program Files\Malwarebytes' Anti-Malware and look for the Mbam.exe file. Rename the file to Mbam.com and OK the change. Run Malwarebytes from the Mbam.com file in this folder, not from the original start menu or desktop shorcuts.

I dont know the name of the Bit Defender .exe file or folder it is in, but you can change the .exe file to .com aswell for now.

OK, run Malwarebytes Mbam.com from the folder and do a Full Scan, this may take a lot longer than the Quick Scan. When finished, zap anything it finds and reboot the PC when asked. Again boot up the PC in Safe Mode and run Bit Defender as a precaution, but from the newly named BitDefender.com ?? file in the Bit Defender folder.

Also in Safe mode, you can do a search for that DLL file, that is the file causing the infection.

So go to Start > Search > Files and Folders > Type into the search box vcmgcd32.dll then point to the C drive and OK it.

If it finds any instances of that file in the search results, ( Its usually in the System32 folder ) right click on the file in the results window and select Delete.

This may or may not work, sometimes you have to unregister the file before it is deleteable.

If it is found and wont delete, leave the Search results open and go to Start > Run and type in cmd << OK it.

In the Dos prompt window that appears you will have to type in the location first and then the unregister command and file name like so...

Firstly at the Dos prompt, type in...

cd\windows\system32 << Press Enter.

You will now see C:\windows\system32>

Now type in...

regsvr32 /u vcmgcd32.dll << Press Enter.

A message should appear saying it is unregistered.

Go back to the Search results and delete the dll file if applicable.

Close all open windows/programs and restart the PC as normal.

See if that has cleared the problem.

You might want to copy and paste this reply in a text file for reference, dont load up a browser to read it, lol.

Post back here good or bad results.
__________________
JR51.
Reply With Quote
  #10  
Old 14-November-2010, 20:25
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

@ JR51
Will get on this as soon as I can... have to goto work for now will dig into this 2mr and get back the results.
Please JR advise me on how to get rid of the other minor problems as well so when I get the space I will clean up everything.
How do I get rid of the Sality virus cos I think that its on my usb's as well as my old PC's.

cheers for quick replies Tommy T and JR51
Reply With Quote
  #11  
Old 14-November-2010, 22:08
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Dont cross connect with other PC's, this virus will infect any .exe's on all drives and/or PC's. Dont transfer .exe's from one PC to another.

If you have more than one PC on a network, disconnect the others and clean one at a time.

I outlined in my previous reply what to try.

The minor problems in HiJackThis are irrelevant at this time.

Can you post the log for Mbam. In the image you posted, the Mbam results are obscured by the other windows, I want to see where that Sality was located. The logs can be found in the Mbam program. Find the date for that one and click on it to highlight it, then click the Open button at the bottom of the window. Copy/Paste it back here.

If my previous suggestions dont work, we will try another approach and possibley use the additional info I have outlined below.

Another couple of additions may also be added to the systerm that the virus uses.

1. It may add an entry to the System.ini file.

So if you go to Start > Run and type in msconfig then OK it.

In msconfig look along the top for the System.ini tab and click on it.

If you see an entry like so....

[MCIDRV_VER]

Untick the box at the front of it, click Apply and OK out.

Do not untick any other entries in there. If the above entry does not exist, just close msconfig.

2. It also may add entries into the Registry, such as....

KUKU300a

KUKU301a

kuku_joker_v3.09

A search of the Registry will find them if they are there. These entries should be deleted, but leave them if you are unsure of what to do.

This infection can also disable Regedit, Task Manager, Safe Mode and Show Hidden Files in Folder Options.

If Sality is running, it may be seen in the Task Manager > Processes tab.

Right click on the Task bar at the bottom of your Monitor and select Task Manager. Click on the Processes tab and look for anything that mentions Sality, these names may differ but will have Sality in them. EG. PE_SALITY.M If you click on that/them entries and then click on the End Process button, that should stop Sality running.

Anyway see how it goes for the first attempt at cleaning in my previous post.
__________________
JR51.
Reply With Quote
  #12  
Old 14-November-2010, 23:21
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: I have a IE virus I think

There are also removal tools for this virus :http://support.kaspersky.com/downloa...litykiller.zip to save doing it manually
__________________

Reply With Quote
  #13  
Old 15-November-2010, 10:20
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Good call there tommy, I was looking at another removal tool from Kaspersky's site yesterday, more of a general all round removal tool though.

Yours looks like the biz, it checks for the dodgy registry entries, system.ini and much more in one process. Cheers :D

jin799, try Tommy's suggestion, save messing about, lol.
__________________
JR51.
Reply With Quote
  #14  
Old 15-November-2010, 19:37
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Excellent !

I think this should be good and thanks Tommy as I have other computers that have the sality virus in them.I will use this on them !!!

JR51 , I have done the process that you suggested in post #9 and it seems to be working although I have not had the computer running straight for 2 hrs +.
I have put in Bit D as you suggested but it does seem to slow down the running of the computer but am scared to remove it also incase other viruses wanna come in...!

I am running Tommy's suggestion and using SalityKiller but seems clean so far fingers crossed !!! Will post a pic of it as soon as its done....

Cheers ppl!!!!
Reply With Quote
  #15  
Old 15-November-2010, 20:38
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Thats some good news hopefully, lol.

Sality Killer would have probably done all I suggested in post #9 in one foul swoop from what I could see when I ran it on my PC. I only ran it for about a minute and watched the Dos window clocking up the cleaning commands.

See how it goes and let us know one way or another whether it worked OK or not.

Installing BDefender was just a suggestion as a secondry precaution.

I'm not conversant with BDefender, so dont know how heavy it is on resources, I use Avast! free, which runs in the background and occassionally run Mbam.

Once you are satisfied your clean, you could remove BDefender if you think its too piggish on the PC and install something a bit lighter.

PS. I didnt see any other anti-virus program in your HJT log, only BDef, which you said you just installed, so prior to that you didnt have one ?

Recommend > 1 x Firewall, 1 x Anti-Virus, 1 x Anti-Malware, thats all you should need.
__________________
JR51.
Reply With Quote
  #16  
Old 15-November-2010, 21:16
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

well it hasn't found any sality virus til now and here is the proof....

JR51, I had avast before but that was slowing my computer as well and I thought it was the free one thatswhy it was sluggish so I unintalled that and have not had an anti virus but did have an old version of Mbam.

Thanks for all the help ppl and lets hope I can keep sality out....

One more question..... if I uninstall Bit D and then re-install it (when needed) will it give me the same 180 days of protection or will be counted from when I first installed it ?


Last edited by jin799; 15-November-2010 at 21:21.
Reply With Quote
  #17  
Old 15-November-2010, 22:31
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Looking good.

I find Avast quite good, I just let it run in the background, I dont scan unless needed, some AV's scan on boot up or during a session, that normally slows a PC down.

Try it and see if its any different from the one you had before, you can always uninstall it if it is slow.

http://www.avast.com/free-antivirus-download

Most trial software, etc, install a hidden/ecrypted file or reg entry that keeps the date of installation, usually hard to find and so it may run out after the trial has ended.

PS. Dont reconnect any PC's to the network/whatever until all are 100% clean. Also dont forget to turn the System Restore back on when fully clean.
__________________
JR51.
Reply With Quote
  #18  
Old 16-November-2010, 00:43
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: I have a IE virus I think

Regarding bit defender once you have entered your valid licence key it will start from then regardless if it is installed or not, if it's the internet security or total security, it will have a firewall too, which most free av suites don't include, that (firewall )if configured properly is invaluable in stopping such viruses /worms connecting to the net and downloading more malware onto your system, it's helped me a few times, as whatever got onto my PC disabled the naff windows firewall but couldn't stop bit defender's firewall, i personally also use pc tools spyware doctor for the occasional manual on demand scan,i have found in the past that what one doesn't find the other will,

i have heard good things about eset smart security, in particular it's very light on system resourceshttp://www.eset.co.uk/Trial/Home

glad that the kaspersky tool is good,i found it by chance as bit defender didn't appear to have one
__________________

Reply With Quote
  #19  
Old 16-November-2010, 16:38
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

thanks ppl for all the help and in cleaning out my viruses
Reply With Quote
  #20  
Old 16-November-2010, 17:27
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Good show, thanks for posting back all is well now. :D
__________________
JR51.
Reply With Quote
  #21  
Old 25-March-2011, 03:21
danny0085
Guest
 
Posts: n/a
Default Get rid of virus forever

If you are tired of virus you can install linux ubuntu and install general software like office, nero, adobe reader and so on
Reply With Quote
  #22  
Old 20-May-2011, 14:33
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Sorry to bring this thread up again but.....

The problem of the IE explorer opening up again and opening many pages has come into affect again...
My free Bit Defender trail has expired now so the problem is back.
I have tried and installed the Avast suggested by JR51 but its not working and the IE is still popping up.

Please advise.
Reply With Quote
  #23  
Old 20-May-2011, 15:34
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Seems funny Bitdefender has run out and this starts again, lol.

Chuck a HJT log here for perusal.

Any A/Virus, Anti-malware, etc, thats installed that doesnt work, normally means an infection of some kind. The infection will stop most AV's from either installing, updating or running if already installed.
__________________
JR51.
Reply With Quote
  #24  
Old 21-May-2011, 19:32
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Ya seemed a bit weird for me as well that bit defender went off and this started .Well here is the txt file for HJT

P.S Avast is installed and running but as I said the IE windows keep opening.
Attached Files
File Type: txt hijackthis21may.txt (4.8 KB, 258 views)
Reply With Quote
  #25  
Old 21-May-2011, 21:23
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

That log has about 3 items that may be removed, but check first you dont use any of the first 2 entries. The 3rd one can definitely be zapped.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbars.com/search/disp...tb_id%language

O4 - HKCU\..\Run: [12Voip] "Z:\Temp_Programs\12Voip\12Voip.exe" -nosplash -minimized

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


Other than that, there seems to be nothing dangerous in there.

Run Malwarebytes and update it before using, zap anything it finds as a precaution.


You could try emptying all your Temp, Temporary Internet Files and Cookies folders for IE and see if that removes the problem.

You can access the cookie folder in C:\Documents and Settings\YourUserNameHere\Cookies Make sure you have any logon names and passwords saved before deleting. Not that it matters if you use Firefox anyway, FF uses its own cookies and Usernames/Passwords, etc.

The other 2 folders are hidden by default, but you can access them from Start > Run and type this into the box, then OK it....

C:\Documents and Settings\YourUserNameHere\Local Settings

In the Local Settings folder you will see the Temp and Temporary Internet Files folders, empty both of them. Sometimes you may get a file or two that wont delete, so deselect them and zap the rest.

Some people use a dummy Proxy setting in Internet Explorer to basically disable it in the respect of it not being able to connect to the Internet at all.

Open IE and on the Toolbar select Tools > Internet Options. Click on the Connections tab and then click on the Lan Setting button.

In the next window put a tick in the Use A Proxy Server......... box and enter these numbers into the Address box 0.0.0.0 (All Zero's with the dots in between) and in the Port box type in 80 Then OK it.

Make sure Firefox is the default Browser. In Firefox go to Tools > Options > Advanced tab At the bottom you should see a Check Now button, press that and it will say if it is or not.

See if any of that helps at all.
__________________
JR51.
Reply With Quote
  #26  
Old 21-May-2011, 23:09
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

Hi JR51

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbars.com/search/disp...tb_id%language

O4 - HKCU\..\Run: [12Voip] "Z:\Temp_Programs\12Voip\12Voip.exe" -nosplash -minimized

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Where are these I could not find the folder to get rid of them ?
I do not need any of them.

Open IE and on the Toolbar select Tools > Internet Options. Click on the Connections tab and then click on the Lan Setting button.

In the next window put a tick in the Use A Proxy Server......... box and enter these numbers into the Address box 0.0.0.0 (All Zero's with the dots in between) and in the Port box type in 80 Then OK it.
I did this and could not access the net even with FF.
FF is my default browser and I did checked the things you told me abt but was getting the connection reset message.
Reply With Quote
  #27  
Old 22-May-2011, 09:30
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

Those 3 items are from your HJT log, you need to run HJT again and do a System scan only, when its finished scanning, look for those 3 entries and put a tick in the box next to them, (Double check they are the correct ones before proceding.) then click on the Fix Checked button lower down.

I don't know why FF will not surf the web with that proxy setting, I have it set in my IE and I can still access the web. I use a Router/Modem for connecting.

Uncheck the Proxy settings and leave it as it was originally for now, we dont need to add anymore confusion, lol.

Did you manage to do any of the other tasks I suggested and has anything improved ?
__________________
JR51.
Reply With Quote
  #28  
Old 22-May-2011, 12:10
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

I have done what you just posted abt deleting the files using HJT and seem to have deleted it.

I had done all the steps in your post #25 except the ones I had problems with which you have given me the solutions to.

I'm going to now see for an update to Malware and then do another scan.

I will post any updates or the next time IE pops up.

Last edited by jin799; 22-May-2011 at 12:20.
Reply With Quote
  #29  
Old 23-May-2011, 08:48
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: I have a IE virus I think

Hiya.

So has the IE popups stopped for now then ?

Did MalWareBytes find anything nasty ?
__________________
JR51.
Reply With Quote
  #30  
Old 23-May-2011, 12:21
jin799 jin799 is offline
Screamer
 
Join Date: Jul 2008
Posts: 143
Default Re: I have a IE virus I think

yesterday I didn't stay long on the computer but today just now when I switched on the computer the IE have opened up so its not gone....

Malware- I did a deep scan yesterday but it did not find anything and said that the computer was clean,so maybe its not seeing the IE virus
Reply With Quote
Reply

Tags
419, bad, cable, files, free, hijack, hijackthis, internet, key, make, modem, network, port, router, security, settings, share, sharing, software, tools, virus, voip, web, windows, wireless, zero

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Countdown for nasty Windows virus Scoobs PC Security 7 07-February-2006 13:12
Avast! Free Anti virus crankykick PC Security 12 08-February-2005 14:53
Virus W32/Sobig-F problems skysurfer General Software 7 20-August-2003 17:04
Firewall XP Home Worldlife PC Security 11 18-August-2003 14:22
Virus Alert HTML.VMExploit Worldlife PC Security 8 18-April-2002 12:20


All times are GMT +1. The time now is 12:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!