pixiepistlz Posted January 29, 2009 CID Share Posted January 29, 2009 I was told that I may try and either open up a restore or close to thoroughly clean it good. don't know which it was now. But does anyone know how to do that?? . I had to do some restore points on here to be able to surf the web. I just now got back online. Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 29, 2009 CID Share Posted January 29, 2009 By cleaning you mean to remove some of you old restore points? What OS are you running. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 29, 2009 Author CID Share Posted January 29, 2009 Windows XP Emachines W3052 Tommie suggested it. so I suppose remove?? Like now..my connection is getting interrupted again ..just like before. I may not be online after all. DAMMIT! Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 29, 2009 CID Share Posted January 29, 2009 I am having trouble too. Keep getting timed out when trying to connect to TMN. Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 29, 2009 CID Share Posted January 29, 2009 From your other thread..Did you download, update and run.... http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10896905 It should be able to see in to the Restore point areas.. For infections. Testmy.net is loading a wee bit slow at the moment here... Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 30, 2009 CID Share Posted January 30, 2009 I would not remove any restore points in till you are sure your computer is running right first. Are you having trouble all the time with the computer or just when you are on the web? I agree with zalternate try the malware remover first. TMN seem to be loading alright now. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 From your other thread..Did you download, update and run.... http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10896905 Sure did. I got a full arsenal of weapons. Ad-aware, Nod32,Spybot, A-square , vcleaner, super anit-spyware, spyware terminator. Yep and ran one scan in safe and it got nothing yesterday and then I ran another seperate one (not in safe) and it got some trojans . I have pulled over 100 nasty ones out of my system in the last week or so. How the hell do I keep having that happen.?? I do not go to badsites online. LOL....Not in a good damn while anyways. I stick to youtube, TMN , gmail, yahoo, google, hulu, playlist, ebay, hotmail, ect. My kids do get on it as its the only one I have. I monitor what the little ones do. The other 2 usually can be found on deviantart.com and you tube , ect. they check their emails too. I did warn them of facebook , playlist, myspace. about not clicking on any ad's.. I would not remove any restore points in till you are sure your computer is running right first. Are you having trouble all the time with the computer or just when you are on the web? I agree with zalternate try the malware remover first. TMN seem to be loading alright now. Well, It was freezing til I removed alot of nasties from it. then it was fine for a few days and yesterday it seemed fine, then it totally would not connect except for gmail. That was the only site I could go to last night and early this morning..also, when I tried to access files, pictures, ect. I could but those sometimes freeze too. Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 30, 2009 CID Share Posted January 30, 2009 Could you post a HiJack log here? Maybe something is being missed. Or a rogue program is on your system for it to keep screwing it up... Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 30, 2009 CID Share Posted January 30, 2009 Here is McAfee's site adviser details about infected videos on the Deviant Art site http://www.siteadvisor.com/sites/deviantart.com/summary/ Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 Sounds like Amy may have to stay out of Deviant art. The first one was what I got last night popping up . The second was after I used my windows diagnostic tools, and the 3rd was the first malware scan I did last week. Here's the first log for Malware. Malwarebytes' Anti-Malware 1.33 Database version: 1693 Windows 5.1.2600 Service Pack 3 1/25/2009 5:30:10 PM mbam-log-2009-01-25 (17-30-10).txt Scan type: Full Scan (C:|D:|) Objects scanned: 220469 Time elapsed: 1 hour(s), 46 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOTcdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTTypeLib{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTInterface{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTcdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:Documents and SettingsOwnerLocal SettingsApplication DataCyberDefendercdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:Program FilesCommon FilesInternetAntivirusPro.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:WINDOWScookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:WINDOWSBM9bf26d0e.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSBM9bf26d0e.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Quote Link to comment Share on other sites More sharing options...
justinlay Posted January 30, 2009 CID Share Posted January 30, 2009 I usually remove my old restore points about ever 2 months. You would be suppriced on how much space you gain. Today i was able to gain 31 GBs of space. Yeah you want to make shur your system is running top shape, and im running vista Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 30, 2009 CID Share Posted January 30, 2009 Internet Anti-virus Pro. Find it any where you can. that is a big bug. http://www.2-spyware.com/remove-internet-antivirus-pro.html .....Link quoted for informational purposes only.... Quick search toolbar is being considered a spyware as a general surfing information gatherer. Questionable to some as to whether need to remove. Multiple ToolBars can cause conflicts in the system. I'd also dump the one way Windows Firewall and put ZoneAlarm on it to block outgoing virus/updaters. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 YES! A pop up came on my screen saying I was infected and to download Internet Pro. I partially downloaded it and then cancelled it. It's saying my files are corrupted as I was just downloading the spywaredoctor..It says obtain new program. Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 30, 2009 CID Share Posted January 30, 2009 Take some chunks out of it and hopefully kill it enough to stop replicating. the Zonealarm Firewall will help to stop any updaters left from getting out to refresh the trojan.. One location to look in to is... c:program filesinternet antivirus pro Here is a instruction for manual removal. http://www.xp-vista.com/spyware-removal/internet-antivirus-pro-removal-instructions-internetantiviruspro Does contain Registry settings changes, so beware ..Start with just the files first, so you don't kill the system............................ It is extremely important to remove all the components of of the Internet Antivirus Pro and all the malware and trojans that it might have come bundled with (such as zlob.trojan, trojan.vundo and Trojan.Downloader). To effectively and safely remove Internet Antivirus Pro, we have created a manual removal instructions. Be sure to back the data up before proceeding. Good luck! Manual Internet Antivirus Pro Removal Instructions: Stop Internet Antivirus Pro Processes: http://www.xp-vista.com/other/how-to-stop-or-kill-a-process-in-windows-xp-or-vista...... Right click the clock. ..Task manager,, then right click and stop the below listed process's.. iavir.exe iavir[1].exe iavirInstall.exe InternetAntivirusPro.exe iv.exe Find and Delete these Internet Antivirus Pro Files: (Learn how to do this) iv.exe iavir.exe InternetAntivirusPro.exe %ProgramFiles%IAInternetAntivirusPro.exe %ProgramFiles%Internet Antivirus Proactivate.ico %ProgramFiles%Internet Antivirus Procookies.log %ProgramFiles%Internet Antivirus Prodbconfig.cfg %ProgramFiles%Internet Antivirus ProdbDBInfo.ver %ProgramFiles%Internet Antivirus Prodbia080614.db %ProgramFiles%Internet Antivirus ProExplorer.ico %ProgramFiles%Internet Antivirus ProIAUpdater.exe %ProgramFiles%Internet Antivirus ProIAvir.exe %ProgramFiles%Internet Antivirus ProScanner.log %ProgramFiles%Internet Antivirus Prounins000.dat %ProgramFiles%Internet Antivirus Prouninstall.ico %ProgramFiles%Internet Antivirus Proworking.log Remove Internet Antivirus Pro Registry Values: (Learn how to do this) HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionInternet Antivirus Pro HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 Take some chunks out of it and hopefully kill it enough to stop replicating. the Zonealarm Firewall will help to stop any updaters left from getting out to refresh the trojan.. One location to look in to is... c:program filesinternet antivirus pro How do I find it?? control panel, start menu?? Can you paste these instructions for manual removal?. I cannot get the page to load to even read it. damn. Quote Link to comment Share on other sites More sharing options...
mudmanc4 Posted January 30, 2009 CID Share Posted January 30, 2009 Pixie, you have "vundo" it's nasty , real nasty ! I have never found a way to completely get rid of it other than a full format, then re-install. Sorry dear, you can find out tons of stuff by googling it, but the process is ugly. edit: I need to add, any machines on your local network will be infected as well. Quote Link to comment Share on other sites More sharing options...
zalternate Posted January 30, 2009 CID Share Posted January 30, 2009 The Spy-ware hunter on the site is not a good one by the way. Some have big problems with it. Instructions pasted. Find the files first and work your way through. Start...Search... %ProgramFiles%Internet Antivirus ProIAUpdater.exe ... and then delete the previously listed file names on the other post, that come up in the search or go to start. My computer,, C: drive.. Program files to find the folders... Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 30, 2009 CID Share Posted January 30, 2009 I could not get it to load either.The web site must be down. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 Ok, Tommie, you have been telling me about full format for a while now. Guess your my play by play tech support man soon. Damn that "Vundo". Many thanks to all of you guys for your help and time Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 30, 2009 CID Share Posted January 30, 2009 It's not that hard not do a full format. Tommie should have no trouble getting you thru it. Quote Link to comment Share on other sites More sharing options...
mudmanc4 Posted January 30, 2009 CID Share Posted January 30, 2009 Be careful what you save, that thing is the worst infection Iv'e ever seen, not that I deal with them everyday or anything, but it has been known to get into email, pictures, all movie files, music, most any data on your machine. If you burned anything since the infection, it's possible you could re infect yourself when you put your " safe " files back in the machine. No they don't always show up on scans either. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 I don't burn discs but I save lots of pics and print some. I save videos too. :buck2: Quote Link to comment Share on other sites More sharing options...
tommie gorman Posted January 30, 2009 CID Share Posted January 30, 2009 I figure everything is trash in a reformat. I still say a full blown safe mode no networking first though. Slow, but saves stuff. And take the restore points out also. Dump anything not wanted badly. IF that does not work, format then. Quote Link to comment Share on other sites More sharing options...
pixiepistlz Posted January 30, 2009 Author CID Share Posted January 30, 2009 Ok NERDle Quote Link to comment Share on other sites More sharing options...
Buntz Posted January 30, 2009 CID Share Posted January 30, 2009 I feel the same way. Start new get rid of everything. Sometime a get real paranoid and boot & nuke first. Now I know I am starting off clean. Never hurts to try a safe mode scan first, you might get lucky. Get rid of the restore point too, it easy just shut restore off before you reboot in to safe mode. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.