Infected programs - help please!

solog

New Member
#1
I have a Dell Dimension with pre-installed Win7 that was infected a while ago by a bunch of trojan horses. I installed Kaspersky antivirus and it cleaned it all. Except apparently some innocent programs are still infected: google chrome, IE, and even some windows files...

Kaspersky tells me that those programs are trying to access a txt (I found this txt and deleted it) and my email keeps sending spam messages even after I changed my password. And today MS Word is saying a "$U" user is accessing it and I can't open it.

What is going on? Please help me. I'm not sure how to do a clean windows install either since I don't have a restore disk.... ;-;
 

mqudsi

Mostly Harmless
Staff member
#2
Try scanning again, this time from within Safe Mode.
 

solog

New Member
#3
Try scanning again, this time from within Safe Mode.
ok, I just did, but it didn't detect anything.

I took a screenshot of the kaspersky's warning:

free image hosting
In Portuguese it says "downloading the object ...txt, with phishing URL. Denied."

I don't know what to do, I fell like just doing a clean install but without the installation CD it won't happen?
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#4
Try doing ALL of the following in "Safe Mode with Networking" reached by tapping F8 repeatedly while booting up.

It's the 2nd choice in the ensuing menu.

Download, update (very important) and run a full scan using the FREE version of this tool.

Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer

It will do all that in that mode and you shouldn't have a problem installing and running it as the infection should be disabled anyway in that mode.
 
Last edited:

solog

New Member
#5
ok thanks! I have to leave now but I'm gonna get back to it first thing tomorrow (it's a work computer, another reason for fixing this problem asap).
 

solog

New Member
#6
Try doing ALL of the following in "Safe Mode with Networking" reached by tapping F8 repeatedly while booting up.

It's the 2nd choice in the ensuing menu.

Download, update (very important) and run a full scan using the FREE version of this tool.

Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer

It will do all that in that mode and you shouldn't have a problem installing and running it as the infection should be disabled anyway in that mode.
Hi, I did exactly as you said and Malwarebytes found one infection. Um, but when I restarted the pc the warnings of accessing a txt are still coming up... I'm gonna try changing my passwords again anyway.

the log:
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versão da Base de Dados: 7035

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

06/07/2011 20:12:58
mbam-log-2011-07-06 (20-12-58).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 266058
Tempo decorrido: 18 minuto(s), 50 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\Users\Condor\documents\documentos\removewga.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#7
Try running Hijackthis and posting its log on one of the following forums along with the problem details.

DOWNLOAD HIJACKTHIS

Do not post Hijackthis logs here, we can't help with those!

Post the logs at a specialist Forum:

AUMHA

BLEEPINGCOMPUTER

MAJOR GEEKS

[FONT=&amp]MALWAREBYTES[/FONT][FONT=&amp]
[/FONT]

MALWARE REMOVAL

SPYWAREHAMMER

SPYWARE INFO

WHATTHETECH


Be sure to read all the sticky announcements/instructions at the top of each malware forum!



Edit: I copied and pasted that from a secure web page so click the 'Visit Anyway' link to go to the website anyway.


.
 
Last edited:

Ex_Brit

If you're going through hell, keep going.
Staff member
#9
OK good luck.
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#10
I would suggest something different. First i would run Combofix on the drive, which is available on Bleeping Computers website. I would then download and run MBAM. From there I would then scan with HiJack This and post its log up. I know how to read each log very well and can assist in determining what if any further action is needed. I do spyware removal on other sites and know this aspect very well. :wink:
 

mqudsi

Mostly Harmless
Staff member
#11
Peter actually does the same on the official McAfee forums, Alex. :smile:

All roads lead to Rome, I suppose!
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#12
From what I see, he just suggests they go to other sites. :wink:

I actually read the logs myself and give support directly. Not direct them to yet another site. :lol:
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#13
I didn't know you did that, sorry. I assumed that Mahmoud didn't want the forums cluttered with HJT logs. Most don't so I recommend the specialist forums instead.
 

mqudsi

Mostly Harmless
Staff member
#14
I guess I read through the post too quickly, apologies, Alex.

Peter, I'm fine with whatever :smile: You know me, the ever the genial good fella :tongueout: (wink, wink!)
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#15
LOL....OK Guys
 

mqudsi

Mostly Harmless
Staff member
#16
All that's left to say is "may the force be with you" to whoever it is that's going to be going through all those HJT logs :lol:
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#17
I have no issue with going through them or directing them to a specialized site. Either way is fine by me really. Just have to get myself out of the mindset that I have to do it. The other site where I do them isnt keen on sending people to other sites and tries to keep people there. So whichever way is fine by me. Infection removal can be tricky at times but for the most part just running a few programs can get rid of 99% of the common infections. It is only the pesky ones that are problematic. Such as Vundo. Those are not nice in anyway. :lol:

I dont mean to cause a ruckus. I am just saying that if needed I can do it. It would be my pleasure to bring another aspect to NeoSmart that wasnt thought of before.
 

mqudsi

Mostly Harmless
Staff member
#18
Thank you, Alex. You've always been more than wonderful and helpful.