Netbook infected!

[PEV]

My wife has a Zoostorm netbook running Windows 7.

It has been perfect since purchase 15 months ago and apparently had adequate AV As stated by the PC literate friend who set it up.

However this evening she opened an email from a friend which caused a warning allegedly from Windows AV that there were multiple threats including several trojens, spyware etc.

We were then prompted to go through the guided process to scan and remove the threats but our efforts to fix or remove were blocked and a message apperared telling us to purchase Windows Ultimate debugger to were asked to pay $100 dollars to get the fix.

This is obviously a scam and of course there's no way they will get our card number but the message now comes up as soon as she logs on which blocks all access to OE her email account and all other programmes and the Debug has appeared in the strat menu. We have tried to remove this via control panel - remove programmes but it is not even shwn as a programme there are now messages allegedly from from the netebook'sAV that anti virus and firewall are tuned off and there are now identity theft attempts. torent copyright breaches etc all happening.

 

Can anyone please advise? We are having the machine looked at on Thursday but as it's likely to be more problems which ever way it goes it would be nice to have your opinions.

Mine is this is an elaborate scam but I've always been able to kick them out/delete, however this has taken control of the machine. Your urgent advice would be appreciated

Thanks

PEV (Ray)

[Jelly Bean]

Could you follow these instructions and post the results please:

 

To help us to be able to assist you in quick and efficient way, we need to ask that you run the following programs as a minimum and post the reports as asked for.

 

If you have problems posting the reports ( if they are too big) feel free to add them as attachments.

 

The reports will give us a good starting point in recognizing any malware/problems with your system.

Also don't forget to inform us of anything you have already tried to remove the malware/problem.

 

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
    

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.
    

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check
  

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
  

Note:

Running the above script with OTL will :

turn on your system restore and set a new restore point (XP only)

set a new restore point (if system restore is turned on) Vista & Win7.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL

 

 

Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things.

 

Thanks.

[PEV]

Hi Charlie

problem is cant download anything as the message telling us to purchase Windows ultimate debugger is there as soon as we log on so as previously said we cannot access either IE or OE.

Ray and Chris

[etavares]

Hi PEV,

 

Are you able to download this from another computer and transfer using a flash drive? There are other things we can do, but it will likely be a waste if you are bringing it in the day after tomorrow anyway. Any way we cut it, we will need you to download tools to run, but we can get you the right tools to kill the program and run MBAM...just not download it right away. Can you use a friend's computer or a computer at work?

 

To note, hold down SHIFT before, during and after plugging a USB flash drive into a computer...until windows tells you your hardware is installed and ready to use (about 10-15 seconds after you plug it in)...then you can let go of SHIFT. THis keeps it from being autorun in windows which could be used to launch malware from the infected computer onto the clean computer.

[PEV]

Hi Everyone

My friend who originaly set the Zoostorm up got rid of the viruses(trojens) after about four hours of problems. The virus removal wa 'easy' but because his diagnostics at one time said the hard drive was damaged nothing would work and download of the prefereed AVG AV software was impossible. However he got the machine working and is perfectly now.(touch wood)

There is one thing worrying me and that is nowhere can I find evidence of windowsAV software or a firewall although he says this is automatic as part of the machine. Surely as with my own DesKtop PC we should find refference to Windows AV and a firewall in the programmes menue? Also I can find no interface to change AV update settings? The only refference to updates are windows updates which are entirely different to AV updates aren't they?

Can someone please kindly advise on this urgently and if appropriate an easy to install AV and firewall.

Thanks

Ray

[PEV]

Hi everyone who has offered to help on this.

My concern that no AV or firewall was on the Netbook was well founded!

My friend who removed the several trojens and other viruses could not get AVG (his favourite AV)to download and then forgot to re install any AV or firewall at all!! but my wife took the problem out of my hands (it is her netbook after all) - she took it to the local PC shop/engineer who confirmed no AV or firewall present and they have installed AV and firewall for £25 which is reasonable?

Anyway all seems to be working fine now and the AV seems to be doing it's job as it did an automatic update this evening.

Thanks again everyone it's comforting to know help is available when needed.

Ray

[etavares]

Hi Ray,

 

Thanks for the updates. 25 pounds is pretty steep for about 10 minutes of work (unless they installed a paid version in which case it is very reasonable), but it got you back up and running in no time. Glad to hear everything worked out and we are here if you need us. I am a bit concerned there was an issue installing AVG...if it was just unable to download that's probably nothing...but if it downloaded but didn't install...that is still concerning to me.

 

-etavares

[PEV]

Hmm not sure on anything specially wrong about not able to install AVG,the guy got in a bit of a mess IMO. Thats why he forgot to install ANY AV! lucky I gave the machine a check after as my wife was oblivious to fact had zero AV or firewall.

The AV the shop installed was a pay one so perhaps it wasn't a bad deal.

Thanks for your help.

Ray

[etavares]

OK, good to hear. Safe surfing!