Virus On Facebook....

nikmondo · September 22, 2008

Guys,

I received an e-mail through facebook which turned out to be a virus. Basically it has stopped me logging on to the net at home even though the broadband is running fine. Is there anyway of easily fixing this and Virgin media said it wasn't a fault of there's?

Thanks,

Nik

Dalo Harkin · September 22, 2008

What Virus software do you use?

nikmondo · September 22, 2008

Antivir - It has deleted it but I still can't go on the net??

September 22, 2008

Have you tried uninstalling and reinstalling the driver for the network card?

Can you access the net via safe mode with networking at all or Last Known Good Configuration?

RandyL · September 22, 2008

I suspect a Winsock problem caused by the infection.

If you can get on the net via safe mode with networking then we can try to eliminate all infections first before doing a repair.

nikmondo · September 22, 2008

No I havn't tried re-installing the driver card yet but will give it a go when I get some spare time.

I'm at work now but i'll try what you (Wolfeymole) suggest below.

I can still download music etc which is quite strange??

September 22, 2008

Antivir - It has deleted it but I still can't go on the net??

I can still download music etc which is quite strange??

It's more than strange Nik, let's get this right you actually can access the internet yes?

Your comments are not logical.

Please elaborate.

nikmondo · September 22, 2008

My Utorrents and Mp3 applications work yes, but when trying to use Firefox or IE I can't load up any websites. As as if the router is switched off....even though it isn't.

RandyL · September 22, 2008

Please read rules 3 and 4.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources there is a high probability that you will be infested with malware.

Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

References for the risk of these programs can be found in these links:

Malware: Help prevent the Infection

IM And P2P Malware Threats Nearly Triple - Technology News by TechWeb

How to Prevent Online Invation of Spyware, Adware and Malware

We would recommend that you uninstall these P2P programs, however that choice is up to you. If you choose to remove these programs, you can do so in the Control Panel via Add/Remove Programs. If you have Vista it's Programs and Features.

However in order for us to provide future assistance on this matter you must remove the P2P first as it would be fruitless unless the possible cause is ruled out first and to prevent future infestations.

Nik back up all your data because sooner or later you will need to reinstall if you continue down this road. If you choose to continue fixing this we can assist you in removing all the illegal software and files.

nikmondo · September 22, 2008

Please read rules 3 and 4.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources there is a high probability that you will be infested with malware.

Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

References for the risk of these programs can be found in these links:
Malware: Help prevent the Infection
IM And P2P Malware Threats Nearly Triple - Technology News by TechWeb
How to Prevent Online Invation of Spyware, Adware and Malware

We would recommend that you uninstall these P2P programs, however that choice is up to you. If you choose to remove these programs, you can do so in the Control Panel via Add/Remove Programs. If you have Vista it's Programs and Features.

However in order for us to provide future assistance on this matter you must remove the P2P first as it would be fruitless unless the possible cause is ruled out first and to prevent future infestations.

Nik back up all your data because sooner or later you will need to reinstall if you continue down this road. If you choose to continue fixing this we can assist you in removing all the illegal software and files.

Hi,

I don't actually use these programs too often but i ran them to see if they worked which they did.

I use ADAWARE and SPYBOT search and destroy all the time to clear out most of the rubbish that builds up. Plus I defrag very often too..

But yes i'll get rid of them if i have too.

September 22, 2008

When you have dumped the P2P software then please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.

Doubleclick HJTInstall.exe to install HijackThis.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.

Notes:

Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.

Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

Seth · September 22, 2008

You shouldn't be defragging "very often". I recommend that you allow windows to analyze the drive, then only defrag if windows suggests it.

Open up IE and erase everything in the address bar. Now type in 64.233.189.99 and press enter. Does Google come up?

nikmondo · September 22, 2008

When you have dumped the P2P software then please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.

Doubleclick HJTInstall.exe to install HijackThis.

By default it will install to C:\Program Files\Trend Micro\HijackThis .

Click on Install.

It will create a HijackThis icon on the desktop.

Once installed, it will launch Hijackthis.

Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.

Notes:
Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.
Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

Thanks Wolfeymole i'll do this tonight.

Thanks again.

Nik

September 22, 2008

No problem and please do and then we can take this further.

nikmondo · September 23, 2008

Here's my results.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:33:45, on 22/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\TomTom HOME\TomTomHOME.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8181

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [tinyproxy] C:\Program Files\tinyproxy\tinyproxy1.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 5136 bytes

Thanks,

Nik

September 23, 2008

Well you could do with getting Service Pack 3 Nik and also Spybot and AdAware are not the programs they once were so I'd lose those and run SAS and Malwarebytes as listed in our recommended security products.

I'll let Seth deal with any other aspects of this log when he gets online.

RandyL · September 23, 2008

Maybe this is an issue with ZoneAlarm. Have you updated to the latest version to see if that fixes it? Read more.

nikmondo · September 23, 2008

Ok guys i'll try what you suggest when I get home tonight. To access safe mode is it F8 on start up?

Thanks for the help guys,

Nik

RandyL · September 23, 2008

F8 should get you there. Keep tapping it until you see the options and then use the arrow keys to highlite safe mode. Then press enter.

nikmondo · September 23, 2008

Well you could do with getting Service Pack 3 Nik and also Spybot and AdAware are not the programs they once were so I'd lose those and run SAS and Malwarebytes as listed in our recommended security products.

I'll let Seth deal with any other aspects of this log when he gets online.

Sorry Wolfeymole, what's SAS?

Thanks,

Nik

September 23, 2008

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Dalo Harkin · September 23, 2008

Super Anti Spyware

Seth · September 23, 2008

The HT log is clean.

The fact that you can access the internet with other programs other than FF and IE, means that you don't have a winsocks problem.

I suspect the problem is with what's called the DNS, or ZoneAlarm as Randy suggested.

Right click on the ZA icon, shut it down, and see if you can get online.

If not, then consider this from one of previous posts:

You shouldn't be defragging "very often". I recommend that you allow windows to analyze the drive, then only defrag if windows suggests it.

Open up IE and erase everything in the address bar. Now type in 64.233.189.99 and press enter. Does Google come up?

Sign In

Virus On Facebook....

Recommended Posts

nikmondo

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Dalo Harkin

nikmondo

Guest Wolfeymole

RandyL

nikmondo

Guest Wolfeymole

nikmondo

RandyL

nikmondo

Guest Wolfeymole

Seth

nikmondo

Guest Wolfeymole

nikmondo

Guest Wolfeymole

RandyL

nikmondo

RandyL

nikmondo

Guest Wolfeymole

Dalo Harkin

Seth

Join the conversation

Browse

Activity

Site Info