Rodrigo Maia Posted March 9, 2009 ID:63037 Share Posted March 9, 2009 the message displays on AVG alert------------------------------------------------------threat detect file name: C:\ ..........\Dados de Aplicativos\m\flec006.exeThreat name: Virus identified I-Worm/BagleProcess Name: C:\windows\Explorer.exeProcess Id: 248----------------------------------------------------Frequently windows explorer slowly and sometimes it crashes. making me restart the pc. SOmetimes the sound goes off and i get a message thats there is no driver or anything for the sound installed on the pc. Again...restarting the pc i get everything ok...until it happens again.Sometimes firefox opens "www.easyev.com/consolidateloans.html". but it only happens in firefox...i have Ie and chrome and none of this happens on it...in fact, lately i think that chrome is a little bit slowly...takes too many time to sent the url...I cant post a hijackthis log cuz when i try to run the program i get a message " not a valid win32..."is there any other way that i can get these logs?is there any way somebody knows...what the problem is?Thanks in advanced..Rodrigo Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 9, 2009 Root Admin ID:63073 Share Posted March 9, 2009 Update your AVG Anti-Virus software and do a Full Scan of your system. Then tell AVG to remove it.This is a very old infection from 2004 - after AVG removes it then you need to get some Windows Updates which would prevent this.If AVG is not or can not remove it then let me know and we can look at some other options. Link to post Share on other sites More sharing options...
Rodrigo Maia Posted March 9, 2009 Author ID:63092 Share Posted March 9, 2009 Here is the problem...ive already tried to run a full scan...but the problem is that my avg is empty..if i click on update now, nothing happaens....same thing for full scan or any scan Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 9, 2009 Root Admin ID:63095 Share Posted March 9, 2009 Okay then you may need to use a different AV scanner.Please see if you can download and run this one.Please download to your Desktop: Dr.Web CureItAfter the file has downloaded, disable your current Anti-Virus and disconnect from the InternetDoubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.Once the short scan has finished, Click on the Complete scan radio button.Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the LanguageChoose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)On the File types tab ensure you select All filesClick on the Actions tab and set the following:Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = ReportInfected packages Archive = Move, E-mails = Report, Containers = MoveMalware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = MoveDo not change the Rename extension - default is: #??Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\Leave prompt on Action checked[*]On the Log file tab leave the Log to file checked.[*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log[*]Log mode = Append[*]Encoding = ANSI[*]Details Leave Names of file packers and Statistics checked.[*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.[*]On the General tab leave the Scan Priority on High[*]Click the Apply button at the bottom, and then the OK button.[*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.[*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives[*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.[*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.[*]Click 'Yes to all' if it asks if you want to cure/move the files.[*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)[*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list[*]Save the report to your Desktop. The report will be called DrWeb.csv[*]Close Dr.Web Cureit.[*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.[*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log. Link to post Share on other sites More sharing options...
Rodrigo Maia Posted March 9, 2009 Author ID:63110 Share Posted March 9, 2009 nops....a can actualy start the program (installer) but when i try to do the fast scan a get the blue screen saying that the problem was caused by "94i5bsp6.sys"...i have tried again...now..the problem was caused by 73jnwtjy.sys"i feeling thats its gonna be hard...thanks in advanced Link to post Share on other sites More sharing options...
Rodrigo Maia Posted March 10, 2009 Author ID:63127 Share Posted March 10, 2009 i know im not allowed to post another reply after my own reply but i did somethings that made take a HJT logi ran Malwarebytes antimalwere and got the log------------------------------------------------------------------Malwarebytes' Anti-Malware 1.34Vers Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 10, 2009 Root Admin ID:63167 Share Posted March 10, 2009 Well go ahead and try to run the Dr Web scanner again please. It is an Anti-Virus scanner Link to post Share on other sites More sharing options...
Rodrigo Maia Posted March 10, 2009 Author ID:63245 Share Posted March 10, 2009 Ok ..here is the log file of dr.Web___________________________________________________tds9B.tmp;C:\Documents and Settings\jose luis barros\Configura Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 11, 2009 Root Admin ID:63503 Share Posted March 11, 2009 STEP 01Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVAThen run this tool to help cleanup any left over JavaYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it back when you replyThen look for the following Java folders and if found delete them.C:\Program Files\JavaC:\Program Files\Common Files\JavaC:\Documents and Settings\All Users\Application Data\JavaC:\Documents and Settings\All Users\Application Data\Sun\JavaC:\Documents and Settings\username\Application Data\JavaC:\Documents and Settings\username\Application Data\Sun\JavaSTEP 02Download and install CCleanerCCleaner Double-click on the downloaded file "ccsetup217.exe" and install the application.Keep the default installation folder "C:\Program Files\CCleaner"Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"Click finish when done and close ALL PROGRAMSStart the CCleaner program.Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log FilesClick on Run Cleaner button on the bottom right side of the program.Click OK to any promptsSTEP 03Delete Dr Web CureIt (launch.exe) and this folder AND all contents.%USERPROFILE%\DoctorWeb\STEP 04Remove all but the most recent Restore Point on Windows XPYou should Create a New Restore Point to prevent possible reinfection from an old one.Some of the malware you picked up could have been saved in System Restore.Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OKChoose the radio button marked "Create a Restore Point" on the first screen then click "Next".Give the new Restore Point a name, then click "Create".The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use the Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: Cleanmgr.exeSelect the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" tab, then click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cleanup will remove the files and close automatically.On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.Additional informationMicrosoft KB article: How to turn off and turn on System Restore in Windows XPBert Kinney's site: All about Windows System RestoreSTEP 05Run Kaspersky Online AV ScannerUsing Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html and click the Accept button at the end of the page.Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. Read the Requirements and limitations before you click Accept. Allow the ActiveX download if necessary. Once the database has downloaded, click Next. Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK. Click on "My Computer" and then put the kettle on!When the scan has completed, click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt) Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 18, 2009 Root Admin ID:65343 Share Posted March 18, 2009 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts