johnmid Posted March 21, 2011 ID:402613 Share Posted March 21, 2011 Please helpjust a couple of days ago my computer picked up something of the web.at first it was opening up random windows in internet explorer even though i always use firefox.then an error message started coming up every now and then saying that "AVG Alert Manager" has stopped working but i dont use AVG, iv never even downloaded it after this i ran all the scans i have including McAfee Security centre, spybot serch and destroy and malwarebytes, they all came up with alot of the generic problems but they have not fixed the initial problems.i then looked in my task manager and found 3 exe processors that where taking up all my cpu and physical memory. they where Zjg.exe, Zjh.exe, and zlafea.exe they are all described as being part of AVG Alert Manager. i then ended these processes and it seemed to fix the problem, however after a while they re-initiate and the problems start again.all my attempts to find and delete these files have have not worked, i am hoping someone can help me with this problem.thanks Johnmid Link to post Share on other sites More sharing options...
LDTate Posted March 21, 2011 ID:402738 Share Posted March 21, 2011 Please don't attach the scan results, use Copy/PasteDO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
johnmid Posted March 22, 2011 Author ID:402991 Share Posted March 22, 2011 i cannot get the DDS Program to work. when i save it to the desktop and double click on it it opens as a text document i really appreciate the help your giving me Link to post Share on other sites More sharing options...
LDTate Posted March 22, 2011 ID:402998 Share Posted March 22, 2011 http://www.eset.eu/online-scannerGo here to run an online scannner from ESET.Click the green ESET Online Scanner button.Read the End User License Agreement and check the box: YES, I accept the Terms of Use.Click on the Start button next to it.You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.A new window will appear asking "Do you want to install this software?"".Answer Yes to download and install the ActiveX controls that allows the scan to run.Click Start.Check Remove found threats and Scan potentially unwanted applications.Click Scan to begin. If offered the option to get information or buy software. Just close the window. Wait for the scan to finishUse notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
johnmid Posted March 22, 2011 Author ID:403057 Share Posted March 22, 2011 ok the scan finished without a problem hear is the log ESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6425# api_version=3.0.2# EOSSerial=edb34c114b1aee499c744d52bd27910e# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-03-22 05:30:51# local_time=2011-03-22 04:30:51 (+1000, AUS Eastern Daylight Time)# country="Australia"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=5121 16777213 100 75 1428238 29217159 0 0# compatibility_mode=5892 16776574 100 100 30599992 138286967 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=246972# found=5# cleaned=5# scan_time=14013C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WT8IE7Y\holidaypay-day_com[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\user\AppData\Local\Temp\Zjg.exe Win32/TrojanDownloader.FakeAlert.BGV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\user\AppData\Local\Temp\Zjh.exe a variant of Win32/Kryptik.LUX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\user\Documents\loaristrojanremover.exe a variant of Win32/1AntiVirus application (deleted - quarantined) 00000000000000000000000000000000 CC:\Windows\Zlafea.exe a variant of Win32/Kryptik.LUX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
LDTate Posted March 22, 2011 ID:403126 Share Posted March 22, 2011 Can you try DDS again? Link to post Share on other sites More sharing options...
johnmid Posted March 23, 2011 Author ID:403767 Share Posted March 23, 2011 no it still only opens as a txt document in note pad Link to post Share on other sites More sharing options...
LDTate Posted March 23, 2011 ID:403775 Share Posted March 23, 2011 Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
johnmid Posted March 24, 2011 Author ID:404162 Share Posted March 24, 2011 the computer is behaving ok at the moment only the google is being hijacked ComboFix 11-03-23.04 - user 24/03/2011 13:50:22.1.2 - x86Microsoft Link to post Share on other sites More sharing options...
LDTate Posted March 24, 2011 ID:404279 Share Posted March 24, 2011 Open Firefox and do the following:Go to Tools > Options... > Advanced Icon. Select the Network Tab and under Connections click Settings....Make sure that the No Proxy radio button is selected, if not select it. This should hopefully solve the problem - let me know if it does. Link to post Share on other sites More sharing options...
johnmid Posted March 25, 2011 Author ID:404610 Share Posted March 25, 2011 yes it seems to have fixed it thank you so much for your help i would have been stuffed otherwise Link to post Share on other sites More sharing options...
LDTate Posted March 25, 2011 ID:404882 Share Posted March 25, 2011 Be sure to uninstall combofixGood job The following will implement some cleanup procedures as well as reset System Restore points:For XP: Click START run Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.For Vista / Windows 7 Click START Search Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.If you used DeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.Here's my usual all clean postTo be on the safe side, I would also change all my passwords. This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.Log looks good Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.Without a firewall your computer is succeptible to being hacked and taken over.I am very serious about this and see it happen almost every day with my clients.Simply using a Firewall in its default configuration can lower your risk greatly.[*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.[*] JAVA Click this link and click on the Free JAVA Download[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.This will ensure your computer has always the latest security updates available installed on your computer.If there are new updates to install, install them immediately, reboot your computer, and revisit the siteuntil there are no more critical updates.Only run one Anti-Virus and Firewall program.I would suggest you read:PC Safety and Security--What Do I Need?.How to Prevent Malware:The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected. Link to post Share on other sites More sharing options...
LDTate Posted March 26, 2011 ID:405199 Share Posted March 26, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts