computer ****** up

[Icemaster]

Did you run a hijackthis scan and dump the log before starting the cleaning? I'm kind of curious what shows up.

[slodave]

Quote:

Originally Posted by Icemaster

Did you run a hijackthis scan and dump the log before starting the cleaning? I'm kind of curious what shows up.

No, as that is not an authorized Mule tool. He fights me every time with his ccleaner, so since I got hit with the same thing as AZ_porschekid, I decided to follow Mules advice. And a waste of time it was, although if I was billing a client, I'd have made a killing.

I tired to reinfect my computer and run the appropriate Vundo/Winfixer script, but I could not. I was going to run the script.. If AZ_porschekid wants to forward the link he received, I'd be happy to reinfect my computer.

[syncroid]

Dumb question....did I miss something here? I thought the original poster was the one with the virus problem. (AZ_porschekid) Slodave, how did it get on "your" computer?

[slodave]

Quote:

Originally Posted by syncroid

Dumb question....did I miss something here? I thought the original poster was the one with the virus problem. (AZ_porschekid) Slodave, how did it get on "your" computer?

It's viral!!!

I'm not sure. I went to a website earlier and things started to pop up. I went back after cleaning (with both FF and IE7) and could not reinfect my laptop. Since it was the same thing, I decided to play...

[syncroid]

Very strange! Good luck and let us know how you get rid of it.

[Joe Bob]

I learned a lot when mine had a directory error. Best to remove the HD, hook it up as a slave to another, move your files and do an O/S reinstall.

A914guy@aol.com is Rich Johnson in Texas. Someone is spoofing his address.

[slodave]

Quote:

Originally Posted by syncroid

Very strange! Good luck and let us know how you get rid of it.

I already did... If you choose Mule's way, It'll take an hour or so and if you run ccleaner, it will do nothing except delete your history in FF and annoy you. The other program will clean Winfixer, but take an hour.

A faster way, is to follow the link I posted last night and run the VirtumundoBeGone program.

Remember, this is what I do for a living.

[slodave]

Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 3

5:02:19 PM 8/20/2008
mbam-log-08-20-2008 (17-02-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123225
Time elapsed: 42 minute(s), 45 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
C:\WINDOWS\system32\lphcpd2j0e597.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\blphcpd2j0e597.scr (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\lphcpd2j0e597 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\blphcpd2j0e597.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcpd2j0e597.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcpd2j0e597.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\help.txt (Stolen.Data) -> No action taken.

[Mule]

Quote:

Originally Posted by slodave

Alright Mule, since I just got nailed with Winfixer - thanks those stupid political posts. I'll download ccleaner and give it a go...



EDIT: Norton Corporate came up and isolated a file. Hopefully it has not fixed the problem.

What the hell is that?

[Mule]

Quote:

Originally Posted by slodave

The little bugger even disables Windows firewall...


You can see one of the randomly named files running under TM.


Malwarebytes did find winfixer... Took only 45 minutes though


Malwarebytes did get rid of Winfixer, but not 100%. I still have to get rid of a blank icon in my system tray. Now, had I run the Vundo fix I had posted last night, I would have been up and running with in minutes, not 45 minutes. Ccleaner still sucks and does nothing.

BTW, I started this at 3:30 and ended at about 5:10.

So if I understand you CORRECTLY, anybody capable of doing a simple download and install can fix the problem WITHOUT the ridiculous complexity of running hijack this and posting the results, then waiting for some propellerhead to interpret them and devise some mystical fix. Would that be correct? If he ran Malwarebytes & Ccleaner last night he would have been done in how long did you say?

PS: Norton is for folks that don't know any better.

[slodave]

And had he run VirtumundoBeGone, he would have been done in less than 10 minutes and his computer would not be screwed up from ccleaner. Again, you don't do this for a living, you spout the same lame program.

I'll say it again and again and again, ccleaner DOES NOT DO ANYTHING! In fact, it will cause more problems.

Norton corporate is a in a different category from the rest of Norton end user programs, but you would not know that. STFU!

[Arizona_928]

mike it's "A911GUY"

it seems to be trying to copy microsoft, by saying Windows anti virus, even going as far as adding a fake copy of the windows firewall icon... have to say it's pretty well made, doesn't look like anything you have on yours. infact very different. almost like a ligit windows update... but way different..

i'm kinda hesitant to do a system restore, because i updated it when i first got the computer. but i'll try some anti virus stuff posted, then go from their...

thanks for the replys!

[slodave]

Quote:

Originally Posted by Mule

What the hell is that?

One more thing, if you actually work on computers, you would have seen this before.

[Mule]

Quote:

Originally Posted by slodave

And had he run VirtumundoBeGone, he would have been done in less than 10 minutes and his computer would not be screwed up from ccleaner. Again, you don't do this for a living, you spout the same lame program.

I'll say it again and again and again, ccleaner DOES NOT DO ANYTHING! In fact, it will cause more problems.

Norton corporate is a in a different category from the rest of Norton end user programs, but you would not know that. STFU!

Getting a little tense there huh Bevis? Norton is STILL for fools. Did you have it off when you got your INFECTION?

[slodave]

I don't like Norton nor do I recommend the products, other than corporate for corporate environments. No AV program is 100% and I've seen them all infected at one time or another. For me, Panda's free online scanner has been the best. When all other programs fail, it usually will get rid of the issue.

I use corporate because it's free and never will expire.

[Mule]

And it still sucks in comparison to numerous FREE products. But you go Bevis.

[anotherblack944]

I really can't believe you all missed it..

I'd say the source of the original problem came from the subject of this thread.

Pelican Porn????

[rammstein]

Slodave helped me with a similar problem a few months back, and sent me some cool diagnositc stuff free. He knows his stuff.

[Icemaster]

Quote:

Originally Posted by Mule

So if I understand you CORRECTLY, anybody capable of doing a simple download and install can fix the problem WITHOUT the ridiculous complexity of running hijack this and posting the results, then waiting for some propellerhead to interpret them and devise some mystical fix. Would that be correct? If he ran Malwarebytes & Ccleaner last night he would have been done in how long did you say?

PS: Norton is for folks that don't know any better.

Sounding intimidated there donkeyboy.

Come back when you know what youre talking about ya noob.

[Mule]

Quote:

Originally Posted by Icemaster

Sounding intimidated there donkeyboy.

Come back when you know what youre talking about ya noob.

Let me guess, your solution is encoded in that message?