📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Arrgghh - Facebook virus!!!! Help needed...

BWZN93
BWZN93 Posts: 2,182 Forumite
Part of the Furniture 1,000 Posts Combo Breaker
in Techie Stuff
Ok, so i got an email on facebook from my sister, i opened it and it turned out to be that virus thing thats going around. I have deleted it and i didnt download anything, but it did forward itself to my friends. Ive warned as many people as i can, but im now left with a problem i cant fix.

Basically, ever since then, whenever i do a google search and click the link i want, i get a pop up page that links to findit12.com, and re-directs itself to another random page. I have anti virus and have run the scanner, nothing picked up, and i also got a spybot search and destroy, which picked up 5 items. I removed them, but the problem still hasnt gone away. I suspect that somewhere, one of my settings has been tinkered with, and i dont know where to look to find it. Ive been into my internet options, nothing obvious there. Im guessing that somewhere on my pc, there will be something innocuous but annoying, and i have to get rid of it before the laptop gets thrown out of the window.

Any suggestions would be gratefully recieved!

Jo xx
#KiamaHouse
«134

Comments

  • Browntoa
    Browntoa Posts: 49,599 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
    Ex forum ambassador

    Long term forum member
  • BWZN93
    BWZN93 Posts: 2,182 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Malwarebytes' Anti-Malware 1.28
    Database version: 1156
    Windows 5.1.2600 Service Pack 3
    15/09/2008 20:42:25
    mbam-log-2008-09-15 (20-42-25).txt
    Scan type: Quick Scan
    Objects scanned: 50052
    Time elapsed: 4 minute(s), 12 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\846888\846888.dll (Trojan.BHO) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\!!10a07f79-70f2-4169-b872-55184904d41d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!10a07f79-70f2-4169-b872-55184904d41d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\system32\846888\846888.dll (Trojan.BHO) -> Delete on reboot.
    #KiamaHouse
  • lellie
    lellie Posts: 1,489 Forumite
    everyone seems to be getting this recently..

    Also try spybot search and destroy and lavasoft's adaware. :)
  • BWZN93
    BWZN93 Posts: 2,182 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Thank you by the way!!
    #KiamaHouse
  • dot111
    dot111 Posts: 316 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Can you tell me how I would recognise it, if I received it in mail.

    I'm not aware of this.

    Thanks
  • BWZN93
    BWZN93 Posts: 2,182 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Amazing, its fixed!!! Thank you!!!

    xx
    #KiamaHouse
  • BWZN93
    BWZN93 Posts: 2,182 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Yes, it is a message in your inbox from a freind, usually badly spelt titles or none at all, and the content of the message is a link. Simply delete without opening. It sends your freinds a variant of the message too, so if you do get one and delete it, check your outbox to ensure there is nothing in there you didnt send!

    xx
    #KiamaHouse
  • RB28_2
    RB28_2 Posts: 1 Newbie
    Yes I'm the latest person to fall victim to this malicious virus that has resulted in me downloaded a number of things and spending an entire day on the computer trying to work out what is going on (very frustrating).

    Just tried Browntoa's instructions and it looks as if it's worked so thank u.
    Paste below:

    Malwarebytes' Anti-Malware 1.28
    Database version: 1201
    Windows 5.1.2600 Service Pack 2
    9/24/2008 10:33:25 PM
    mbam-log-2008-09-24 (22-33-25).txt
    Scan type: Quick Scan
    Objects scanned: 48385
    Time elapsed: 16 minute(s), 41 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 6
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\384043\384043.dll (Trojan.BHO) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e6823149-fb2d-492b-bbf3-7389334ddd97} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6823149-fb2d-492b-bbf3-7389334ddd97} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\system32\384043\384043.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\kenny17.exe (Trojan.Agent) -> Delete on reboot.
  • YorkshirePride
    YorkshirePride Posts: 1 Newbie
    Many thanks for posting this.

    My question is, Once quarantined and deleted do I leave it in the list? As the log looks like this...

    Malwarebytes' Anti-Malware 1.28
    Database version: 1222
    Windows 5.1.2600 Service Pack 3
    29/09/2008 22:51:55
    mbam-log-2008-09-29 (22-51-55).txt
    Scan type: Quick Scan
    Objects scanned: 55700
    Time elapsed: 10 minute(s), 58 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 6
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\384043\384043.dll (Trojan.BHO) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e6823149-fb2d-492b-bbf3-7389334ddd97} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6823149-fb2d-492b-bbf3-7389334ddd97} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\system32\384043\384043.dll (Trojan.BHO) -> Delete on reboot.
    C:\Documents and Settings\S\Local Settings\Temp\tt_1222623746.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
    C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

    BUT...

    still after the reboot the quarantine list stil has the 9 objects in it. Do I now delete these?

    And most importantly... Can I still internet bank???

    Many thanks

    Yorkshire
  • Browntoa
    Browntoa Posts: 49,599 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    you can delete the quarantine items

    if you are still concerned start a new thread with a hijackthis log

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

    and I'll take a look
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.4K Banking & Borrowing
  • 252.9K Reduce Debt & Boost Income
  • 453.3K Spending & Discounts
  • 243.4K Work, Benefits & Business
  • 598K Mortgages, Homes & Bills
  • 176.6K Life & Family
  • 256.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture