We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help With Virus Please !!!
Comments
-
it's probably changed your home page, just start Internet Explorer
click on "Tools" at the top and then "Internet Options"
at the top is where your homepage is currently set to, change it back to what it was and then click on the Apply Button at the bottom
close down that box and then Internet Explorer
Open Internet Explorer again to make sure it has not changed back to the spyware site again
if it has then come back and we will try and help you further
Ps :- I think it sound like you have got rid of the infection, and please only follow my and Pchelpmans posts from here on, they was some poor suggestions above...a format of your hardisk is almost NEVER needed for example !!Ex forum ambassador
Long term forum member0 -
Thanks for that but no joy.
the site that pops up says https://www.safetyuptodate.com.
also an internet explorer message
W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private info from the infected computer.
type virus
infection length 138,293 bytes
systems affected windows 95,98,ME,NT(all versions)2003,windows XP(all
sourcepacks)
not affected DOS,EPOC,Linux,Macinosh,Novell netware,OS/2,UNIX
tech details creates files in%Windir%\directory. By default,this is
C:\Windows
adds values to registry keys:
HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows|Currentversion\Run
scans the hard drive for .exe.files and infects any executable
files
searches for passwords/ information, which it may send to a
remote attacker
recommendations click 'OK' to download officially app.security software
always keep your patch levels up to date.
hope you can help . thanks0 -
you need to follow the instructions here
http://www.bleepingcomputer.com/forums/topic18610.html
Tools needed for this fix: Preperation Steps:
Please do both of the following before we start:
1. Please print these instructions as they will be needed later when Internet access is not available.
2. Save these instructions in word or notepad to the desktop where they can be easily found.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things will help to get it back to how it was in a faster manner.
Removal Steps:
Download VundoFix.exe and save it to your desktop.
- Double-click VundoFix.exe to run it.
- Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.
- When VundoFix reopens, click the OK button.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click the YES button.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click the OK button.
- When the computer has shutdown, turn your computer back on.
- The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.
This step should only be used if the instructions in Step 2 did not remove the infection.
Download VirtumundoBegone and save it to your desktop.
VirtumundoBegone
Reboot your computer into Safe Mode
Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.
Exit when it has finished
it's a variation of the sites mentioned in my signatureEx forum ambassador
Long term forum member0 -
I have found this site very useful in getting completely rid of nasties-
http://forum.malwareremoval.com/0 -
Norton is absolute rubbish.. I recentlt had a trojan and all sorts with Norton updated and run regulary. I certainly wouldn't waste my money on the software again.. keeps telling me could detect and not delete.. .had to give my laptop to a techie who kindly fixed it.. and installed Mcfee which is constantly scanning.. and works!
Good luck.. I hope you get it fixed..Official DFW Nerd Club - Member no. 092
::£2 - CSC - Terramundi is filling up!! :: Joined 3/3/06 :: 5/2/07 - 835kg + £280 Banked!!::
::5p,10p & 20p - Savings Tin :: Founded 9/4/06 :: 23/3/07 - 3.2kg ::
Lost to date - 9kg (22/8/06) Next weigh in 2007!!0 -
What is the BEST Software for Firewalls and Anti-Virus protection?
I currently have Norton Internet Security 2005 and the renewal date runs out at the start of June!0 -
How many times must we say this .... THIS THREAD IS FOR NOTASDAFTASILOOK not for other issues.
If you want to start (yet another) debate on the veracity of Norton - or anything else - please do it in your OWN thread.
Go to the main forum and start a new topic for discussion. DO NOT hijack any thread from another member.
iamnotasdaftasilook ... please post back when you have done as Browntoa recommends in post #14.0 -
after running both vundo fix and virtumundo be gone they both came back with nothing found and the computer still starts up as before. i had the following popup at 12.15 last night not sure what this is -
remote computer
(ip address 195.126.18.11) gained full control and access to my system
this was followed by advide on how to remove it.
is this just an advert or has someone got control of my comp ?
using the steps that browntoa gave me, before going online i select internet explorer and the homepage comes up with the address - about:blank
which is the spyware site. If i go to tools and internet options and change the address and try to apply , nothing changes it just goes to about:blank.
still struggling with this and any help is greatly appreciated.0 -
That address goes back to the RIPE organisation in Holland. As anyone here will tell you I don't like RIPE but there may not be anything wrong with it. It needs to be checked out.notasdaftasilook wrote:not sure what this is -
remote computer
(ip address 195.126.18.11) gained full control and access to my system
this was followed by advide on how to remove it.
is this just an advert or has someone got control of my comp ?
Who is your ISP? Have you anything to do with RIPE? If not, you should check with your ISP to see if this address means anything to them. Let me know what they say.
About:blank can be an annoyance but often easy to remove.notasdaftasilook wrote:using the steps that browntoa gave me, before going online i select internet explorer and the homepage comes up with the address - about:blank
which is the spyware site. If i go to tools and internet options and change the address and try to apply , nothing changes it just goes to about:blank.
still struggling with this and any help is greatly appreciated.
At this stage I think it's about time we saw a full HijackThis log.
Download HJT from here ...
http://www.majorgeeks.com/download3155.html
Open it and choose "Do a system scan and save a logfile" from the options screen.
At the end of the scan (it takes only a few seconds) you will see a logfile report in Notepad. Please copy & paste that report to this thread for more specific advice.
What we do next will depend on exactly which About:blank infection you have and what you find out from your ISP.0 -
my isp is wanadoo, i contacted them and they said the address from RIPE means nothing to them as it does with me. I have no idea who they are or what they do? here is the requested log file
Logfile of HijackThis v1.99.1
Scan saved at 11:33:35, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bryn Clement\Desktop\Unzipped files\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE186.tmp
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Wanadoo - !!8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: (no name) - !!014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\!!45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" VEN_14E4&DEV_4320&SUBSYS_70111799
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gCac] C:\WINDOWS\gcac.exe
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5ad6c97534349f2bbf4d5719fa2f5a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5ad6c97534349f2bbf4d5719fa2f5a
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: 32Red Poker - !!437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: World Poker Exchange - !!76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: !!200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093344929375
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147688839390
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4703/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!8B2260CA-4E24-4DDA-AA7A-FBDBF73CDBC8}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards