hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.CAB)

Discussion in 'malware problems & news' started by Strawberry, Dec 30, 2004.

Thread Status:
Not open for further replies.
  1. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    hi im back, and dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.CAB)

    The other day i was randomly checking out what was in my task magager, and i found a suspecious CMD64.EXE. no idea what in the heck that was so i googled it. of course, it was some kind of trojan, and i wondered why norton hadnt detected it. i ended the process. ok, so later on, a virus alert popped up from norton about a trojan downloader. this trojan is called NOTEPAD.COM.



    a while ago i posted about a trojan downloader, ST.EXE, but that was deleted. norton detected a NOTEPAD.COM, but i deleted it in safe mode, already. today i unistalled norton, and installed mcafee instead (virusscan) and it told me i had a counter.cab, which i deleted in safe mode today.. i looked up this "counter.cab" at several other forums, and the others who were infected with it, it was infected in NOTEPAD.EXE. could this counter.cab be related to ST.EXE. because when i came here the first time, i read different posts about ST.EXE and the trojans caused by it, such as notepad.com. btw, when i deleted the notepad.com trojan yesterday, it was in /1386/system32 or something..


    also, will this trojan come back up as something else, such as notepad.exe, and wmp.exe or anything like that..in about 2 months more?


    thanks :D and sorry if that confused you :)
     
    Last edited: Dec 30, 2004
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    Hi Strawberry, can you please list all of the security software that you are using.

    Cheers :D
     
  3. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    alright :p
    im using Spyware Doctor, AdAware SE, Spybot, Mcafee VirusScan, Spyware Blaster, CWShredder, and Zone Labs Security Firewall. :)
     
  4. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    i also have move on boot, and the one that installs lots sites in your restricted zone*.. i think its called IE spyad??
     
  5. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    *cries*
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    OK, here’s my suggestions:

    1) Remove all programs listed inside ZoneAlarm, or place question marks by all programs, and when ZoneAlarm asks for allowing access to the internet by any program, make sure you know the program before you allow access.

    2) Follow the comprehensive steps found in General Cleaning.

    3) If the above steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    4) Take a look here for further discussion on security and how to make your system that much stronger and here for more.

    This is what works really well for me, very simple to use and maintain.

    Hope this helps…

    Let us know how you go.

    Cheers :D
     
  7. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Thanks :D

    i downloaded some of those programs, hope it works.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    If you follow each step in the post above, including the advice about ZoneAlarm you should see your system clean very quickly.

    Just make sure you follow each and every step in General Cleaning and don’t go onto another step until you have completed the one you are on.

    After this, and this is REALLY important, I would suggest reading through the 2 links I provided about strengthening your security and you shouldn’t have this problem again ;) :D

    My security is quite extensive and a great deal of it was learnt through Wilders, it is all very simple to use and maintain.

    Let us know how you go...

    Cheers :D
     
  9. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Thanks...So far so good... hey guys do you think that these trojans are connected, or that they're different trojans?
     
  10. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    Hi, yes they're most pobably related, as trojan downloaders will download several trojans, slowing the infected machine down alot, ive seen some that harvest CPU & MB as well as bandwidth, all from the same source file, if not gotten rid of they can get into the operating memory, which is a pain to fix.
     
  11. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    I also have Download.Alchemic.A.

    i have to delete this right now. be right back. :mad:
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    OK, once we get you cleaned up, I'm going to make you my pet project in getting you secure as a fortress ;) :D
     
  13. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    well i went into safe mode and silly life AVG said there was so virus.

    i uninstalled AVG because it was using up my CPU..

    but i looked myself in the location he told me the virus was but... it was access denied in safe mode, and in normal mode...

    mcafee didnt tell me i had it.. i even selected exaclty where AVG told me the virus was and scanned it with both products
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    Can you please go back through General Cleaning.and follow each step, don't go on to another step until you have completed the one you are on.

    When this is complete, let me know and we'll proceed from there.

    Cheers :D
     
  15. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    I recently moved from Norton Antivius to Mcafee and a load of things had been missed by Norton.

    Jimbob
     
  16. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Im a mess. there was no file virus last time. But yesterday i tried to install SP2 and it crashed the computer and made starup slow so i uninstalled it and did a XP recovery, and reset everything...and deleted all its hotfixes (SP2).

    I now have:
    Norton Antivirus 2005
    SpySweeper
    Mcafee Personal Firewall
    Syware Blaster
    AdAware
    Spybot
    Ewido.. security suite
    IE-spyad
    and Mcafee Security Center

    So i run norton, and look here...http://www.freewebs.com/amazingdreamss/omg.bmp
    (i posted in these forums asking why the 3TY0R.EXE application wanted to gain access to the internet, and here we have it.)
    what gives? norton cannot delete them in normal mode...how do i QUARANTINE them so i can just bring them up on safe mode? because in safe mode it takes forever and you cannot choose what folders to scan without doing a full scan.

    =(
     
  17. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    If you have Norton Antivirus and Mcafee Security Center, do you not have 2 virus scanners running at one o_O I didn't think you could do that.

    Jimbob
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: hi im back, amd dont know what to do..(regarding:st.exe,notepad.com,and COUNTER.C

    Just let it do it in Safe Mode, it may take a while, but it will get there... You can also use Stinger.

    Cheers :D
     
  19. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    well my norton trial 2005 went out so i just used AVG free.. and it didnt find anything so..wth? and trend micro housecall cleaned about 2 or 3 possible viruses for me a while back after norton told me i had those.. so what now. :'(

    and blackspear.. i have Toolbar in my program files folder or in other words.. Websearch Toolbar.. i cannot delete it.. I had dcsresearch as one of my hosts, i googled it websearch, and someone had it and posted a HIJACK THIS! log and they had that site as one of their hosts.. and the person helping them told them to delete it using hijack this! and .. i also deleted mine..

    http://forums.techguy.org/t323828.html

    theres the thread

    i also have VIEWPOINT in my program files..
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Strawberry can you take a look at the page located here: BleepingComputer

    Let us know how you go...

    Cheers :D
     
  21. controler

    controler Guest

    Even though you didn't mention anything about using TDS-3, you did mention Spysweeper. I am guessing you have used TDS-3 at one time or another and that is the reason for the dcsresearch listing in your HOSTS file. I get the same thing. I think it was placed there to aid the user in going to the Pri forum when pushing the F5 key.
    If you use SpyCatcher, it will flag another TDS-3 file as using the internet behind your back. I am guessing this is the one they use to make sure you have a liget copy running on your PC.

    In closing, some of the spywear you are deleting has been added by other security software.
    Most applications inspite of being genuine ones do embed spyware files for business purposes. The same may be true for the applications that you may use on your computer.

    Bruce
     
  22. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    Thanks bruce. :D

    Blackspear, There are no entries in my log that show symptoms of Websearch Toolbar or Wintools. But the folder is still there in my programs file folder, and it is active. But i don't have any websearch toolbar in my IE. Why is this folder just sitting there doing nothingo_O

    I have found an article on how to delete it .. but i don't understand what its trying to say! http://www.sawtoothdistortion.com/Articles/DeleteUndeletableFiles.html
     
  23. controler

    controler Guest

    How about we forget cleaning and just reformat your hard drive? and start new?

    Bruce
     
  24. controler

    controler Guest

    Here is the deal

    unless you are a buisness and need to save alot of data. I always recommend reformating.
    It is simple amd it is easy and you don't have to be affraid of the dark LOL
    You simply save you drivers and e-mail address's.

    Start fresh and new

    Reflash BIOS and start new. YUM doesn't it sound tasty?

    Bruce
     
  25. Strawberry

    Strawberry Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    35
    Location:
    Connecticut..
    :doubt: argh what does this mean!?
     
Loading...
Thread Status:
Not open for further replies.