No idea whats happening

Discussion in 'malware problems & news' started by teena, Nov 4, 2004.

Thread Status:
Not open for further replies.
  1. teena

    teena Guest

    Hi,
    I am a real novice and not up with all the computer lingo...
    but I do try hard to understand.. so bare with me here....

    I loaded TDS about 4 days ago, because I knew there would be trojans in the computer... I use AVG as my virus scanner, and check each day for updates..

    I use 3 different adware removals
    ad-aware
    spy sweeper
    and xoft spy

    I am finding I am scannning every hour or so because adware is always appearing...

    I am having a real hard time trying to understand TDS ....
    but I am able to scan and remove
    yesterday while my son was on my computer a thing took over my desktop screen.......... a site called smart security, and placed a huge add taking up the entire screen ... hxxp: //213.159.117.130/?affid=NAT-13
    i HAVE DONE SCAN AFTER SCAN AFTER SCAN..............
    I can't remove it..I have even tried replacing the wallpaper...but to no avail

    I scanned with everything I have on my computer and removed
    I also scanned with TDS a number of times ...
    in fact I did a scan straight after I had done one....
    the first scan showed nothing........
    But the second scan did?
    here is the log
    can Control Dumped @ 14:48:49 05-11-04
    Positive identification: Adware.PurityScan.w1
    File: c:\documents and settings\guppie\application data\bsao.exe

    Positive identification: Adware.PurityScan.w1
    File: c:\documents and settings\guppie\local settings\temp\rs.exe

    Positive identification: TrojanDownloader.Win32.IstBar.fr2
    File: c:\documents and settings\guppie\local settings\temp\sidefind.exe

    Positive identification: Adware.ABetterInternet
    File: c:\documents and settings\guppie\local settings\temporary internet files\content.ie5\nkrkndqi\thin-110-2-x-x[1].exe

    Positive identification: Adware.PurityScan.w1
    File: c:\documents and settings\tina\application data\bsao.exe

    Positive identification: TrojanDownloader.Win32.IstBar.fr2
    File: c:\documents and settings\tina\local settings\temp\sidefind.exe

    Positive identification: Adware.ABetterInternet
    File: c:\documents and settings\tina\local settings\temp\thin.exe

    Positive identification: Adware.180Solutions.k
    File: c:\program files\tds3\xdynamic\tds.unpk\2

    Positive identification: Adware.180Solutions.k
    File: c:\program files\tds3\xdynamic\tds.unpk\3

    Positive identification: Adware.180Solutions.k
    File: c:\program files\tds3\xdynamic\tds.unpk\a0034778.exe

    Positive identification: Adware.PowerScan.b1
    File: c:\program files\tds3\xdynamic\tds.unpk\a0034780.exe

    Positive identification: Adware.PurityScan.w1
    File: c:\program files\tds3\xdynamic\tds.unpk\bsao.exe

    Positive identification: Adware.PurityScan.w1
    File: c:\program files\tds3\xdynamic\tds.unpk\rs.exe

    Positive identification: TrojanDownloader.Win32.IstBar.fr2
    File: c:\program files\tds3\xdynamic\tds.unpk\sidefind.exe

    Positive identification: Trojan.Win32.Hpt.j
    File: c:\program files\tds3\xdynamic\tds.unpk\taskmgn.exe

    please can someone help me....
    like I said I am not that computer literate so I would need easy instructions...
    I have used the delete these files in TDS but still this thing is on my desk top....
    I am so tired of all this maliware and trojans.. my entire life on the computer is spent trying to get rid of it!
    HELP ME PLEASE!!!!!!
     
    Last edited by a moderator: Nov 5, 2004
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Teena, remember the forum's terms of service:
    Furthermore, you agree not to post any links to warez sites or sites from which malware (viruses, worms, trojans, backdoors etc.) can be downloaded.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Teena, can you please follow the steps found here: https://www.wilderssecurity.com/showthread.php?t=50662

    Make sure you follow each step in order and do not go onto a further step until you have completed the one you are on. Also make sure you have the very latest version of each product mentioned and they are fully up-to-date. It appears your AdAware is an older version.

    After all the steps if your problem persists you may have to download a copy of Hijack This and post in one of the forums specified in the above link.

    I have been advised that you need to remove xoftspy program...it's a bad one: http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Hope this helps...

    Let us know how you go...

    Cheers :D
     
    Last edited: Nov 5, 2004
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    hope you did after installing TDS also get the latest radius update, started TDS after that for your scan.
    Now you see a few you can solve really easy:
    You see in the TDS\xDynamic\TDS.Unpk\ several files, you can delete them just as they are, either via the TDS alerts console, either you go via windows explorer into that folder and delete all those files, as those are copies of originals elsewhere on your system, unpacked and scanned there.

    You see in your \temp\ folder several files, delete them, via that TDS alerts console is really easy.

    You see some in the Windows \..\Temporary Internet Files delete them, easy by that same TDS console, but also via your Internet Explorer > Tools > Internet Options > delete files (yes it is just cleaning your caches, including the offline pages)

    Now only that bsao.exe purity scan thing is left, which is probably part of the scan of certain source like you posted above.
    I do hope you can just delete it without it coming back, it might be necessary after that to look another time with SpybotS&D with all scanoptions on, or Ad-aware if you have.
    And pelase with your next scan, make sure you have AVG and any other possible resident protection from scanners disabled, to give other scanners full access to all files.
    (Open AVG GUI, uncheck all, close it again). when scanning is ready and possible files deleted you can re-enable AVG or whatever you prefer again.
    TDS never needs to be disabled, as it is not blocking access to any files, only don't have it actively scanning at the same time.
    Looking forward to your next scan results.
    And if you're on XP, once clean, disable the system-restore, reboot, enable system restore again and make manually a new restore point, so all the malware has been sent to reclycled electrons heaven in stead of re-infecting you again.

    Please let us know how you're doing now.
     
  5. teena

    teena Guest

    Thankyou everyone...
    for your fast attention to this for me.. I do appreciate it very much...
    I am so sorry I broke the rules by posting a site address.. I hope you forgive me for my ignorance,
    I am wondering why xoft is a bad program?...
    I paid good money for that...... and now I have to dump it because its no good?

    all my programs are up to date... I make sure of that.. an when i loaded TDS
    I read that I need to go and load an update, which i did.....

    I will definately give all your great suggestions a go,....
    they are a little hard for this sheila to understand completely, as I said I am not a computer brain.. But will follow what you all said step by step....that blackspear recommended, I do seem to be understand to understand that!

    Jookse
    I am constantly deleteing the temp files in the browser and cookies...
    ( so its good to know that I am doing the right thing ther)... thanks for that information
    I also appreciate how you explained about turning the AVG scan off... so it doesn't stop the other scans reaching certain files...
    I will give it all a go.... and report back...
    I DO SINCERELY THANK YOU ALL
    you have helped me keep some sanity over this!
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That’s ok, it seemed unintentional, it is just some people can click on a bad link unintentionally and become infected even quicker ;)


    The link I posted above goes into why it is no good, the step by step instructions have some world class software that will protect your system when clean, and at the bottom of that thread there are links to threads within Wilders that discuss minimum security and what you should use…


    That’s ok, anything that you don’t understand, just ask, and we’ll endeavour to walk you through it… ;) :D

    In regards to TDS, you are in great hands with Jooske :D

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.