Spyware says I have 12 Infections

Discussion in 'malware problems & news' started by noj30, Aug 18, 2004.

Thread Status:
Not open for further replies.
  1. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Hi Guys,
    I"m new to this forum, so if i'm posting this in the wrong spot you have my greatest apologizes. I opened an email today from a friend and received a virus. Right away my norton pulled up a window that said I recieved a virus. something called horse virus. I closed everything right away and ran my norton. it found 4 infected files and fixed them and deleted them. However now when i open my explorer i get a "about:blank" error and can not change my home page. there is 2 pop ups that go along with this everytime i open up window. I ran a spyware scan and found that i have 12 infected files. the files are as follows:

    Alexa
    Bargain Buddy
    C-Dilla
    TinyBar
    Tracking Cookies (6 of these)

    I hope I have all the information you need to help me out. I would greatly appreciate someone's help.

    THANKS!!!
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    You might want to get a trial of tds3 here and make sure that you update the radius files before you run a scan to ensure you have the latest detection. Post back and let us know the results of the tds3 scan please

    thanks

    bigc
     
  3. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Thanks Mac for getting back to me right away. one question. i'm downloading your link right now. do i run my norton scan again or the spyware doctor scan?

    thank you
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    Run the tds3 you are downloading now.
     
  5. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Here is what it said:

    21:57:46 [TDS] Good evening John.
    21:57:50 [Mutex Memory Scan] Started...
    21:57:51 [Mutex Memory Scan] Finished (no trojan mutexes found).
    21:57:51 [Trace Scan] Started...
    21:58:02 [Trace Scan] Finished.
    21:58:02 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.


    o_O??
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    You need to set it to do a full system scan, it will take a lot longer than a couple of minutes. ;)
     
  7. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    Good idea Peaches4u
     
  9. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Sorry, about the confusion Mac. Here is what i found:

    Positive Identification: Pornware.Downloader.Tibsystems c:\program files\websiteviewer\121689.exe

    Positive Identification: Pornware.Downloader.Tibsystems c:\winnt\system\121689.exe


    This has to be the problem, because when I opened the attachment it brought me to some adult website. How do I get these files off my computer and are they the problem?
     
  10. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    can i just right click on those files in the TDS-3 and select delete? will that work? or is there more intensive work needed?

    Thanks all of you!!!
     
  11. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    After you ran the scan with tds3 it should have had the option to fix or clean the infected files, I don't remember the exact wording. Tds3 will remove the files for you. Deleting as you suggested should work
     
  12. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    No it didn't give me an option to fix or clean when it completed. It does have the files located in the bottome window. If i right click on them it give me the following options:

    File Informtion
    Submit File
    Delete File
    Save As Text

    Where do i go from here?
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    After you clean the files with tds3 you really ought to get the programs in peaches4u post number 7. spybot search and destroy will get rid of the rest of your ad and spyware and the other two will keep it off of your computer
     
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    Delete them
     
  15. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Ok i downloaded Peaches program, but if i run that 'im probably going to have to restart my computer, therefore losing what i have done on the tds-3 program. do i just go with the peaches program or can it be fixed using or original program tds-3?
     
  16. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    K. i'll do that
     
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    I guess I should recomend that you make sure that SB s/d is updated before scanning or if you did scan, after it is through update then rescan. ;)
     
  18. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    Ok, i ran the program Spybot search destroy that peaches recommended and it found 17 infected files. I checked them all and choose the fix problem at the top. It said all 17 files fixed. how ever i'm still geting the about:blank error when opening internet explo. i have entered my site and manually changed home page, it works fine, but when i open a new window i still get the about:blank error. any other ideas

    You guys are rocking...i really appreciate it
     
  19. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    I did update the downloads, before scanning.
     
  20. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    there is a about blank fix that has worked for some people. I will look it up and post the link back here.
     
  21. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    you can try the about blank fix at your own risk you can get it here but read the article before downloading or useing. about fix this has worked for some others but no promises because I have not personally tried it.



    url deactivated==bigc
     

    Attached Files:

    Last edited: Aug 19, 2004
  22. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12
    i did that one already. that was the one that i tried right away. well let me try it again, once i scan again. i'll let you know if that fixed it.





    url deactivated==bigc
     
  23. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    In case that doesn't get rid of it you might want to post a hijackthis log at one of the forums listed at the link HJT log check can get HJT here
     
  24. noj30

    noj30 Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    12

    the file that keeps on coming up in the spybot is DOS Exploit. Have you heard of it?
     
  25. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    That is a known false positive you can choose to put that detection in SB's ignored list
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.