Previous Topic Next Topic

Seems like my netbook has a virus

Solved/Closed
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014 - Apr 10, 2013 at 04:56 PM
 bcn101 - Apr 17, 2013 at 07:25 AM
Hi, My netbook is new but it is already slow and it doesn't have anything,like heavy downloads or something, I just would like to know if it has a virus or not. Please help. Also one day a blue screen appreared.

14 responses

Answer 1 / 14
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 10, 2013 at 04:57 PM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).

4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on the green arrow to ensure you have the latest version. Click on the eyedropper icon and ensure all of the items are checked.

6. Click on the Magnifying glass with the + sign and run the analysis.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Best regards

Ambucias
Moderator /Security Contributor
0
Answer 2 / 14
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Apr 11, 2013 at 05:10 PM
Ambucias,

Thanks for the immediate reply, please see the link below. Thanks.

http://speedy.sh/WhFC6/ZHPDiag.txt
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 11, 2013 at 05:24 PM
Hello

Thanks for the log. Please stand-by for results.
0
Answer 3 / 14
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 11, 2013 at 05:36 PM
Hello again,

There are 42 malware in your system : spyware, adware and a trojan horse (Browser Helper Object)

I will request that you run two tools which you must run according to the directions. Once you have run those tools, please post the logs in this thread, (no need to upload on Speedyshare), then run another ZHP diag log and upload on speedyshare.

Here are the tools:

Tool One adwcleaner:

Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

Launch it (for Windows 7 and 8, click right to run as administrator)

Click on delete

Post the log C:\Adwcleaner[Sx].txt on this thread.

Tool two: Malwarebyte

Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Good luck
0
Answer 4 / 14
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Apr 11, 2013 at 06:17 PM
Ambucias,

I don't really know how did I get those trojans and malwares, can you tell me?

I am running malwarebytes now so atm I'm sending you the adwcleaner log:

# AdwCleaner v2.200 - Fichero creado el 11/04/2013 a 23:52:17
# Actualizado el 02/04/2013 por Xplode
# Sistema operativo : Windows 7 Starter (32 bits)
# Usuario : Usuario - USUARIO-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\Usuario\Downloads\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****

Parado & Suprimido : DefaultTabSearch
Parado & Suprimido : DefaultTabUpdate
Parado & Suprimido : Partner Service

***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files\DefaultTab
Carpeta Suprimido : C:\ProgramData\Partner
Carpeta Suprimido : C:\Users\Usuario\AppData\Local\Temp\boost_interprocess
Carpeta Suprimido : C:\Users\Usuario\AppData\Roaming\DefaultTab
Fichero Suprimido : C:\Users\Public\Desktop\eBay.lnk

***** [Registro] *****

Clave Supprimida : HKCU\Software\Alexa Internet
Clave Supprimida : HKCU\Software\AppDataLow\Software\DefaultTab
Clave Supprimida : HKCU\Software\Default Tab
Clave Supprimida : HKCU\Software\DefaultTab
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Clave Supprimida : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Clave Supprimida : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Clave Supprimida : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Clave Supprimida : HKLM\Software\Default Tab
Clave Supprimida : HKLM\Software\DefaultTab
Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Google Chrome v26.0.1410.64

Fichero : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[S1].txt - [6026 octets] - [11/04/2013 23:52:17]

########## EOF - C:\AdwCleaner[S1].txt - [6086 octets] ##########





THANKS.
0

Didn't find the answer you are looking for?

Ask a question
Answer 5 / 14
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Apr 11, 2013 at 07:56 PM
Ambucias,

Hi again, malwarebytes has finished running. result is ZERO.
See the log below, thanks :)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.11.12

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Usuario :: USUARIO-PC [administrator]

4/12/2013 12:10:14 AM
mbam-log-2013-04-12 (00-10-14).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277599
Time elapsed: 1 hour(s), 41 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
0
Answer 6 / 14
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 12, 2013 at 04:29 AM
Ola,

Sorry for the late response.

I had a little difficulty in reading the Spanish log but I managed.

Most of the malware came from applications you have downloaded, IM Booster, Amazon, for example.

You may now remove adwcleaner and Malwarebyte from your computer.

For optimisation download and run the following tools:

File cleaner:

https://ccm.net/downloads/security-and-maintenance/4555-ccleaner/

This totally free yet very efficient registry cleaner :

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

Delete the items that are found.

Last, I would like to check if the BHO Trojan is really gone it has to do with "Partner Service"

Please produce another ZHP log and upload it on speedyshare.

Asta la proxima
0
Answer 7 / 14
josh@bcn
Apr 13, 2013 at 11:20 AM
Hi, I am so sorry for the spanish text,how can I change it to English?
BTW, I have downloaded the cleaner and the other tool. I have run SCAN and REPAIR, but it didn't give me any logs. How can I find it?

Thanks again.
0
Answer 8 / 14
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 13, 2013 at 05:02 PM
Ola,

There is no need to change the log to English, I understood the Spanish log.

I just need another ZHP log such as the one you produced on April 11.

How is your system working now ?

Best regards
0
Answer 9 / 14
bcn101
Apr 13, 2013 at 06:35 PM
Hi,

Yeah, I know that you understood the spanish text but Iwould like to ask for some help too of changing the language of my notebook to english,except the keyboard. Would that be possible.
And about the log, as what I have told you about the tool that you asked me to download and run, it didn't give me any logs after I click SCAN and REPAIR.


just confused.

thanks
0
Answer 10 / 14
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 14, 2013 at 05:55 AM
I meant a ZHP Diag log as you did in the very beginning.

To change the language, go to the control panel, open regional settings, click on the language tab and select English, click ok
0
Answer 11 / 14
bcn101
Apr 17, 2013 at 05:49 AM
Ambucias,

Hi, stillcan't change the language... idk why. Anyway, is my notebook all clean now? Do I still have to do smth?

Thanks.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 17, 2013 at 06:27 AM
No

Good luck
0
Answer 12 / 14
bcn101
Apr 17, 2013 at 06:31 AM
thanks for the quick reply...as always,just confused with the "NO" is that an answer to : Anyway, is my notebook all clean now?

or to: Do I still have to do smth?


thanks ambu :)
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 17, 2013 at 06:50 AM
Yes, as clean as a whistle, so clean it could squeek !:-)
0
Answer 13 / 14
bcn101
Apr 17, 2013 at 06:55 AM
You are awesome..as always!!!
So, I'll delete all the tools that you told me to download right?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Apr 17, 2013 at 07:22 AM
Hola

Correct, you can delete all except for Eusing Free and CCleaner which are useful tools to use once at least week to keep your machine optimised.

Asta la proxima.
0
Answer 14 / 14
bcn101
Apr 17, 2013 at 07:25 AM
Thank you very much Ambu, hope I wouldn't get any viruses again. hahaha.

au revoir!
0

Similar discussions

Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

1 response
attrib -h -r -s /s /d g:\*.* did not work for me
johnmenard -
Ambucias -

1 response
removing virus with out formating
vijju -
Ambucias -

5 responses
how to get rid of trojan virus
ziggy7 -
speedy -

74 responses
uuuuuuuu.uuu SD card virus problem
pravin -
xpcman -

1 response