totalsecure 2009 Options

[Shaolinmonkey]

Hi,

I've been having problems with some kind of malware/scareware or whatever you call it.
Its hijacked internet explorer and keeps giving me pop us saying i have spyware infection.
When i close the message it opens my browser on this page
and tries to get me to buy spyware remover.
I have KAV2009 but it dosen't pick anything up

Thanks in advance

Reason for edit: Removed link, no links to malware allowed, send to the lab instead.

Attached File(s)

 sysinfo.zip ( 36.58K ) Number of downloads: 15

 

[richbuff]

Welcome. Run this script in accordance with the instructions in pinned topic above, PC will reboot.

CODE

begin
DelBHO('{BCCCB3D5-17DC-43DD-9F46-A31AB28FECB2}');
QuarantineFile('C:\WINDOWS\system32\fhl.dll','');
DeleteFile('C:\WINDOWS\system32\fhl.dll');
end.

Also, post your PC's GSI report, create GSI log, upload it to the parser site http://gsi.kaspersky.fr/ and post link to GSI Report which may identify issue area, instructions see: http://forum.kaspersky.com/index.php?showtopic=36444

Then, post a combofix log:
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before saving it, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post.

[Shaolinmonkey]

Hi,

I've done all the bits as you said, thanks for your help so far.

Here's the link as requested and the combo fix log is atatched.

http://gsi.kaspersky.fr/lire.php?hl=en&...1c8f55fd00d250#

Attached File(s)

 log.txt ( 13.95K ) Number of downloads: 7

 

[Maroli]

Hi all,

One of my customers has the same problem. I have done the GSI check and you can see it here:
http://gsi.kaspersky.fr/lire.php?hl=nl&...amp;Microsoft=0

One thing I know is that he came infected by a website probable. The URL was linked down from spellen.com

Worst is that I adviced him to remove Version 8 of another virusscanner and take kis2009, which would be able to prevent those messages...

After removing a bear... downloader taskbar for IE and some more info, this crap came up.

Messages appear like those in the Word Document. Sorry. my file is above 300k. How can I upload that one if needed?

Regards
Rob

[Lucian Bara]

hello
we would need an avz log: http://forum.kaspersky.com/index.php?showtopic=69276

[Maroli]

hello
we would need an avz log: http://forum.kaspersky.com/index.php?showtopic=69276

I just attached the AVP File.

Attached File(s)

 sysinfo.zip ( 29.9K ) Number of downloads: 5

 

[Lucian Bara]

try this script:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{BCCCB3D5-17DC-43DD-9F46-A31AB28FECB2}');
QuarantineFile('C:\WINDOWS\system32\rgf.dll','');
DeleteFile('C:\WINDOWS\system32\rgf.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

[Maroli]

It is rebooting now. Problem is that it is remote... And i do not have a ILO board in a laptop...

[Maroli]

It is rebooting now. Problem is that it is remote... And i do not have a ILO board in a laptop...

Issue Solved. Muchos Gracios, bedankt, Thanx, Vielen dank.... and more...

[Trickyson]

Having a very similar issue, every 1-3 folders I move through in Windows results in a warning message telling me I need a virus scanner, and AVZ and KAV haven't been able to remove it.

Attached File(s)

 sysinfo.zip ( 22.77K ) Number of downloads: 7

 

[Maroli]

Having a very similar issue, every 1-3 folders I move through in Windows results in a warning message telling me I need a virus scanner, and AVZ and KAV haven't been able to remove it.

Try the actions described in my part. I had the same issues. Now they are solved.

[Trickyson]

Didn't work. =(

[Lucian Bara]

Hello

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
DelBHO('{6599A965-FA2D-41CD-95B1-13140F1CF8A3}');
QuarantineFile('C:\WINDOWS\system32\fhl.dll','');
DeleteFile('C:\WINDOWS\system32\fhl.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

afterwards pack the C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Quarantine folder and this file:
C:\WINDOWS\system32\w2pxdrv.dll
and send them to me

[Trickyson]

Appreciate the help I have noticed recently that Windows Explorer has been crashing quite a lot, didn't seem to be happening yesterday.

Attached File(s)

 AVZ_Files.rar ( 95.81K ) Number of downloads: 1

 

[Trickyson]

That also appears to have fixed it, much love

[21082003]

I don't understand anything about computer. The only thing that I kwon is that I have that problem. So where or how I shuld run that scrip?
thanks

Edit: unneeded quote removed.

This post has been edited by richbuff: 10.10.2008 00:46

[richbuff]

Welcome. Do not run scripts offered for others. See the pinned topics at top of this forum page. There you will find instructions about how and what to post, including instructions for posting your AVZ log.