Computer Help

General discussion

Virus, Trojan, PUP

by jersuha / September 1, 2008 6:10 AM PDT

Hi I am using a HP Pavilion that has had main drive and 2nd drives installed since purchase in 1999. I use Windows XP home. I had McAfee, but when they uploaded an update that crashed my computer I took it off and now have AGV8 free installed. That service has placed the following in the virus vault.

Warning Found Adware.websearch
HKLM\software\microsoft\windows\current version\installer\userdata\AUI

PUP potentially harmful program fake_antispyware.YR
C:\Documents and settings\owner\Desktop\smitfraudfix\IEDfix.exe

PUP potentially harmful program fake_antispyware.YR
C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Browser\Profiles\aton6n7fd.default\cache\633285D9d01

PUP Potentially harmful program fake_antispyware.YR
C:\Documents and Settings\Owner\Desktop\smitfraudfix.zip

I downloaded the smitfraudfix because of a forum on Geekstogo.com, I don't know if they are reliable or not.

I had also had a Trojan Horse.dropperagent.JOC
which I removed, but several of my computer files seem to not be working correctly or have disappeared. One of these is that my trash can, is nowhere to be found, neither can I access my system renewal or undo program, nor is the internet explorer working. Whenever I shut down my computer I get a message box stating unable to create DB.

I have tried to reload the IE6, but it states that a newer edition is already installed, so I try to reinstall the IE7 but it says that core elements are missing and it can't be installed. I am now using the FLOCK browser to access the internet. which I receive over a DSL connection.

Any help I may obtain will be a real blessing and greatly appreciated.

Thank you

Post a reply
Discussion is locked
You are posting a reply to: Virus, Trojan, PUP
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Virus, Trojan, PUP
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Multiple Items..
by Grif Thomas Forum moderator / September 1, 2008 2:55 PM PDT
In reply to: Virus, Trojan, PUP

Smitfraudfix is a genuine/reliable program and it can be trusted to remove certain types of malware.. Still, the internal programs of Smitfraudfix are detected by a number of virus and spyware removal tools as malware.. Basically, it's a false positive for Smitfraudfix.. Still, the detection will go away if you simply clean out the vault.. Delete all the files in there and remove Smitfraudfix after it's done its job.

Next, delete all files from all of your browser Temporary Internet Files cache..

And just to make sure you've cleaned everything up, try one more tool per the instructions below. It may help the issues with your other programs as well:

Please download Malwarebytes' Anti-Malware from the link below:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Hope this helps.

Grif

Collapse -
Thank you Grif
by jersuha / September 3, 2008 6:35 AM PDT
In reply to: Multiple Items..

I did what you suggested and I got rid of a lot of garbage that has had years of accumulation, I'm sure. My system seems to be working better, but I still can not access my "Help and Support" on my computer,when I click on it I get nothing at all. When I click on my recycle bin, I get a folder with a flashlight searching, but nothing comes up. I still get a "can't create DB box message when the system reboots, and when I use IE, I can get into my hotmail, but any other address that I put into it,comes up "That module is missing" is there a cure for these things? Or have I lost them forever?

Thank you so much for the help you have given... I will be completely content if I find a way to restore what is lost.

Thank you so very much. Happy

Collapse -
Just A Suggestion...Try System File Checker
by Grif Thomas Forum moderator / September 3, 2008 10:00 AM PDT
In reply to: Thank you Grif

It's part of Windows XP and can be run using the instructions in the links below. Run "sfc /scannow" form a command prompt. It should find and fix corrupted system files:

Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe)

By the way, did the Malwarebytes program find spyware, etc.? If so, please tell us which types of spyware, trojans and such were found.

And if all else fails, HP should have included a Recovery Partition on your computer, or Recovery Discs, which allow you to wipe the disc and reinstall the operating system and all software back to it's factory condition.

Hope this helps.

Grif

Collapse -
About file checker
by jersuha / September 3, 2008 1:54 PM PDT

Thank you Grif,
I tried to check files and what it came back with was " the files that are required for windows XP to run properly have been replaced with unrecognizable versions. To maintain system stability, windows must restore the original versions of these files. Insert windows XP home edition service pack 2 CD now. The problem is that I think I purchased my windows XP on line at the MSN update store for the windows 95 and I know that the Service Pack 2 was an automatic Windows XP update a couple of years ago or so. So now I don't know what I'm suppose to do.

I have included the reports and actions of the smitfraudfix scan. After that I ran the Malwarebytes_anti-malware quick scan and have included the results of that here. At the end, I ran the full scan and have also included the results to that scan.
SmitFraudFix v2.345

Scan done at 0:57:57.69, Wed 09/03/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

Collapse -
Just A Suggestion...
by Grif Thomas Forum moderator / September 4, 2008 12:24 AM PDT
In reply to: About file checker

First, it's clear you had some malware on the machine and it looks like it's been cleaned out..

Second, the upgrade to XP could certainly be an issue.. You should be able to use any XP SP2 disc to restore those corrupted files and that's your best option.. OR ... you might try reinstalling Service Pack 2 by downloading the full SP2 installer file from the link below, then run it. It should replace the corrupted files, maybe. It's a large download, about 260 + MB so you'll need a fast broadband connection..

http://www.microsoft.com/downloads/details.aspx?FamilyID=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Windows XP isn't a "downloadable" item so if you purchased an upgrade version of XP online, you should still have the XP CD. It's not a downloadable file.. As to the SP2 installation, YES, it could have been installed directly from the Windows Updates site or through Automatic Updates but the above download will provide those same files.

If neither option works, you may need to do a complete reinstall of your system back to factory condition.

Hope this helps.

Grif

Collapse -
Reponse to just a suggestion from Grif
by jersuha / September 4, 2008 8:41 AM PDT
In reply to: Just A Suggestion...

Thank you Grif... I went to the link that you included, but it is for IT professionals and multiple machine networks. My daughter and I have a network of 2 computers, one a PC and the other a laptop. She is using VISTA so I went to the windows updates and downloaded the service pack from there and installed it. However the response from the file checker remains the same. They have a service pack 3 which says that it contains all of the updates to windows XP plus a few more. Would it be recommendable to install that and see if it adds the missing files?

Thanks,

Jersuha

Collapse -
For Windows XP, Please Use The SP2 File I Suggested..
by Grif Thomas Forum moderator / September 5, 2008 6:58 AM PDT

It can be installed on a single computer as well as many, and it WILL fix some of your corrupted system files.. There's no guarantee that it will fix your particular issue but I DO NOT recommend installing Service Pack 3 until after you've got SP2 running correctly.

And I'm not quite sure why you're now referring to your daughter's computer which is running Vista.. The problem computer we've been discussing is running Windows XP SP2, isn't that correct? If so, then updating your daughter's computer obviously will have no affect on your computer.. At this point, please follow the original directions to download and install the full SP2 installer for IT Professionals..

Hope this helps.

Grif

Collapse -
reply concerning Daughter's computer
by jersuha / September 5, 2008 7:41 AM PDT

Oh, no, it is for my computer, but I only meant that her vista computer is on the same home network with me and I thought that if I used the SP@ you mentioned it could cause problems if it downloaded to her computer too....I don't understand much about a lot of computer things and so I don't know what happens across a network. I'm sorry

I will go ahead and down load the SP3 from the site that you sent me.

Thanks.

Collapse -
2nd response
by jersuha / September 5, 2008 7:43 AM PDT

guess I should have previewed the other post. I meant sp2 in both sentences not sp@ nor sp3. Sorry

Collapse -
Using the SP2 file that was suggested
by jersuha / September 5, 2008 4:34 PM PDT
In reply to: 2nd response

I tried the SP2 file that was suggested, and after about 20 minutes of checking and updating the files on my computer I received a message saying the "SP2 file .....permission denied"

So I guess the only alternative is to get a hold of a windows XP cd.
I am trying to retrace my tracks to see if I might discover where it has gone.

Thank you Grif for all you help. I really do appreciate it.

Jersuha

Collapse -
Virus, Trojan, PUP, SP3
by jersuha / September 8, 2008 10:43 AM PDT

Grif, first of all I want to tell you a big thank you for working with me on this. I really do appreciate....Well, I have downloaded the SP2 file, no difference, so at last I found my Windows XP and ran the sfc/scannow and it asked for the windows XP disc...at different intervals it asked for the CD again and I'd click retry and it would copy some more, until it finally made it to the end. But the result is the same. As Windows is loading a box comes up saying "unable to create DB window" Then when I tried to use the internet explorer, I can get into my hotmail account just fine, but when I tried to come to this site I got a message saying "specified module could not be found" So basically it didn't change anything. I was going to try to just go ahead and reinstall windows, but I got a message saying "the windows Xp version on the computer is a newer version, if you try to install from this disc you will not be able to recuperate your files."

Anything else I can do?

Collapse -
In Order To Correctly Reinstall Windows...
by Grif Thomas Forum moderator / September 9, 2008 12:36 AM PDT

...using your older version in the CD, you'll need to perform a full format of the drive, which will wipe everything from the hard drive, then reinstall the older version.. Once that's done, you install the drivers for the computer, then start upgrading to the newest service packs. Below is a link to a step by step guide on how to do that with your original version of XP with no service pack or SP1.:

http://www.windowsxphome.windowsreinstall.com/installxpcdoldhdd/indexfullpage.htm

So at some point you'll need to make the decision to keep tinkering with the system and see if you can fix the error you're seeing...or...move on a reinstall everything from scratch.

Hope this helps.

Grif

Collapse -
Afrer all that
by jersuha / September 9, 2008 11:00 AM PDT
In reply to: Virus, Trojan, PUP

Grif, thank you for all of your help...... after all of that I installed windows 7 and everything is back up and running.

Thank you once again.

Jersuha

Collapse -
You Installed 'Windows 7' ??
by Grif Thomas Forum moderator / September 10, 2008 1:52 PM PDT
In reply to: Afrer all that

Or do you mean that you install Internet Explorer 7?

Windows 7 is the "in development" version of Windows that hasn't been released yet.. Are you sure you installed Windows 7?

Just trying to get things straight for others...

Grif

Collapse -
Sorry...........
by jersuha / September 11, 2008 1:33 AM PDT

I did the file check and it kept using my windows installation but when it was done I still couldn't get IE to work so I tried the IE installation again and it let me download it this time, and what I installed was IE7. What seems strange to me is that the first thing it did was run a malware removal tool.........so is IE7 the one that put the malware on my computer in the first place....it was trying to get me to update to IE7 and kept hijacking my home page to their download page, when all of this took place. I sent a message for them to stop hijacking my home page because I didn't want IE7 because it always froze up my computer. Immediately after that my computer started missing files so I am wondering if the malware I had on here was sent to me from IE7. If it was then that is just really messed up....and I don't like it.

Thank you Grif, you have helped me a lot and I thank you for all of your time and patience.

Jersuha

Collapse -
ANY Browser Can Cause Malware To Be Loaded...
by Grif Thomas Forum moderator / September 11, 2008 10:24 AM PDT
In reply to: Sorry...........

..and yes, that means IE 7 as well.. But it's NOT the browser itself that causes malware to be installed.. It's the sites you visit, the actions YOU perform, and vulnerabilities in the browser that allow for the "bad" websites to install those types of bad programs.

Hope this helps.

Grif

Collapse -
Browser malware
by jersuha / September 11, 2008 1:33 PM PDT

Yes, it does and you have helped me a lot.


Thank you so much,

Jersuha

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.