Solve : Someone please help.. :-(?

1.	Solve : Someone please help.. :-(?
Answer» I have recently acquired a virus and need some help! Ugh.. the error reading is "Application cannot be executed. The file XXXXX is infected. Do you want to activate your antivirus software now?" then a fake antivirus software alert comes up... I had this same issue a few weeks ago and thought it was gone but it's back again grr!! Any help would be AWESOME! Please download Cheetah-Anti-Rogue, and save to your Desktop. Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop. Double-click on Cheetah-Anti-Rogue.cmd to start. It will finish quickly and launch a log. Post the contents of it in your next reply. I am unable to copy the text into a window because each time i open the file it immediately closes any window I open..I was able to log off and back on and copy this: Cheetah-Anti-Rogue v1.2.17 by DragonMaster Jay Microsoft Windows [Version 6.0.6002] Date: 02/08/2010 - Time: 21:24:00 - Arch.: x86 -- Malware tools check -- Trend Micro HijackThis 2.0.2 Malwarebytes' Anti-Malware SUPERAntiSpyware Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.The log from malwarebytes: Malwarebytes' Anti-Malware 1.44 Database version: 3713 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 2/9/2010 3:48:03 PM mbam-log-2010-02-09 (15-48-03).txt Scan type: Full Scan (C:\\|) Objects scanned: 270324 Time elapsed: 1 hour(s), 57 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 FILES Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I did this scan on the 8th which detected one infected file I thought I should attach it as well: Malwarebytes' Anti-Malware 1.44 Database version: 3640 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 2/8/2010 3:41:03 AM mbam-log-2010-02-08 (03-41-03).txt Scan type: Full Scan (C:\\|) Objects scanned: 267771 Time elapsed: 3 hour(s), 25 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Zachary\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully. To manually create a new Restore Point Go to Control Panel and select System and Maintenance Select System On the left select Advance System Settings and accept the warning if you get one Select System Protection Tab Select Create at the bottom Type in a name i.e. Clean Select Create Now we can purge the infected ones Go back to the System and Maintenance page Select Performance Information and Tools On the left select Open Disk Cleanup Select Files from all users and accept the warning if you get one In the drop down box select your main drive i.e. C For a few moments the system will make some calculations Select the More Options tab In the System Restore and Shadow Backups select Clean up Select Delete on the pop up Select OK Select Delete You are now done To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. == Please download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. == Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad DOCUMENT should open automatically called checkup.txt; please post the contents of that document. Results of screen317's Security Check version 0.99.1 Windows Vista Service Pack 2 (UAC is enabled) `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! SonicStage Mastering Studio Audio Filter Custom Preset Trend Micro AntiVirus Trend Micro AntiVirus Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Spyware Doctor 7.0 SUPERAntiSpyware Free Edition HijackThis 2.0.2 Java(TM) 6 Update 17 Java(TM) SE Runtime Environment 6 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 8.1.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````END of Log``````````` Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is IMPORTANT to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs. Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. == Please download the newest version of Java from Java.com. Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs. Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them. Once old versions are gone, please install the newest version. == Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection. Software recommendations Firewall Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version. Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first. PC Tools Firewall Plus: free and excellent firewall. AntiSpyware SpywareBlaster SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here. Spybot - Search & Destroy. Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot). NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. Resident Protection help A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them. Rogue programs help There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here: http://www.spywarewarrior.com/rogue_anti-spyware.htm Securing your computer Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future. Please consider using an alternate browser Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option. If you are interested: Firefox may be downloaded from here: http://www.getfirefox.com Opera is available here: http://www.opera.com/download/ See this page for more info about malware and prevention.

Answer»

I have recently acquired a virus and need some help! Ugh.. the error reading is "Application cannot be executed. The file XXXXX is infected. Do you want to activate your antivirus software now?" then a fake antivirus software alert comes up... I had this same issue a few weeks ago and thought it was gone but it's back again grr!! Any help would be AWESOME! Please download Cheetah-Anti-Rogue, and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

I am unable to copy the text into a window because each time i open the file it immediately closes any window I open..I was able to log off and back on and copy this:

Cheetah-Anti-Rogue v1.2.17
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 02/08/2010 - Time: 21:24:00 - Arch.: x86

-- Malware tools check --
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SUPERAntiSpyware
Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.The log from malwarebytes:
Malwarebytes' Anti-Malware 1.44
Database version: 3713
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/9/2010 3:48:03 PM
mbam-log-2010-02-09 (15-48-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 270324
Time elapsed: 1 hour(s), 57 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
FILES Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I did this scan on the 8th which detected one infected file I thought I should attach it as well:

Malwarebytes' Anti-Malware 1.44
Database version: 3640
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/8/2010 3:41:03 AM
mbam-log-2010-02-08 (03-41-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 267771
Time elapsed: 3 hour(s), 25 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Zachary\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad DOCUMENT should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
SonicStage Mastering Studio Audio Filter Custom Preset
Trend Micro AntiVirus
Trend Micro AntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````END of Log```````````
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is IMPORTANT to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Solve : Someone please help.. :-(?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment