Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old May 17th, 2011, 10:11 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
Infected Computer

Hi,
My friend called me tonight and asked me "how can I get rid of a virus". When i asked him how he knew he had one he said he keeps getting a message like tcrdmain.exe cannot start infected with w32/blaster worm. Activate maleware protection, runs all kinds of scans, and his computer keeps shutting down. I researched this a little on the internet looked for removal tools, and one site says to restart in safemode with networking then download this removal tool. He tried that but as soon as his computer restarts in safemode it immediately shuts down. What should i do to this computer. All i really know is that he is running windows 7. And he is running AVG free.
Reply With Quote


  #2  
Old May 18th, 2011, 06:12 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Which removal tool did he use?

It sounds like he's infected with a malware from the fake alert family of scareware.

Is he able to get into regular windows?
What make and model is the system? Is it 32 bit or 64 bit?
Reply With Quote
  #3  
Old May 18th, 2011, 10:01 AM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
I downloaded w32.blaster.wormremovaltool from securitystronghold.com to use but we never actually did use any removal tool. When he couldn't boot into safe mode with networking, we stopped there. I think he can boot into windows normally. I will find out the info on his computer.
Thanks
Reply With Quote
  #4  
Old May 18th, 2011, 03:33 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
You're welcome.

w32.blaster is not the infection he has. The fake AV trojan is giving you that messsage to scare you into buying their bogus fake security software. Don't do it!
Reply With Quote
  #5  
Old May 18th, 2011, 07:52 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
I was talking to my friend and he said that immediately after starting windows normally this thing pops up and starts "scanning computer". about the only thing he can do is to look at pics, anything else like internet explorer will close almost immediately.
His computer is
Toshiba Laptop Windows 7 Home Premium
AMD Athalon (tm) x2 Dual core ql65 64bit
Reply With Quote
  #6  
Old May 20th, 2011, 03:16 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Can he boot into the Recovery environment?
Reply With Quote
  #7  
Old May 24th, 2011, 10:06 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
I got his computer from him, I can boot into the recovery, I try using system recovery. Every date that i choose it goes though then at the end, gives a message an unexpected error occurred, no changes have been made. I also tried using system restore, but there is no disc image to choose. Any other suggestions?
Reply With Quote
  #8  
Old May 25th, 2011, 03:59 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
I just wanted to know if yoiu could boot into the recovery environment, not do a system recovery. Please be careful when following my instructions. If you aren't sure, then come back and ask.

What I reallly wanted to know was if you booted into the recovery environment, if you were able to successfully choose the command prompt.

Don't run any commands. I just want to know if you are able to open a command window.
Reply With Quote
  #9  
Old May 25th, 2011, 10:36 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
Sorry, Yes I can boot into a recovery and a command prompt.
Reply With Quote
  #10  
Old May 26th, 2011, 04:22 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
No problem. This is going to be tough to fix. Give me a day or two to see what our options might be. One thing I do need is for you to boot into regular Windows. When the scan starts, look at the title bar and note what the name of the scanning program is. Let me know. There are several variants. They're pretty much the same, but they use different file names.
Reply With Quote
  #11  
Old May 26th, 2011, 11:08 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
Ok, So I start up the computer normally. When I log on there is a message computer has been restore to 4/11/11, which is one of the dates that i tried to restore to earlier, but it said it was unsuccessful. There seems to be no trace of this scanning program. Is it possibe the restoreing the computer to this earlier date could have gotten rid of it? I will leave the computer on to see if anything happens but is looks ok to me. In fact i am using the internet right now, something he said he could not do. When he first told me about this problem I asked him what he was using for an anitivirus, he said AVG Free, Personally i don't care for free Virus protection programs, I think they are not as good as the ones you pay for, am I right in this assumption, or are they just as good, just with fewer features? I just want to know what to suggest when he asks what to do to prevent this in the future.
Reply With Quote
  #12  
Old May 27th, 2011, 01:55 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
AVG would not be my choice for Anti Virus.

Avast has a good free Anti virus. Microsoft Security Edssentials is also free.

The Restore Point method sometimes works, but you said you did a Recovery? I take it he has a program which creates full backups?

But before we call it clean, we should really check things out. You should update the AV and be sure Windows Updates are up to date first.



Download Malwarebytes' Anti-Malware. (Scroll to the bottom of the page and click on the Blue button labeled Download free version.Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform full scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser).


Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Afer the scan is complete and you see scan completed in the window, there will be a link labeled List of found threats. You want to click it . When that next page opens, you have a choice of copying to clipboard or exporting to text file. choose export to text file. Name the file eset results.txt Save it on your desktop and post its contents into your next reply here.




Then let's run some diagnostics.

Last edited by Mosaic1; May 27th, 2011 at 01:58 AM.
Reply With Quote
  #13  
Old May 29th, 2011, 06:00 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
Here are the results from Eset

C:\Users\Owner\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\UM0WZ7QE\sta1w[1].pdf JS/Exploit.Pdfka.OXE trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\22\6edc8156-29e28afe multiple threats deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\30\3b7a5a1e-5d900cf8 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\62\425101be-28b6fe07 Win32/Adware.SafetyAntiSpyware.A application deleted - quarantined


Here is the Malwarebyte
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6696

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/29/2011 12:13:11 AM
mbam-log-2011-05-29 (00-13-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 415159
Time elapsed: 2 hour(s), 22 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #14  
Old May 29th, 2011, 06:04 PM
rustyroof rustyroof is offline
Member
 
Join Date: Jul 2006
Posts: 42
I have removed AVG free and Installed Kaspersky 2011 internet security. Yes I used the restore method, I never used recovery as there was no recovery file.
Reply With Quote
  #15  
Old May 29th, 2011, 11:52 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Before we do some system housekeeping, how is the system running now?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:07 AM.