Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

virus

(In Progress)
(!)

Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
14-Apr-2010, 05:14 PM #1
virus
My computer has downloaded a program called "security tool" this program is blocking me from using anything in my control panel, or my notepad. The first time i tried to delete the program i went to start and searched the harddrive and when i found it i right clicked it and then a pop up came up and then i got a blank blue screen and my computer shut off. Then when i tried to go to control pannel a pop up came up that said :

>rundll32.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using rundll32.exe to connect to remote host.

A similar one pops up for notepad, run, and other things.
I really need to get rid of this security program so any help given will help. Thanks
valis's Avatar
Moderator with 63,341 posts.
 
Join Date: Sep 2004
Location: as above
14-Apr-2010, 05:18 PM #2
I'm going to move you to the hijackthis forum. If you do not have a response in 48 hours, please post back in this thread, and I'll flag down a security expert for you. In the meantime;

1. Welcome to TSG.

2. Please do the following:

CLICK HERE
to download the HijackThis Installer:
1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
__________________
Microsoft M.V.P. - Windows IT Professional | M.C.S.A. | M.C.P. - MS Server 2k3 | blog | rate me

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that". - Gary Kildall
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
14-Apr-2010, 05:21 PM #3
Thank you i will try that.
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
14-Apr-2010, 05:29 PM #4
Thumbs down Error
when i tried to install the program my desktop icons dissapeared and then my screen went blue and then my computer restarted. I tried again and the pop up said msiexec.exe then is infected with worm Lsas.Blaster.Keyloger.....

Last edited by Elluziion; 14-Apr-2010 at 05:31 PM.. Reason: more info
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
14-Apr-2010, 07:38 PM #5
Update
I finally got HijackThis installed but my desktop icons are still not visable. when i go to the start bar and select the HijackThis it gives me the same error message. Infected by a worm.
valis's Avatar
Moderator with 63,341 posts.
 
Join Date: Sep 2004
Location: as above
14-Apr-2010, 08:58 PM #6
try renaming hijackthis.exe to puppy.exe and see where that gets you. Sometimes malware will look for specific apps to blow out, and hjt is one of those.

thanks,

v
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
15-Apr-2010, 05:22 PM #7
I tried to save the program as puppie.exe but when i went into the file to open it a black command screen poped up and then dissapeared.


Then i tried to save it under a different name. and an error message came up that said.
>A network error occured while attempting to read from the file.

Last edited by Elluziion; 15-Apr-2010 at 05:38 PM.. Reason: more info
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,871 posts.
 
Join Date: Aug 2003
15-Apr-2010, 05:58 PM #8
Do you have access to a USB external drive (or a flash drive) that you can use to transfer files to the infected computer?
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
15-Apr-2010, 06:01 PM #9
yes i do.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,871 posts.
 
Join Date: Aug 2003
15-Apr-2010, 06:07 PM #10
Sorry, I meant to also ask if you have access to another computer.

We have to download a couple of programs to the USB drive on another computer and then transfer them over.
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
15-Apr-2010, 06:10 PM #11
yes i have another computer.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,871 posts.
 
Join Date: Aug 2003
15-Apr-2010, 06:18 PM #12
OK, that's good.

Download both of these files to the USB flash or external drive using another computer. Right-click and save as you don't want to execute them.

http://download.bleepingcomputer.com...010/FixExe.reg

http://download.bleepingcomputer.com...mbam-setup.exe

Remove the USB drive and insert it into the infected computer.

Now make the sure the rogue Security Tool program is running if it's not already. Can you do something that will trigger one of those alerts? Then you'll know it's running.

Now open the drive that is the USB device on the infected computer and double-click on the FixExe.reg file to run it. Windows will prompt and ask you if you want to allow the data to be added to your computer so click Yes when that happens.

Now you should be able to run the MBAM set up (the other file I had you download) from the USB device and follow the prompts to install the program on the infected computer. Don't change any of the default settings. Once it's installed, update it by clicking on the update tab and then run a Full scan.

When this is done, you should be able to post a HijackThis log from that computer so please do that and post the MBAM log as well.
__________________
Microsoft MVP - Consumer Security
Elluziion's Avatar
Elluziion Elluziion is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Apr 2010
Experience: Intermediate
15-Apr-2010, 06:28 PM #13
ok i will post as soon as i do that. thank you very much
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,871 posts.
 
Join Date: Aug 2003
15-Apr-2010, 06:47 PM #14
I will be away from the computer for a bit but will definitely check back later on.
valis's Avatar
Moderator with 63,341 posts.
 
Join Date: Sep 2004
Location: as above
15-Apr-2010, 09:54 PM #15
thanks cookiegal.........


as always, you are the best.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Virus Rootkit.win32.tdss.d HELP!! snifferhann Virus & Other Malware Removal 2 14-Apr-2010 06:34 PM
Info on correcting incorrect anti-virus software reported by Windows Security Center tomdkat General Security 2 14-Apr-2010 03:06 PM
There might be a problem with one or more network adapters.. Virus? Farley93 Networking 7 14-Apr-2010 02:06 PM
XP 2009 Virus krawl23 Virus & Other Malware Removal 0 24-Feb-2009 02:26 PM
Redirect Virus HELP! ahuang01 Virus & Other Malware Removal 1 29-Nov-2008 01:01 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑