1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remove Vista Security 2013 trojan

Discussion in 'Virus & Other Malware Removal' started by zkhul, Feb 17, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
    I have Vista security 2013 on my laptop and it won't allow me to download/install anything. Thus I can't comply with your "special instructions". Before anything will open, my email pops up, I believe that's because after this trojan invaded my pc, when I tried to open my Windows mail, I got "what do you want to open this with"? I chose IE. and since hen every thing is preceded by OUTLOOK EXPRESS that I have to minimize before the desired page can be seen and even then, sometimes ther's nothing to be seen. I think my .exe file is corrupted, and I can't download a fix for it.. In printing out instructions to maNUALLY REPAIR, WAS TOLD THE VIRUS MAY CHANGE ITS NAME WHEN LOOKING FOR to delete it in registry, and apparently it does for recommended entries were not found.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Please download Farbar Recovery Scan Tool and save it to a flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin
     
  3. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
    Thanks Kevin, While looking for my flashdrive, I remembered I gave it to my grandson who won't be back from Rutgers until next week at which time i will follow ur instructions and get back to you--unless I can get my husband tp pick up one befor then. Do I download to the flashdrive from the infected pc or no?
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Use a known clean PC if you have access, use the infected PC if that is your only option.....(y)
     
  5. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
  7. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
    When I previewed my reply to you, I saw my FRST.txt file as an attachment. this time I won't "preview", but just "submit". .But shudn't it appear in this typed txt also. If it doesn't we must chalk it up to the Rogue virus Vista Security 2013. (I cut and paste the file to a new folder successfujllu, but it won't "paste to this reply)...I'll try to "attach" it again....Thanx
     

    Attached Files:

  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM-x32\...\Run: [BringMeSports Search Scope Monitor] "C:\PROGRA~1\BRINGM~2\bar\2.bin\1csrchmn.exe" /m=2 /w /h [42536 2013-01-06] (MindSpark)
    HKLM-x32\...\Run: [BringMeSports_1c Browser Plugin Loader] C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbrmon.exe [30096 2013-01-06] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h [42536 2013-01-07] (MindSpark)
    HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [30096 2013-01-07] (VER_COMPANY_NAME)
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1csrchmn.exe
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbrmon.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
    2 BringMeSports_1cService; C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbarsvc.exe [42504 2013-01-06] (COMPANYVERS_NAME)
    2 VideoDownloadConverter_4zService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2013-01-07] (COMPANYVERS_NAME)
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbarsvc.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 or FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Re-boot and see if DDS will run, post those logs also..
     
  9. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
    T

    Hi Kevin, I don't understand ur last statement. WHAT is DDS? There were no add'l logs. It rebooted as it nornally does.
    In fact after the scan, nothing happened after clicking "fix" and waiting several minutes before restart.
    It seems the attached log that i named FRSTlog is created and says saved to same drive (G) as .
    Didn't find anything on flashdrive( G) called "fixlog.txt". When I access FRST64 program from notepad, the result is in machine language.. When I enter from dos prompt (G:\frst64) the "scan' "search" "fix" box pops up resulting in a file you can read.- attached. Again, NOTHING happens after pressing "fix".
     

    Attached Files:

  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    You have not followed the instructions correctly, all you have done is run the tool FRST again and produced another log FRST.txt.

    Try again with this again, make sure to check the Flash drive and delete any file named fixlist.txt from your last attempt.

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy. Then right click into open open notepad and select Paste. Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM-x32\...\Run: [BringMeSports Search Scope Monitor] "C:\PROGRA~1\BRINGM~2\bar\2.bin\1csrchmn.exe" /m=2 /w /h [42536 2013-01-06] (MindSpark)
    HKLM-x32\...\Run: [BringMeSports_1c Browser Plugin Loader] C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbrmon.exe [30096 2013-01-06] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h [42536 2013-01-07] (MindSpark)
    HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe [30096 2013-01-07] (VER_COMPANY_NAME)
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1csrchmn.exe
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbrmon.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
    2 BringMeSports_1cService; C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbarsvc.exe [42504 2013-01-06] (COMPANYVERS_NAME)
    2 VideoDownloadConverter_4zService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2013-01-07] (COMPANYVERS_NAME)
    C:\PROGRA~1\BRINGM~2\bar\2.bin\1cbarsvc.exe
    C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    DDS is a diagnostic scanner which is included in the instructions you will have read at the onset of your visit to TSG and are included in the stickie at the top of the thread Everyone MUST read this BEFORE posting for help in this forum
     
  11. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130
    Attached is fixlog and DOS from DDS.scr. Haven't had to zip a file for so long...cannot Attach be uploaded as is?
     

    Attached Files:

  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    What is the status of your system now? Why do you attach logs, can you not copy and paste the logs to your replies.. OK continue:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  13. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130


    I had just finished a lengthy explanation of what's going on with my computer and why I can't open Combofix on my deskrop due to Windows mail popup which only brings me back to desktop after i close it. I think my \.exe extension needs repairing. i will have to repeat th info later, but thanks for all u'v done so far. ..
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Apologies I did not fully understand all of your replies, ok if issue with .exe do the following first;

    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    If that action is successful run Combofix

    Thank you,

    Kevin
     
  15. zkhul

    zkhul Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    130

    Attached is exehelperlog I mistakenly clicked "yes" when program asked do you want newer version. and scanning stoped. Program disappeared from desktop and had problems downloading it again. 1 error msg said ask for another install from author, 2nd error msg said get permission from Administrator - which is me? and a third msg said incomplete ....I attach also a file saved to C:\ which I think has something to do wth Combofix
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089915

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice