A little help here please!

[Jacksparrow21]

Hi there, i have recently downloaded this wonderful product Iobit security 360 and i must say it is really great. Thanks to all those who have conducted their valuable time for this products research and development. Now i have a liitle problem here and would really appreciate any help.

 

When i give full scan iobit security 360 detects a trojan downloader ( Description C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job) It removes this threat after scan but when i give scan again this threat comes back i mean is re detected. This ih happening quite a few times and i would really appreciate any help.Thank you all in advance.

[sunny staines]

good

 

good to see some praise come in.

[Jacksparrow21]

Yeah its always good to see some praises lol:-D but that doesnt answer my question bro....guess all the praises were just to get some answers lol:-D

[333halfevil]

Hi Jack, it seems you are still infected. Please do the following. And remember do NOT delete anything.

 

Run Hijack Scan and save a log. Once a log file is saved to your desktop, please attach it to or paste it in this thread.

http://img30.imageshack.us/img30/7895/74140502.png

[Jacksparrow21]

Thanks a lot 333halfevil ok im attaching the report here pls help. Thank you again for your help.

iobit security 360 log.txt

[Damned]

Very nice log and very nice malware. :-P

 

C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

 

Uninstall malwaregate: C:\Program Files\AskBarDis ! (alias ZoneAlarm Spy Blocker Toolbar)

 

 

Run HJT and "Fix checked":

 

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

O23 - Service: ASKService (ASKService) - Unknown - C:\Program Files\AskBarDis\bar\bin\AskService.exe

****************************************************************************************

Using Google translator:

 

Stáhni si Malwarebytes' Anti-Malware

Nainstaluj a spusť ho

- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:

Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec

- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje

- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat

- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky

- pak zvol možnost uložit log a ulož si log na plochu

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano

(zatím nic nemaž!).

Vlož sem pak obsah toho logu.

 

EDIT:

http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

[Jacksparrow21]

Ok thanks a lot damned i am trying it now.... ill let you know if its fixed. One more question please will this affect my zone alarm firewall? Please let me know....thanks a lot

[333halfevil]

Normally, Ask Toolbar could be removed, however it will interfere with your ZoneAlarm toolbar.

 

Firstly can you tell me what the following are, from what I can see this may be where your infection is coming from:

 

• F:\YeaChess\YeaChess.exe
  
• C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  
• O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}SpinTopDRM.SpinTopDRMClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
  
• O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}ArmHelper.ArmClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
  

 

If you have downloaded them from an untrustworthy source, used a crack/keygen or are not sure what they are do, remove the following:

 

• O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  
• O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}SpinTopDRM.SpinTopDRMClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
  
• O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}ArmHelper.ArmClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
  

 

Use "Unlock and Delete" for:

• C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  
• F:\YeaChess\YeaChess.exe
  

 

Please then run another scan with Security 360.

[Damned]

RE:

 

Hi Halfevil,

My advice was good and supported by 3 years of experience in removing parasites.

Ask Toobar is very bad software and I recommend to uninstall if you want your computer users in the future without any problems.

 

This user will have problems if it Ask Toolbar (alias ZoneAlarm Toolbar, alias AskBarDis, alias AskSearchBar).

 

Ask Toolbar has nothing to with the same Zone Alarm -firewall manufacturer .

 

Can submit hundreds of reports (logs) , before repair PC. And thanks for the repair PC.

 

I can cite specific examples and divního behavior of this software.

[333halfevil]

Hi Halfevil,

My advice was good and supported by 3 years of experience in removing parasites.

Ask Toobar is very bad software and I recommend to uninstall if you want your computer users in the future without any problems.

 

This user will have problems if it Ask Toolbar (alias ZoneAlarm Toolbar, alias AskBarDis, alias AskSearchBar).

 

Ask Toolbar has nothing to with the same Zone Alarm -firewall manufacturer .

 

Can submit hundreds of reports (logs) , before repair PC. And thanks for the repair PC.

 

I can cite specific examples and divního behavior of this software.

 

Hello Damned. The service behind the ZoneAlarm toolbar is Ask, therefore removing Ask would corrupt the ZoneAlarm toolbar, although having no effects on the firewall itself. Which in my opinion should then not be removed. However, I will leave it to the user to decide.

[Jacksparrow21]

Phew....all right first i must thank both of you halfevil and damned. Well....i never said im planning of using only and just zonealarm. I might switch to another firewall like threatfire or comodo if ask toolber and zonealarm spy blocker toolber are malicious and bad for my pc. But im a little confused here damned you said to remove some processes while halfevil you said to remove some other which one (or both ) should i do? Please let me know...:neutral:

[Jacksparrow21]

Oh yes forgot to answer your question halfevil bro....the first one yea chess is a chess game that my little bro downloaded a couple of months ago dont know what the later three are....pls suggest what would be best for me to do.....

[Jacksparrow21]

I think i must tell you guys this iobit security 360 doesnt detect the threat i mentioned before. I use avg free and a couple of hours ago when i was checking resident shield detection history i found two items were moved to the virus vault.

1.Trojan Horse Fake Alert.MJ Object C:\Documents and settings\Chessmaster\Local settings\Temp\d.exe Process C:\Program files\IObit\IObit Security 360\is.360.exe

 

2.Trojan Horse Sheur2.BBKZ Object C:\Documents and settings\Chessmaster\Local settings\Temp\b.exe Process C:\Program files\IObit\IObit Security 360\is.360.exe

 

I dont know what these are but after this resident shield detection the infections( as stated in avg free) was removed to the virus vault and iobit no longer detects any threat. Note i use iobit free edition and not pro. Is the infection cured? what am i to do now? i didnt remove any processes using the hijack scan...would do it for sure if it would do any help. And if its better to remove the ask toolber then i would surely do it and install another firewall. Thanks to all for reading this threat and replying please help....:wink:

[Damned]

Hi Jacksparrow21,

Uninstall: AskBar

 

Run HijackScan and "Fix" this items:

 

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O23 - Service: ASKService (ASKService) - Unknown - C:\Program Files\AskBarDis\bar\bin\AskService.exe

********************************************************************************************************

Download and use MbAM. See: http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

 

Log from MbAm put in.

 

Check on http://www.virustotal.com/ this red file:

F:\YeaChess\YeaChess.exe

 

and entire link.

 

Sorry for my English.

 

//EDIT Unwanted files from "Temp" folder we will soon delete

[Jacksparrow21]

Thank you very much damned virus total was an awesome site. lol no your english is very good and not poor. Ok ill probably do what you said but may be after consuylting half evil bro. No offense, but after all he was the one who said to attach the log here. So lets see what he says. Thanks again and pls feel free to post any more suggestions ok...:-)

[Damned]

For the procedure that would follow, I need to see the log from MbAM.

 

Because the unwanted file, or parts thereof, may still be present in the PC.

[333halfevil]

Thank you very much damned virus total was an awesome site. lol no your english is very good and not poor. Ok ill probably do what you said but may be after consuylting half evil bro. No offense, but after all he was the one who said to attach the log here. So lets see what he says. Thanks again and pls feel free to post any more suggestions ok...:-)

 

Follow Damned, he knows what he is doing :smile:

[Jacksparrow21]

whats mbam? which log file shall i attach now damned?

[wozofoz]

Hi, Damned is off-line so if I may.

 

In post# 14 Damned said:

Download and use MbAM. See: http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

 

Log from MbAm put in.

 

In post# 14, click on the link

http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

 

Read the instructions and click on the link to download Malwarebytes' Anti-Malware :-)

 

All the best, woz of oz

[Jacksparrow21]

lol i know malwarebytes anti malware didnt get that mbam is the short form sorry. I installed mbam free version previously but it didnt seem good to me so i removed it. I heard the free version is of little use although the pro version will give you really good protection. Shall i download the free version and attach a log here? Please inform. Thanks a lot for helping:-o

[Damned]

Hi Jacksparrow21,

 

I want to remove harmful files from your computer. Therefore, download and install MbAM (Malwarebytes' Anti-Malware = MbAM), run it, update and perform Quick Scan.

What MbAM found, delete a log after deleting I attach here.

It does not delete all your problems, but most. I know what to remove, and tried another approach, I need to see log.

Even if will be without find items.

 

Damned