Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

A little help here please!


Jacksparrow21

Recommended Posts

Hi there, i have recently downloaded this wonderful product Iobit security 360 and i must say it is really great. Thanks to all those who have conducted their valuable time for this products research and development. Now i have a liitle problem here and would really appreciate any help.

 

When i give full scan iobit security 360 detects a trojan downloader ( Description C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job) It removes this threat after scan but when i give scan again this threat comes back i mean is re detected. This ih happening quite a few times and i would really appreciate any help.Thank you all in advance.

Link to comment
Share on other sites

Very nice log and very nice malware. :-P

 

C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

 

Uninstall malwaregate: C:\Program Files\AskBarDis ! (alias ZoneAlarm Spy Blocker Toolbar)

 

 

Run HJT and "Fix checked":

 

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

O23 - Service: ASKService (ASKService) - Unknown - C:\Program Files\AskBarDis\bar\bin\AskService.exe

****************************************************************************************

Using Google translator:

 

Stáhni si Malwarebytes' Anti-Malware

Nainstaluj a spusť ho

- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:

Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec

- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje

- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat

- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky

- pak zvol možnost uložit log a ulož si log na plochu

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano

(zatím nic nemaž!).

Vlož sem pak obsah toho logu.

 

EDIT:

http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

Link to comment
Share on other sites

Normally, Ask Toolbar could be removed, however it will interfere with your ZoneAlarm toolbar.

 

Firstly can you tell me what the following are, from what I can see this may be where your infection is coming from:

 

  • F:\YeaChess\YeaChess.exe
  • C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  • O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}SpinTopDRM.SpinTopDRMClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
  • O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}ArmHelper.ArmClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx

 

If you have downloaded them from an untrustworthy source, used a crack/keygen or are not sure what they are do, remove the following:

 

  • O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  • O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}SpinTopDRM.SpinTopDRMClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
  • O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}ArmHelper.ArmClass.1 - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx

 

Use "Unlock and Delete" for:

  • C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe
  • F:\YeaChess\YeaChess.exe

 

Please then run another scan with Security 360.

Link to comment
Share on other sites

RE:

 

Hi Halfevil,

My advice was good and supported by 3 years of experience in removing parasites.

Ask Toobar is very bad software and I recommend to uninstall if you want your computer users in the future without any problems.

 

This user will have problems if it Ask Toolbar (alias ZoneAlarm Toolbar, alias AskBarDis, alias AskSearchBar).

 

Ask Toolbar has nothing to with the same Zone Alarm -firewall manufacturer .

 

Can submit hundreds of reports (logs) , before repair PC. And thanks for the repair PC.

 

I can cite specific examples and divního behavior of this software.

Link to comment
Share on other sites

Hi Halfevil,

My advice was good and supported by 3 years of experience in removing parasites.

Ask Toobar is very bad software and I recommend to uninstall if you want your computer users in the future without any problems.

 

This user will have problems if it Ask Toolbar (alias ZoneAlarm Toolbar, alias AskBarDis, alias AskSearchBar).

 

Ask Toolbar has nothing to with the same Zone Alarm -firewall manufacturer .

 

Can submit hundreds of reports (logs) , before repair PC. And thanks for the repair PC.

 

I can cite specific examples and divního behavior of this software.

 

Hello Damned. The service behind the ZoneAlarm toolbar is Ask, therefore removing Ask would corrupt the ZoneAlarm toolbar, although having no effects on the firewall itself. Which in my opinion should then not be removed. However, I will leave it to the user to decide.

Link to comment
Share on other sites

Phew....all right first i must thank both of you halfevil and damned. Well....i never said im planning of using only and just zonealarm. I might switch to another firewall like threatfire or comodo if ask toolber and zonealarm spy blocker toolber are malicious and bad for my pc. But im a little confused here damned you said to remove some processes while halfevil you said to remove some other which one (or both ) should i do? Please let me know...:neutral:

Link to comment
Share on other sites

I think i must tell you guys this iobit security 360 doesnt detect the threat i mentioned before. I use avg free and a couple of hours ago when i was checking resident shield detection history i found two items were moved to the virus vault.

1.Trojan Horse Fake Alert.MJ Object C:\Documents and settings\Chessmaster\Local settings\Temp\d.exe Process C:\Program files\IObit\IObit Security 360\is.360.exe

 

2.Trojan Horse Sheur2.BBKZ Object C:\Documents and settings\Chessmaster\Local settings\Temp\b.exe Process C:\Program files\IObit\IObit Security 360\is.360.exe

 

I dont know what these are but after this resident shield detection the infections( as stated in avg free) was removed to the virus vault and iobit no longer detects any threat. Note i use iobit free edition and not pro. Is the infection cured? what am i to do now? i didnt remove any processes using the hijack scan...would do it for sure if it would do any help. And if its better to remove the ask toolber then i would surely do it and install another firewall. Thanks to all for reading this threat and replying please help....:wink:

Link to comment
Share on other sites

Hi Jacksparrow21,

Uninstall: AskBar

 

Run HijackScan and "Fix" this items:

 

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Monopod] C:\DOCUME~1\CHESSM~1\LOCALS~1\Temp\c.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O23 - Service: ASKService (ASKService) - Unknown - C:\Program Files\AskBarDis\bar\bin\AskService.exe

********************************************************************************************************

Download and use MbAM. See: http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

 

Log from MbAm put in.

 

Check on http://www.virustotal.com/ this red file:

F:\YeaChess\YeaChess.exe

 

and entire link.

 

Sorry for my English.

 

//EDIT Unwanted files from "Temp" folder we will soon delete

Link to comment
Share on other sites

Thank you very much damned virus total was an awesome site. lol no your english is very good and not poor. Ok ill probably do what you said but may be after consuylting half evil bro. No offense, but after all he was the one who said to attach the log here. So lets see what he says. Thanks again and pls feel free to post any more suggestions ok...:-)

Link to comment
Share on other sites

Thank you very much damned virus total was an awesome site. lol no your english is very good and not poor. Ok ill probably do what you said but may be after consuylting half evil bro. No offense, but after all he was the one who said to attach the log here. So lets see what he says. Thanks again and pls feel free to post any more suggestions ok...:-)

 

Follow Damned, he knows what he is doing :smile:

Link to comment
Share on other sites

Hi, Damned is off-line so if I may.

 

In post# 14 Damned said:

 

In post# 14, click on the link

http://translate.google.cz/translate?hl=cs&sl=cs&tl=en&u=http%3A%2F%2Fforums.iobit.com%2Fshowpost.php%3Fp%3D24073%26postcount%3D7

 

Read the instructions and click on the link to download Malwarebytes' Anti-Malware :-)

 

All the best, woz of oz

Link to comment
Share on other sites

lol i know malwarebytes anti malware didnt get that mbam is the short form sorry. I installed mbam free version previously but it didnt seem good to me so i removed it. I heard the free version is of little use although the pro version will give you really good protection. Shall i download the free version and attach a log here? Please inform. Thanks a lot for helping:-o

Link to comment
Share on other sites

Hi Jacksparrow21,

 

I want to remove harmful files from your computer. Therefore, download and install MbAM (Malwarebytes' Anti-Malware = MbAM), run it, update and perform Quick Scan.

What MbAM found, delete a log after deleting I attach here.

It does not delete all your problems, but most. I know what to remove, and tried another approach, I need to see log.

Even if will be without find items.

 

Damned

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...