• Announcements

    • SNIPER62

      64-bit is LIVE   03/27/2020

      CHIMM: 64-bit client is now LIVE and Campaign 172 continues!  
Sign in to follow this  
Followers 0
scotters

I need help with a virus.

21 posts in this topic

I keep having a virus pop up that AVG anit-virus can't heal. I've run hitman pro, which initially helped, and I did a full virus scan with AVG virus, but this thing keeps popping up as C:\DOCUME~1?SCOTTE`1\LOCALS\1\Temp\cfg`4.tmpcfgmgr 52\bbi2.exe

AVG anti virus calls it a "trojan horse downloader.small.30L

This thing always pops up after I have done the scans and I think everything is ok. After it pops up I try to heal it, but AVG can't do it, and then all the annoying popups start to happen, most numerous is aurora.

I'm really concerned about this because a few days ago many .dll files were deleted and windows would not start, causing me to go through Dell technical support and repairing windows. After running hitman, and AVG anit-virus, I though things were ok, but obviously they are not.

If I call Dell it will cost me to go through their virus help support. Can anyone recommend anything that I can do? Is there another free anti-virus program that will help? Should I purchase the famous Norton Aniti-virus?

Share this post


Link to post
Share on other sites

First, I would reformat your hard drive. This will erase everything on it, including the virus. Make sure you've backed up all documents, photos, music to a disk first.

After you have reformated, then definately, I would get Symantec's Norton Anti Virus. The freeware anti virus programs do not keep up with the ever developing virus hackers out there. Norton's will update for you constantly, giving you the most up to date protection (no, I do not work for Symantec...lol) I've tried McAfee anti virus, but for my money, its not as good as Norton.

Good luck!

Share this post


Link to post
Share on other sites

Be aware however, Norton anti-virus has a conflict with Audigy sound cards. Norton knows this, but only informs you in the 'read me' file, after you have bought the program. Also , Norton is extremely ' invasive', try turning it off :).

Share this post


Link to post
Share on other sites

Thanks for the help, but how do I backup my important files? Do I need to buy a zip disc thing, or is there a way to back it up on the computer itself?

How do I reformat the hardrive? Is this really necessary?

Share this post


Link to post
Share on other sites

Scotters, I believe you have spyware, not a virus. I doubt that you will have to do anything as drastic as reformat!

Download Ad-aware SE 1.06 here:

http://www.lavasoft.com/

Once installed, run a scan.

One of their updates cleans something they call "Win32.TrojanDownloader.Small +3" which sounds very similar.

Share this post


Link to post
Share on other sites

First off, not to be a jerk, but reformatting is not necessary in most instances. Its akin to nuking an anthill to kill ants. That said, there are a few things you can do to rid yourself of this trojan.

Trojans are NOT viruses. They are trojans. BIG and distinctive difference. You need something that deals with them specifically in my experience. Do not follow the advice that "The freeware anti virus programs do not keep up with the ever developing virus hackers out there." This is simply not true. Nortons is unnecessary and bloated as all get out. AVG (www.grisoft.com) is exceptional, updated almost daily and best of all, free. You can also try "Avast!" (www.avast.com) which is also very good and free. This should cover you in the anti virus department.

For trojans, and any time you feel you have something 'suspicious' going on, I use F-PROT anti virus. It deals with suspected trojans much better than most AV programs in my experience.

The first thing to do is dump your temp files (your original post shows this file to be in a temp file. Deleting that file should get rid of the problem).

Second thing to do is visit Windows Update and ensure that your operating system has all critical updates applied. You can find Windows update by going to your Start button and looking at the menu that comes up.

Third thing to do is get off of Internet Explorer and use an alternative, non-IE dependent browser such as Opera or better yet, Firefox. Compared to IE, these browsers are much more securely written and will give you considerable protection as long as you ensure you keep Windows patched.

To answer your question in the last post you made, backing up is easy. If you have a CD burner, burn all of your important files, documents, music etc. anything you want to keep to disk. No, you dont need to reformat (see my comments :-) ) and yes, it can be hard to do if you havent done it before. There are tons of sites on the net that will walk you through the procedure and I urge you to learn as much as you can. Its a lot of fun to do your own computer upkeep as well as saving you tons of money. For what its worth, I do computer support for a living and am responsible for approximately 600 users as well as an extensive mobile environment. What Ive told you here, I do almost every day. Its not theory, its practice ;-) Good Luck and post back with your results.

Share this post


Link to post
Share on other sites

Scotters, personally i wouldn't touch Norton, AVG is good enough, normally i wouldn't advise reformatting either, but a google on bbl2.exe gave 1 link, and its fugly

http://forums.spywareinfo.com/lofiversion/index.php/t46598.html

now its possible to clean, but it looks like a lot of work, and its pretty technical i'm afraid.

what happens is another file is the cause and its that thats not being picked up, it is possible to clean it, but you have to weigh up whats the best choice for you, check that link see what you think.

Share this post


Link to post
Share on other sites

I agree with del369, I won't touch Norton. Used that before and I had a lot of problems with trojans getting past it. After removing it and installing AVG I've never had any problems with trojans.

On top of that I'm more and more moving over to using Firefox since most trojans get in through IE and that helps a lot too.

You can't start the game with Firefox? Don't need to use a browser for that. I have a shortcut to the playgate exe on my desktop which works great.

Share this post


Link to post
Share on other sites

Once again.someone only asking for help & we're going off on a tangent here & arguing about AV programs & whatnot[too late for that]. My suggestion would be to go to dslreports.com & register there. Go to the forums & follow the link to "what do i do if i am infected"!! They will tell you the neccessary programs to d/l & in what order to run them! Including free online scans,etc. [you may have to go to the 'security' forum to find this] Also,one of the programs is HijackThis..they will want you to download/scan with this but do nothing other then post your 'results' file..if ALL else fails to remove your infection. Hope this helps!! If it does & you can come back,we will gladly argue then about what AV programs to use & whatnot... :wink: [meathed] .A complete wipe & format should be the LAST resort you should attempt!!! There are few if any of these viri [viruses] which can't be stopped/removed!!

Share this post


Link to post
Share on other sites

totally agree meathed normally i wouldn't recomend it either, but check that link, this one seems real nasty, and it will take a lot of messing around to clean it, "sometimes" its easier to just format, especially if all this is new to you, however the dsl forum idea would be a good thing to do first.

Share this post


Link to post
Share on other sites

I actually had something very similiar to this happen to me a few weeks ago which also was connected to aroura. A very, very nasty bit of spyware. I was looking for a cheat for a particular game (what happens when you try to cheat I guess) and got a driveby install which I knew immeadiately was a problem. I thought I had secured IE from this sort of thing but obviously I hadn't gone far enough.

I had norton's antivirus but it was perfectly happy with the spyware installed. I was trying out microsoft's spyware beta (I know! I know!) and it would find pieces of the software and remove it but after you rebooted it would reinstall itself shortly thereafter. The only thing that really saved me was I had sygate firewall running which kept this nasty bit of software from phoning home.

I tried ad-aware and it found more pieces to remove but it still couldn't prevent the software from reinstalling itself a short time later. I found that the software had a process running whose name was a random series of 6 or 8 letters. If you killed the process another process would pop up right after with a different set of random letters. I'm not sure how it did that except maybe it was able to trap when you try to kill it so it could create a copy of itself and start the new process as it died itself. Either that or it had a process that doesn't show up on the windows process list. It also had registry listing that would automatically run a program on bootup. You could kill the registry entry but the process would monitor that and immeadiantly replace the entry with a new one.

You could probably fix it by booting off a CD with a clean version of the registry and then fix the main registry on the hard drive but then I thought, screw it; I'll just reformat since it was on my new laptop that didn't have much on it that I couldn't just reinstall and I thought this would give me an opertunaty to get rid of all the gack you get preinstalled on a new laptop and often times it helps somewhat with performance when you do a clean install.

I did the reinstall. I have an HP laptop and I have to say the windows and driver CDs they give you with the laptop made it pretty easy. That of course took care of the spyware and I've hardened IE somewhat so hopefully this doesn't happen again. The other thing I did which I should have done from the beginning is create my main logon so it doesn't have admin privileges in order to prevent the driveby install. It's a little more inconvient since I have to login into a seperate user account to install software but it's much more convienient than having to reinstall the operating system.

Share this post


Link to post
Share on other sites

ive found oddly enough that different spyware removal and protection programs seem to have one thing in common and that if you first run ad - aware se it will pick up a lot of nastys and then if you run say spyware docter its gonna find some nastys that ad aware didnt catch, and then run webroots Spy sweeper its probably gonna find some the other to missed and on and on. Im sure you catch my drift here. so atm ive got the free ad aware, the retail of spy doctor, 30 day spy sweeper try out and the free spybot search and destroy. Sounds like a lot but actually there not large programs and ive had what you described in initial forum posting or a derivitive of it and it took all four of the above mentioned programs to rid my maching of this rapidly replicating and undeletable monster someone is making a lot of money, and what i think should be a finable invasion of privacy and whatever the lawyers could come up with . whomever invented the first popup ad should be drawn and quartered and the adware swine i would want to really be dealt with harshly. But enough of my ranting, www.majorgeeks.com has all of these and many others for download and no forms to fill out to download them. hope ive been of some help to you. i know how frustating one of the bad malware infections can be. when i first ran spy doctor on what im pretty sure is the same nasty as youve got it found 148 different files and reg entrys and over 1200 trace bits and pieces of this crap on my main drive. 2 reboots later and like magic my drive was cured .. Good luck :)

Share this post


Link to post
Share on other sites

www.hitmanpro.nl (its in dutch as some poor kiddie stricken with internet terrets syndrome reminded me in his own sweet yet unique style) :)

just go to the top of the page and click download, its basically adaware, spysweeper (trial ver) spybot, spyware blaster, cws shredder, spyware doctor and a few other little goodies all in one, you only need to click 2 x on "i agree" for the rest it does everything automatically 9dont disturb it unless you see an "i agree" sign thats not going away.

was just looking for something else and found this site with some detailed descriptions of getting rid of nail/aurora http://www.geekstogo.com/forum/agian_with_nailexe_auroraRESOLVED-t20277.html

its gotta be the nastiest bit of spyware out there.

i'd seriously recomend getting the opera or firefox browser and only using ie for windows update and game starting.

Share this post


Link to post
Share on other sites

you dont need to use IE to launch wwiiol

"C:\Program Files\Playnet\Playgate\PlayGate.exe" 1 1

use the playgate icon theres a sticky that will explain how to set it up

IE = teh debil

:)

Share this post


Link to post
Share on other sites

I am having a problem with a similar issue. I have AVG free edition, I do my scans, and I always find this Java/OpenStream virus found, but it wont let me do anything. What are my options here?

I use ad aware, spybot, and spyware doctor; none of them get anything significant either. I use firefox, XP SP2.

Share this post


Link to post
Share on other sites

I think the problem a lot of people are having is this 'free' thing. If you pay for an anti virus program you generally get better protection from things.

http://www.nod32.com/ < by far the best Anti Virus out there, really small foot print in memory.

Share this post


Link to post
Share on other sites

I think the problem a lot of people are having is this 'free' thing. If you pay for an anti virus program you generally get better protection from things.

http://www.nod32.com/ < by far the best Anti Virus out there, really small foot print in memory.

Share this post


Link to post
Share on other sites

nah avg is excellent sres, mcafee and norton aren't, but none of them are perfect, i'd say avg is way better than mcafee or norton, but not infallable.

i'd suggest an online scan at www.pandasoftware.com or www.trendmicro.com you'll need cookies enabled firewall disabled, and possibly need to add the sites to your popup blocker to be allowed, and to trusted sites, see if one of those gets it, or kapersky (sp?) is another supposedly good online scanner as well) also if you have a name for the virus try a search on "virus name" removal in google, that may turn up something.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.