Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
Ive got Malware on my C drive, it makes my computer go slow & keeps bringing up popups of gambling/poker adverts etc.... I dont know whether or not to go into my bank website/buy things as I'm scared it will get my card details 
My anti-virus software cant delete it, and it says I dont have permission to delete it myself
F-Secure (my AVS) spyware search keeps bringing up one file, opmijh.dll which is in the System32 file, but when I go to delete it it says I cant rename/delete etc as the program is in use.
Help me pls 
|
Marc
Member
Registered: 11th Aug 02
Location: York
User status: Offline
|
Format c 
and stop viewing porn
|
Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
 Its not porn 
F-Secure can't delete the file either
[Edited on 28-12-2007 by Natalie]
|
Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
Scanning Report
28 December 2007 15:19:22 - 15:25:38
Computer name: HOME
Scanning type: Scan system for spyware
Target: System
--------------------------------------------------------------------------------
Result: 2 malware found
ClickSpring (Malware)
REGKEY:HKLM\software\clickspring
Action: deleted
Win32.TrojanDownloader.Small (Malware)
FILE:C:\WINDOWS\system32\opnmjih.dll
Action: deleted FAILED
--------------------------------------------------------------------------------
Statistics
Files:
Scanned: 0
System: 12308
Not scanned: 1
Result:
Viruses: 0
Spyware: 2
Suspected: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 2
Quarantined: 0
Failed: 1
Boot Sectors:
Scanned: 0
Infected: 0
Suspected: 0
Disinfected: 0
Files not scanned:
An error occurred while scanning (error code 60002)
--------------------------------------------------------------------------------
Options
Definitions version:
Viruses: 2007-12-28_03
Spyware: 2007-12-03_05
Scanning Engines:
F-Secure AVP: 6.00.169, 2007-12-28
F-Secure Libra: 2.03.06, 2007-12-26
F-Secure Orion: 1.02.37, 2007-12-28
F-Secure Draco: 1.00.35, 2007-11-28
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Scan inside archives
Actions:
Viruses: Ask after scan
Spyware: Ask after scan
|
Marc
Member
Registered: 11th Aug 02
Location: York
User status: Offline
|
You could try deleting in Add Remove Programs but chances are it will keep coming back.
|
Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
It doesnt show up in there
|
Liam
Member
Registered: 19th Jan 06
Location: Stafford
User status: Offline
|
Boot up in safe mode, then scan your pc and it should be able to delete it. I think.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.
Personally i would download AVG (another anti-virus) and see if you can get rid of it using that or atleast get the name of the trojan - as Win32.TrojanDownloader.Small is just the type. Tthen google for a program to get rid of that virus - usually symantec (on their website) usually do programs to get rid of specific virus' 
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
Run, your computer is about to explode!
|
Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
OK cheers lads, ill try those
|
Andrew
Member
Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
|
I have a system at work with this same virus.
Tried Norton and AVG to shift it but will not remove. Also tried Safe Mode.
Needs flatening and rebuilding but for the cost of doing that they may as well as buy a new PC.
It's a new company we are supporting. I personally think we should charge them half the price to get into there good books. Not down to me though, it's the managers decision.
|
Natalie
Member
Registered: 5th Nov 03
Location: Oxfordshire Drives: Vauxhall Tigra 1.8
User status: Offline
|
quote:
Originally posted by Dom
you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.
Tried doing that and it kept creating a fatal error
Cant run an F-Secure scan in safe mode as it wont open F-secure in safe mode :S
Andrew - so are you saying that im a bit fucked?
I can live with the popups etc but I just want to make sure that it cant spy my account numbers etc and that I will be safe to make payments etc
|
Tiger
Member
Registered: 12th Jun 01
Location: Leicestershire Drives:Astra VXR
User status: Offline
|
quote:
Originally posted by Natalie
quote:
Originally posted by Dom
you could try downloading Unlocker (google it), then right clicking the .dll file, unlock it (right mouse click the file, select unlocker) and then deleting it.
Tried doing that and it kept creating a fatal error
Cant run an F-Secure scan in safe mode as it wont open F-secure in safe mode :S
Andrew - so are you saying that im a bit fucked?
I can live with the popups etc but I just want to make sure that it cant spy my account numbers etc and that I will be safe to make payments etc
As far as i'm aware, unless its a keylogger your computer doesnt store any bank numbers on it anyway for security reasons?
|
Robbo
Member
Registered: 6th Aug 02
Location: London
User status: Offline
|
D'oh
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
download spybot - search & destroy, make sure you update it then go into safe mode and do a check - that might sort it
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
quote:
Originally posted by Natalie
Its not porn
you mainly get this stuff from visiting dodgy sites like porn though
|
Robbo
Member
Registered: 6th Aug 02
Location: London
User status: Offline
|
quote:
Originally posted by Dom
download spybot - search & destroy, make sure you update it then go into safe mode and do a check - that might sort it
Think she tried that
|
Andrew
Member
Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
|
Bank details will be encrypted.
You probably just need to format.
|
Robbo
Member
Registered: 6th Aug 02
Location: London
User status: Offline
|
Try Spybot Natalie, Im sure I downloaded that on the computer once so u shud still have it
|
