Home > Please Help > Please Help. I Have Been Infected By Tinyproxy.exe And Bolivar24.exe

Please Help. I Have Been Infected By Tinyproxy.exe And Bolivar24.exe

Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Completion time: 2008-11-14 9:30:01 - machine was rebooted [Brandi Perry] ComboFix-quarantined-files.txt 2008-11-14 15:29:58 ComboFix2.txt 2008-11-13 13:55:22 Pre-Run: 14,081,867,776 bytes free Post-Run: 14,029,561,856 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 Combofix wil restart your machine then it will produce a log afterwards. __________ One reason why you got infected is because you have no antivirus running onboard. http://ircdhelp.org/please-help/please-help-tinyproxy-exe.php

Register now to gain access to all of our features, it's FREE and only takes one minute. Click Continue at the disclaimer screen. Click the Remove button. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. a fantastic read

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. Please follow these steps to remove older version Java components.Click Start > Control Panel Click Add/Remove Programs Check any item with Java Runtime Environment (JRE or J2SE) in the name. C:\WINDOWS\fmark2.dat moved successfully.

Now that your problem appears to be resolved, this thread will be closed. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets Trace and Log Files Click OK on I managed to get atf cleaner and malwarebytes onto the computer via jump drive but i cannot update malwarebytes. This applies only to the original topic starter.

Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-01 218240] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop http://www.techsupportforum.com/forums/f100/tinyproxy-exe-malware-need-help-312503.html File/Folder C:\WINDOWS\f49f4daa.dat not found.

File C:\WINDOWS\pss\ not found. info.txt logfile of random's system information tool 1.04 2008-11-09 19:00:13 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe" -->rundll32.exe Hvor kjøper du? The application uses ports to connect to or from a LAN or the Internet.

Logfile of random's system information tool 1.04 (written by random/random) Run by Kevin Quaglia at 2008-11-09 19:07:07 Microsoft Windows XP Professional Service Pack 3 System drive C: has 27 GB (43%) Scan your computer with Trend Micro antivirus and delete files detected as WORM_BOLI.A. RecycleBin -> emptied. Viewpoint Viewpoint Manager Viewpoint Media Player *Open notepad.

They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. http://ircdhelp.org/please-help/please-help-infected-again.php If you uninstalled viewpoint, delete this folder: c:\documents and settings\All Users\Application Data\Viewpoint *I would like you to scan a file for me. Then download Java Runtime Environment 6u10, and install it to your computer.Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Score UserComments This could be a malware if you don't compiled it from sources.

  1. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer.
  2. Once located, select the file then press SHIFT+DELETE.
  3. Nedlastinger Partnere Om oss Norge Logg inn Kjøp nå Trend Micro produkter Velg: Produkter for forbrukere Produkter for SMB Produkter for storbe drifter Finn en forhandler Velg: Gratis prøveversjoner Få gratis
  4. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs.
  5. This means running a scan for malware, cleaning your hard drive using 1cleanmgr and 2sfc/scannow, 3uninstalling programs that you no longer need, checking for Autostart programs (using 4msconfig) and enabling Windows'
  6. Please include the C:\ComboFix.txt in your next reply. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating.

Is there something I need to do for this? On your next reply, please include akaspersky scan log combofix log __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. Thanks, RC DDS log: DDS (Version 1.0) - NTFSx86 Run by Brandi Perry at 11:19:00.15 on 2008-11-13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.197 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k Check This Out can't access any other antivirus websites...

Deleting the Malware File(s) Right-click Start then click Search... I've removed a few things from the startup list using msconfig and it seems a little better now. Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #3 asq84 asq84 Topic Starter Members 15 posts OFFLINE Local time:04:56 PM

If you are asked to reboot the machine choose Yes.================Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:Disable and Enable System

Local Service Temp folder emptied. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. Having no antivirus these days is an open invitation for malware to enter your system.

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk\ deleted successfully. You have a worm from facebook which modifies your proxy. this contact form Click here to Register a free account now!

A clean and tidy computer is the key requirement for avoiding PC trouble. It is still a little slow but I don't think that is because of the worm. We only require a report from it. Say hello!

c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Contents of the 'Scheduled Tasks' folder 2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] 2005-01-17 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1096313504.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] . . ------- It connects to Web sites. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Internet Service

Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended Scan Options:Scan Archives Scan Mail Bases Click OK Racoma SOLUTION Minimum scan engine version needed:8.500 Pattern file needed:5.645.00 Pattern release date:Nov 9, 2008 Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version Removing Other Malware Entries from the Registry This solution deletes/modifies registry keys/entries added/modified by this malware. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. A case like this could easily cost hundreds of thousands of dollars. Please re-enable javascript to access full functionality. Please post the results to your next reply. *Please turn off all your realtime protection programs like teatimer, adwatch (if they are on) because one of them is keeping on restoring

It redirects all search pages and sometimes will not load pages at all. Description: Tinyproxy.exe is not essential for Windows and will often cause problems. Populære produkter: Worry-Free Advanced OfficeScan Deep Security Endepunktkryptering Søk:Submit Home>Security Intelligence>Threat Encyclopedia>Malware>WORM_BOLI.AMalware Threat Encyclopedia Security IntelligenceSecurity NewsBusiness SecurityHome & Office SecurityCurrent Threat ActivityThreat Intelligence CenterDeep WebTargeted Attacks Enterprise Security Securing Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll (file missing)O2 - BHO: Viewpoint Toolbar

Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #19 Nyala Nyala Topic Starter Members 12 posts OFFLINE Local time:01:56 AM