Getting These Error Messages - HELP

[SuperBusa]

I think I got some spyware on my machine today that turned off my firewall and things went south fast. My spyware found two Trojan horses and I cleaned them up - did all the scanning and cleaning with the modem off, so was not on the internet at that time.

I forgot to check to see the status of my firewall and it was apparently set to off when I got back on the internet. My spyware software was giving me all these messages of dangerous websites trying to connect ... I shut the modem off after all this [censored] started popping up (video adds, etc), so apparently some nasty stuff downloaded on the computer - happened so fast I couldn't do jack about it. I did both spyware and virus scans and found nothing - which I thought was strange that nothing showed up.

But, now I get these constant (about every 5 seconds) error messages popping up on my screen for Windows XP.

ctfmon: Unspecified Error
and
ctfmon: Access violation at address 004555A7 in module 'ctfmon.exe'. Read of address 00000000.

servicelayer: Unspecified Error
and
servicelayer: Access violation at address 00455A13 in module 'servivelayer.exe'. Read of address 00000000.

lsass: Unspecified Error
and
lsass: Access violation at address 99454927 in module 'lsass.exe'. Read of address 00000000.

Everything seems to be working, but these error message boxes keep popping up right after I boot up and even if I do nothing with the computer after boot-up.

Does anyone have any ideas on this ... any computer gurus on the board? I’ve had to rebuild a HD from scratch a few years ago from a HD failure … it’s NOT fun.

PS – if you ever think some sypware or a virus downloaded on your machine, make sure to check your firewall settings as they seem to set the firewall to off so your whole machine can get attacked. I should have remembered this, but didn’t … now I’m honked up.

 

[Bill in Utah]

Download Malware get it here and install it.

Then reboot into safe mode (F8) and run it. Let it scan FULL.

See if that helps. It has for my Daughters computers when its been attacked..

Good luck! Bill

 

[SuperBusa]

Bill - thanks for the info. Will try your suggestion.

What do you think of this Register fix software (RegCure)?

http://microsoft.pcerror.info/Error_Gene...CFSIjagodARezig

I downloaded it and scanned my machine and it showed a bunch of errors found. You have to register it to get the license key to have it fix the problems. Looks like registration is free. Might try this also.

 

[SuperBusa]

So I'm staying up way too late trying to fix this messed up computer ... but when I'm on a mission I won't stop.

So I installed the Malware that Bill in Utah suggested above (THANKS BILL!

) and ran it like he suggested. It took almost an hour to scan, and came up with 21 infected objects. Here is a short summary below - notice that ctfmon.exe, lsass.exe, and servicelayer.exe were infected. These were associated with the pop-up warning boxes that I talked about in my initial post. They are now gone and all seems back to normal.

--------------------------------
Files Infected:
C:\WINDOWS\Temp\5_odbn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINDOWS\servicelayer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
--------------------------------

All infections were removed successfully ... that Malware works wonders!

BTW - Webroot's Spy Sweeper didn't pick any of the above Trojans, etc up. It did pick up a couple previously, but non that the Malware software found.

Again - don't ever let your firewall get turned off by some malware, virus, spyware, etc ... as it will take about 10~15 seconds before something is trying to take over your computer. It's totally insane how bad the internet is full of sychos trying to mess you up.

Not sure if I will try the RegCure software or not. If it works as good as this Malware software it might also fix some things that will help the machine be safer and run better.

Has anyone used that RegCure software that I linked to in a post above?

 

[SuperBusa]

Noticed this in the Malware log also ... notice that in the Registry the antivirus and firewall disabled notification was turned off so you wouldn't know it happened.

As I mentioned before - and I WILL NOT forget it again - if your computer is infected somehow, it will probably try to disable your antivirus software and turn off your firewall to open you up big time for major attacks.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

[TooManyWheels]

What protection package were you using?

 

[Bill in Utah]

Originally Posted By: SuperBusa

So I installed the Malware that Bill in Utah suggested above (THANKS BILL!

) and ran it like he suggested. It took almost an hour to scan, and came up with 21 infected objects.



Contrary to public opinion here, I do know a FEW things....

(of course, NOTHING about oil

)

GLAD to hear that all is well.

Happy New Year!
Bill

 

[Bill in Utah]

Originally Posted By: SuperBusa
Bill - thanks for the info. Will try your suggestion.

What do you think of this Register fix software (RegCure)?

http://microsoft.pcerror.info/Error_Gene...CFSIjagodARezig

I downloaded it and scanned my machine and it showed a bunch of errors found. You have to register it to get the license key to have it fix the problems. Looks like registration is free. Might try this also.



Never tried it so no idea.

I've used the Malware and had excellent results. It finds A LOT of stuff that others pass by.

Been trying Microsoft Security Essentials and so far impressed. Free also. Get it here

Avast is my other favorite. I like things that are simple, do not take up resources and free.

Take care, Bill

 

[Rand]

time for some new software..

I'd change to avast + windows defender (I used it for 4 years)

or microsoft security essentials (just switched to this)


all free.

also continue to run malwarebytes biweekly.

also i'd skip the registry fixer they are usually gimmicks that find.. something like a missing shortcut file or something similar then scream 10030032 problems found you need to buy my software now!!!


you can run the auslogics software for free.

they have a defragger, a registry optimizer and a registry cleaner/fixer among other things

http://www.auslogics.com/en/software/registry-cleaner

It got 5 stars

..if you were looking for registry cleaners, you can stop right here; this free registry cleaner is all you need to fix and repair registry errors, something that other programs will only do for $30 or more...

XPress PC Magazine

 

[SuperBusa]

Originally Posted By: TooManyWheels
What protection package were you using?


I'm using what my internet provider has for MSN members. Webroot Spy Sweeper and McAfee anitvirus. Both are updated daily and ran often and have real time monitoring features.

If I'm not mistaken, Malware seems to be in a slightly different catagory than spyware (?). Mabye that is why Webroot didn't catch this. Webroot did however pop up all kinds of warning messages that dangerous websites were tyring (and did!) connect.

Somehow, some trojan s/w got on my machine and disabled my firewall ... then it was all a losing battle from there. In a matter of 2 or 3 minutes, you get attacked if your firewall is disabled.

 

[SuperBusa]

Bill & Rand -- I will checkout the other applications you have referenced. They sound very good. Time to beef up the wall around this computer some more.

 

[SuperBusa]

Originally Posted By: Rand

also i'd skip the registry fixer they are usually gimmicks that find.. something like a missing shortcut file or something similar then scream 10030032 problems found you need to buy my software now!!!

you can run the auslogics software for free.

they have a defragger, a registry optimizer and a registry cleaner/fixer among other things

http://www.auslogics.com/en/software/registry-cleaner

It got 5 stars


You are right that RegCure did have many instances of problems after a full scan (~2500 issues), and most of them were stupid things like missing links, etc, etc.

Hard to say if it would do a decent job of fixing everything it thinks needs it ... and I think it is free to get the use license "key" by simply registering it. But if I can do better with what you and Bill have suggested, then I'll probably just uninstall RegCure (it does have an uninstall feature).

 

[SuperBusa]

Originally Posted By: SuperBusa
But if I can do better with what you and Bill have suggested, then I'll probably just uninstall RegCure (it does have an uninstall feature).


I mis-spoke ... RegCure does not have an uninstall program, but I should be able to uninstall it in Control Panel > Add or Remove Programs.

 

[Mamala Bay]

Originally Posted By: SuperBusa
Originally Posted By: SuperBusa
But if I can do better with what you and Bill have suggested, then I'll probably just uninstall RegCure (it does have an uninstall feature).


I mis-spoke ... RegCure does not have an uninstall program, but I should be able to uninstall it in Control Panel > Add or Remove Programs.



Revo Uninstaller

 

[Rand]

i see alot of computers getting bad stuff lately while using mcafee

also spyware is a category of the general term malware.

malware mal=bad

they are used somewhat interchangeably

 

[SuperBusa]

I have a question on some entries in my SpySweeper log (shown below). When I boot up and have the modem on, I sometimes get warning messages from SpySweeper that access has been blocked from certain websites.

Are these websites trying to connect to my machine as soon as they see me connected to the internet. This happens before I ever open IE or Firefox ... just if I have the modem on. Is this stemming from my machine, or is this action being taken by these websites? Seems this is happening now since I had my security breach ... so I'm wondering if they try to pick on computers that they know might be weak?

The Internet Communication shield has blocked access to:
D45648675.CN
68.169.70.240
76.9.16.156
AUTOUPLOADERS.NET
CAFEBARPLAZA.CN
WENNE.BIZ
D45648675.CN
ERSTESDES.ORG
68.169.70.240
FINDYOURLINK.NET
GREATINSTANT.NET
TRENUBLO.COM

Some of these sites you could see were trying every second for 5~8 tries in a row to connect.

A lot of those showed up when I happened to connect to the internet after not knowing my firewall was turned off by the malware.

After I fixed my computer with the "Malwarebytes' Anti-Malware", only one or two of those try to connect again.

 

[OVERKILL]

Sounds like you sir, have Malware! Congratulations

Try a scan with A-Squared.

 

[SuperBusa]

Originally Posted By: OVERK1LL
Sounds like you sir, have Malware! Congratulations

Try a scan with A-Squared.


If so, then apparently "Malwarebytes' Anti-Malware" is not finding it. You think I still have some malware on my machine? "Malwarebytes' Anti-Malware" did find and fix my original problem as I discussed in my first post in this thread.

Got a link to A-Squared? ... never heard of it.

 

[SuperBusa]

Originally Posted By: Mamala Bay
Originally Posted By: SuperBusa
Originally Posted By: SuperBusa
But if I can do better with what you and Bill have suggested, then I'll probably just uninstall RegCure (it does have an uninstall feature).


I mis-spoke ... RegCure does not have an uninstall program, but I should be able to uninstall it in Control Panel > Add or Remove Programs.

Revo Uninstaller


Revo-Uninstaller looks like a winner. Going to download this and install on my machine. Thanks for the info!

 

[OVERKILL]

Originally Posted By: SuperBusa
Originally Posted By: OVERK1LL
Sounds like you sir, have Malware! Congratulations

Try a scan with A-Squared.


If so, then apparently "Malwarebytes' Anti-Malware" is not finding it. You think I still have some malware on my machine? "Malwarebytes' Anti-Malware" did find and fix my original problem as I discussed in my first post in this thread.

Got a link to A-Squared? ... never heard of it.


http://www.emsisoft.com/en/software/free/

There you go sir!