Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Time/Date virus

Posted on 2008-06-10
16
Medium Priority
?
2,154 Views
Last Modified: 2013-11-22
i am using a windows XP SP2 Pro PC which used to have hundreds of infections, all but one remains:
the time/date bar in the lower right hand area of my task bar displays 24 hour time then "VIRUS ALERT!" afterwards. i have tried multiple virus scans and cannot get rid of it. anyone able to help? also the "all Programs" "Logoff" and "restart" buttons in my start menu are missing.
expertex.bmp
0
Comment
Question by:beefstu123
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 1

Accepted Solution

by:
RiggedyT earned 600 total points
ID: 21756734
Hi there, I googled a bit into this error and it seems to be a type of malware indeed, the Zlob media codec malware to be exact. I found a link that explains a bit further into this error, and if you are comfortable editing the registry you should be able to fix it. Here is the link:

http://miekiemoes.blogspot.com/2008/05/virus-alert-in-clock-and-how-to-restore.html
0
 
LVL 22

Assisted Solution

by:orangutang
orangutang earned 200 total points
ID: 21756744
0
 
LVL 2

Author Comment

by:beefstu123
ID: 21756783
im editing the registry at the moment, thanx for the info :) also, here are both the scans u asked for
log.txt
hijackthis-TC.log
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21756799
how is it going?

Running smitfraudfix Option 2 should clear the infection and fix the reg entries modified by the virus.
http://siri.geekstogo.com/SmitfraudFix.php
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 200 total points
ID: 21756820
You might like to run SDFix as your Hijackthis log is showing SDBot entries.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and attach the contents of the results file "Report.txt" back
0
 
LVL 2

Author Comment

by:beefstu123
ID: 21756822

great news :D the virus alert msgs are gone, even before i finished the registry work. im still doing a few more tests with the info given, but so far it looks very good. thanx again for ur help
0
 
LVL 2

Author Comment

by:beefstu123
ID: 21756870
All done :) thankyou RiggedyT very much for that link, quite easy to understand and perform. the Virus Alert msgs are now gone.

thnx rpggamergirl for the info, im doin some extra scans now :)

thank you orangutang for ur input, much appreciated :)
0
 
LVL 1

Expert Comment

by:RiggedyT
ID: 21756884
Hey, no problem, it seems like quite the intrusive malware, lol.
Glad you were able to solve it!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21756889
OR:
You could also just let combofix remove these bad entries maybe it's all that's needed
Was Combofix run last?

1. Open Notepad.

2. Now copy/paste the text between the lines below into the Notepad window:

------------------------------------------------------------------------
File::
C:\Program Files\NetProject\sbmdl.dll

Folder::
C:\Program Files\NetProject
C:\Documents and Settings\User\Application Data\TmpRecentIcons
C:\Documents and Settings\User\Application Data\shc3v4j0e96n
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Coop\Application Data\shc3v4j0e96n
C:\WINDOWS\system32\lphc5v4j0e96n.exe
C:\WINDOWS\system32\phc5v4j0e96n.bmp
C:\WINDOWS\system32\blphc5v4j0e96n.scr
C:\WINDOWS\eobp.exe
C:\Uninstall.lnk

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-            
[-HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

------------------------------------------------------------------------

3. Save the above as CFScript.txt on your desktop.

4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.



0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21756900
You closed the question already, :)
Combofix still need to remove those folders and reg entries.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21756910
For safety reason, when you're done with combofix please uninstall it.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

0
 
LVL 2

Author Comment

by:beefstu123
ID: 21756924
ok i'll do that now :) thanx Rpggamergirl.

just a quick unrelated question, wat RPG's are u into?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21756954
I haven't played any in a long time because when I start I CAN'T seem to stop.
FF series, Zelda series, Dark Cloud series, Grandia, Wild Arms III etc, lol.
0
 
LVL 2

Author Comment

by:beefstu123
ID: 21764928
nice :) i remeber playin some the original Zelda games on snes and gameboy lol. Final Fantasy :D brilliant games, i know a mate wh still works on completely finishing FF 7 on playstation lol
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21765018
FF7 is the best in the series IMO and also FF9. I spent time in just upping my levels so my character was really strong during battles with the bosses.
Zelda OoT in N64 was the one that I needed help/guide, that was hard for me, I kept falling off at anything I'm on, stayed up late playing that game till1am and woke up at 5am to continue. I think I must've thrown the controller twice playing that game, lol.
0
 
LVL 2

Author Comment

by:beefstu123
ID: 21766185
lol i know wat u mean :) i've gotten into World of Warcraft lately, i played it for most of the loing weekend we had recently, some mates and i have been online 14 hours straight, then sleep, then more WoW. but ya gotta go outside too  lol. yeah, ive thrown quite a few controllers too :p
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question