Hi,

When ever I boot my pc having Windows xp home edi on it, there is a message window saying "“Surabaya in my birthday, Don’t kill me, I’m just send message from your computer........"

I have scanned my pc with Kaspersky Internet Security and AVG as well but they have found nothing at all despite updating both regularly. Some strange behavious has also been detected by me such as:

Double clicking the C Drive icon in my computer window does not open the C Drive but presents a windows asking me to open with a list of applications.

I can not see the "Options" listed on "Tools" menu any where and that is blocking me to enable the "show hidden files option" as well.

When I type Regedit command and run then it comes back an error message "Registry editing has been disabled by your administrator"

Someone please help me here, this is driving me nuts. Please give your suggestions in simple language as I am not that well trained in using pc.

Thanks...

Recommended Answers

All 11 Replies

Do you have SP2?

Run a scan with a program called Malwarebytes Anti Malyware

Yes, I have service pack 2 installed long time ago. and update later on as well. I am really frustrated please help me with the solution, thanks...

Can you try running the malwarebytes scan for me

Also you can you go to control panel -> admin tools -> services and ensure that Messenger and Alerter are set to disabled and are stopped.

Here is the link and instructions for Malwarebytes' Anti-Malware (MBA-M) as requested by jbennet

Download it to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with that log and a HiJackThis full system scan log.
Judy

I have used Malwarebytes' Anti-Malware the way you said I should after updating it and here is the log. Please have look and let me know as to what needs to be done. Thanks a lot.

Malwarebytes' Anti-Malware 1.31
Database version: 1469
Windows 5.1.2600 Service Pack 3

07/12/2008 15:45:14
mbam-log-2008-12-07 (15-45-07).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 115535
Time elapsed: 1 hour(s), 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (%1) Good: ("%1" /S) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

I have installed, updated and scanned with MalwareByte' Anti-Malware and here is the log. Thanks...

Malwarebytes' Anti-Malware 1.31
Database version: 1469
Windows 5.1.2600 Service Pack 3

07/12/2008 15:45:14
mbam-log-2008-12-07 (15-45-07).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 115535
Time elapsed: 1 hour(s), 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (%1) Good: ("%1" /S) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Can you please check those services i mentioned.

yes both the services are disabled and stopped...

I'm having the same problem in the computer at my office. Any update of news to remove the worm?

tech291083 - Can you pls follow update MBA-M, and then follow jhollands instructions.

P.S. - The latest update is 1.31 and database version 1529 or higher.

Thanks,

Cohen

tech291083 - Can you pls follow update MBA-M, and then follow jhollands instructions.

P.S. - The latest update is 1.31 and database version 1529 or higher.

Thanks,

Cohen

Cohen latest update is 1528 as of 6:30 p.m. EST, DEC. 21 in US.
Takuniku
You need to begin your own thread not post in somebody else's
Judy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.