1. adamshinoda

    OP adamshinoda GBAtemp Fan
    Member

    Joined:
    Apr 24, 2011
    Messages:
    300
    Country:
    I've just downloaded and installed a software called "Bandoo". It provides emoticons for Yahoo Messenger and MSN. After a few minutes, I don't like this, so I uninstalled and reboot my computer. Now my pc is messed up. Can't go to Google, can't go too Youtube, internet speed is slowed down, even gbatemp is slow as hell.
    How can I get rid of this "bandoo" thing ? [​IMG]

    It's getting worse and worse. Now I can't scroll down in a thread, just the first post is loaded. So plz shoot me a PM in the inbox [​IMG]
     
  2. bashscrazy

    bashscrazy GBAtemp Regular
    Member

    Joined:
    Mar 19, 2011
    Messages:
    118
    Country:
    Canada
    You can also try a system restore to an earlier date.
     
  3. Deleted User

    Deleted User Newbie

    Definitely malware.
    http://www.mywot.com/en/scorecard/bandoo.com

    Removal:
    Shows you how to remove rogues, but works for other viruses too (By me):

    http://www.youtube.com/watch?v=eGVWQgtCvtg

    Use combofix from bleepingcomputer.com, then download malwarbytes(you may need to rename the installer/setup to something like winlogon.exe to be

    able to run or install it) from malwarebytes.com or softpedia.com, then clean the rest of the virus with superantispyware and Hitman Pro 3.5 from

    softpedia.com/cnet.com and just in case you do have a rootkit on your system use GMER from majorgeek.com(Use gmer to scan and anything in red

    delete.)

    Future Protection use this wizard to recommend security protection for your system:

    http://www.techsupportalert.com/secwiz

    or go to safe mode and then do the above:


    To get into Safe Mode with Networking:

    1. Log out and reboot your machine.
    2. When the machine starts the reboot sequence, press the F8 key repeatedly.
    3. Select Safe Mode with Networking from the resulting menu.
     
  4. TheDreamLord

    TheDreamLord GBAtemp Advanced Fan
    Member

    Joined:
    Jun 8, 2011
    Messages:
    939
    Country:
    wtf o.o I have bandoo and i have no problems what so ever..... er maybe its not from the official site?
     
  5. Deleted User

    Deleted User Newbie

    http://www.mywot.com/en/scorecard/bandoo.com
    Run away. Run away real fast.
     
  6. adamshinoda

    OP adamshinoda GBAtemp Fan
    Member

    Joined:
    Apr 24, 2011
    Messages:
    300
    Country:
    It's a malware/ spyware, I've just found that after doing some quick look on Yahoo Answers (damn Google is blocked so I have to use Bing)
    Now I can scroll down the thread but it doesn't load immediately like normal, it takes about 10 or 20 seconds.
     
  7. adamshinoda

    OP adamshinoda GBAtemp Fan
    Member

    Joined:
    Apr 24, 2011
    Messages:
    300
    Country:
    Malwarebyte scanning completed. Here is the log:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    6/9/2011 4:04:51 AM
    mbam-log-2011-06-09 (04-04-37).txt

    Scan type: Quick scan
    Objects scanned: 141084
    Time elapsed: 13 minute(s), 46 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    c:\documents and settings\Admin\application data\fw-155000878.exe (Trojan.FakeMS.MGen) -> 604 -> No action taken.

    Memory Modules Infected:
    c:\documents and settings\Admin\application data\ntuser.dat (VirTool.Obfuscator) -> No action taken.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.FakeMS.MGen) -> Value: Microsoft Firewall 2.9 -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Admin\application data\fw-155000878.exe (Trojan.FakeMS.MGen) -> No action taken.
    c:\documents and settings\Admin\application data\ntuser.dat (VirTool.Obfuscator) -> No action taken.
    c:\documents and settings\admin\start menu\programs\startup\igfxtray.exe (Trojan.FakeMS.MGen) -> No action taken.
    c:\documents and settings\Admin\local settings\Temp\2377.tmp (Trojan.FakeMS.MGen) -> No action taken.

    Seems like no "bandoo" was scanned
     
  8. Rydian

    Rydian Resident Furvert™
    Member

    Joined:
    Feb 4, 2010
    Messages:
    27,880
    Country:
    United States
    *cough*THE-FUCKING-STICKY*cough*

    Given the log that looks like a separate infection you picked up from the web (since it deposited itself in application data). If it was bandoo itself it'd be in a more permanent location, and would likely not be picked up by malwarebytes or other scanners unless PuP scanning was turned on (since when installing some adware if you agree to the EULA you give them legal permission so they don't count as an infection even though they may be adware).

    For more info, read the sticky.
     
  9. adamshinoda

    OP adamshinoda GBAtemp Fan
    Member

    Joined:
    Apr 24, 2011
    Messages:
    300
    Country:
    My computer has been back to normal. Thanks a lot to tigris and Takeshi. And sorry Rydian, I was in a hurry then trying to fix my computer as soon as possible, so I didn't see that sticky one.
    The moderator can close this thread now [​IMG]
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - computer, malware, spyware