Ares, eMule, Shareaza... Why can't I get rid of them????

Solved
Thread Status:
Not open for further replies.
  1. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    Okay.. I have been having this issue since early this morning.

    In my task manager (which is how I found out about these programs), I have running Ares 2.1.7.3041, eMule v0.50a, and Shareaza. I can not do an end task on them, I went and looked them up to uninstall them, they are not listed.. I can't bring them to the foreground to see what they are doing (unless I am rebooting the computer, they will show up for 2 seconds then close).

    After a lot of searching, I THINK I found them in my computer.. located in my public/appdata folder (they are the only 3 things in there).. I've deleted them, but was only able to delete them after I did a reboot and BEFORE they started which makes sense I guess.

    But 20 to 25 minutes after I delete them, they are reinstalled on my computer and start running again.

    I've done a Norton's virus check, nothing wrong. Currently running Malware and Antispyware to see if they find something.

    After some google searches, I've learned that all 3 of these are P2P programs, so doing some deeper digging into these folder I found that they are downloading illegal porn... I NEED THIS TO STOP so I don't get arrested lol.

    Anyway, help... please help me get rid of these.. Some google searchs say they are worms, some say they are trojan viruses, but since the actual program is a p2p legit program, I guess my virus scanner considers it safe..
  2. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    12:03
    My System
    Loading...

    Hello Radius :)

    It looks like you've got a need for PCHF Security. We have a tried and true method of successfully removing malware from a system.

    If you could, in advance of receiving assistance from the Security team, please closely follow the instruction found in [​IMG] and post back all requested logs. Someone from our trained and very experienced Security team will be along to review the logs and work with you to rid the system of any nasties that might be lurking in the dark corners of your Operating System. We appreciate your time!

    Access PreWork from either the button above or the RED PreWork link below. Post all logs back into this thread. We will move the thread to Security (with a redirect for you) for their review once we have the logs.
  3. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    Yup, I was running the prework last night, but wanted to get my post and problem up, just in case someone knew of this issue and knew how to attack it immediately.

    P.S. I did last night run Malwarebyte on my computer, it found 2 issues but crashed before it could finish, and now won't load. I'm going to wait for a response, before I uninstall and reinstall it to try again, unless the responses have better options.

    Also, so far they are still blocked from downloading off the internet, so that's a good thing.

    Attached Files:

  4. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    12:03
    My System
    Loading...

    Thanks for the logs :) Security will be with you as soon as possible.
  5. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    18:03
    My System
    Loading...

    Hello.
    Quiet a messy infection you've got there.

    Please download ComboFix [​IMG] from BleepingComputer.com

    Alternate link: GeeksToGo.com


    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  6. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    Thank you for the quick follow-up.

    I downloaded and ran combofix like you asked.

    Now whatever this did, deleted a lot of stuff which scared me a little bit.. but once it was done, eMule has now vanished from my task manager, but Ares and Shareaza are still there.

    Granted it may come back later, but crossing fingers.
  7. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    18:03
    My System
    Loading...

    Hello.
    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the quotebox below into it:
      Code:
      Folder::
      c:\program files\Shareaza Removal Tool [1]
      c:\program files\Free Offers from Freeze.com
      
      Registry::
      [-HKLM\~\startupfolder\C:^Users^Kevin Schupp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^{45BCC625-6785-4f11-83C4-AC35F3E88934}.lnk]
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fqosapa]
      
    4. Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    5. Referring to the picture above, drag CFScript into ComboFix.exe
    6. When finished, it shall produce a log for you at C:\ComboFix.txt
    7. Please post the contents of the log in your next reply.
  8. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    Okay did what you asked.

    I also turned off the norton 360 firewall just to make sure nothing interferes.
  9. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    I'd like to add, I checked my task manager today and noticed that they are not running in the background currently. They are still installed on my computer though, I haven't touched them because whatever you are having me do seems to be working lol.

    Also, not sure if this is related, but now whenever I try and view webpages.. email, facebook, ddo forums, etc I keep getting syntax errors and the page doesn't load completely or loads but none of the buttons work.. this might not be related, but it started after I started these programs (probably some add-on was deleted and the webpages are still trying to run it I bet). Just wanted to add this, incase it's a symptom to address.
  10. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    18:03
    My System
    Loading...

    Hello.

    Run ESET Online Scan
    Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
    • Check (tick) this box: YES, I accept the Terms of Use.
    • Click on the Start button next to it.
    • When prompted to run ActiveX. click Yes.
    • You will be asked to install an ActiveX. Click Install.
    • Once installed, the scanner will be initialized.
    • After the scanner is initialized, click Start.
    • Check (tick) Remove found threats box.
    • Check (tick) Scan unwanted applications.
    • Click on Scan.
    • It will start scanning. Please be patient.
    • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  11. radius

    radius Member Bronze Member

    Joined:
    Nov 20, 2011
    Posts:
    85
    Likes Received:
    1
    Local time:
    13:03
    My System
    Loading...

    Okay file attached.

    It took 7 hours to complete, and found and cleaned 12 files.

    Happy Thanksgiving
  12. Belahzur

    Belahzur Banned

    Joined:
    May 19, 2010
    Posts:
    2,279
    Likes Received:
    102
    Local time:
    18:03
    My System
    Loading...

    I'm UK so we don't celebrate that :p

    Congratulations!! Your PC is all clean! :D

    To uninstall ComboFix


    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall

    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)


    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
    =========



    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      :Commands
      [emptytemp]
      [emptyflash]
      [clearallrestorepoints]
      [reboot]

      Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    ======

    Remove OTL:

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.

    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    =======

    Download Security Check by screen317 and save it to your Desktop.
    • Double-click Security Check.exe to start the application
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
    =======

    There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

    For some helpful tips regarding why you were infected in the first place, what you can do to keep this from happening again, and routine basic maintenance you should be performing on your PC to keep it running, you may wish to review the following threads:

    So, you want to keep this from happening again?
    How Did I Get Infected?
    [​IMG]

    In your next reply:

    Please confirm removal of the tools
    Post the SecurityCheck log
  13. DCiAdmin

    DCiAdmin Here to Help!

    Joined:
    Sep 30, 2008
    Posts:
    16,759
    Likes Received:
    1,707
    Location:
    Heart of the US Midwest
    Local time:
    12:03
    My System
    Loading...

    A very Happy Thanksgiving to you also, Radius :)

    Enjoy the family time and great food!
Similar Threads
Forum Title Date
System Security Ares and Emule running and can't delete them Nov 16, 2012
System Security ares 2.1.7 emule and shareaza persist Dec 28, 2011
System Security emule shareaza ares Oct 9, 2011
System Security Stopzilla and smart malwares Oct 1, 2011

Thread Status:
Not open for further replies.