Bitcomet virus!

Learn about Computer Security Virus/Malware Removal Assistance
#1

I need to know if anyone is experiencing the same problem as I? Bitcomet seems to have, or attract, a virus by the name “Heur.Suspicious[at]814132901” which Comodo seems to detect and quarantine just fine but when I do a scan the virus shows up sometimes, and sometimes not. I also have to mention that bitcomet was downloaded from bitcomet.com! It seems to be very well entrenched in my system and I need to know how to rid myself of it for once and for all!! Oh ya! Did I mention that last weekend we were trying to watch the pacman vs cotto tittle match on justintv. Well, anyone that is familiar with justintv knows that when the channel you are watching the fight on goes down there is a chat box next to the screen where people give links to the next working channel. Well the channel we were watching went down and in my/our exitement and eagerness to watch the fight I clicked a link that sent me to a page displaying 3 old pervs gettin’ it on in a shower. I then tried to exit and close the page to no avail. A little window then popped up and displayed a message that said “someone has ■■■■■■■ you” and to put it in better words I replaced the profanity with the word “■■■■■■■”, but you get my meaning! Since this attack my computer has crashed 4 times and each time I can restore with Comodo but I don’t know if this itself is good or bad. To say the least it was all quite disturbing and I need help please, PLEASE, please! I think it is either bitcomet or the result of last weekend’s" old perv" attack! Thanks in advance!!! Peace!!! P.S. When I google the virus name nothin’ at all comes up.

#2

LOL!! its obv your “perv attack” Run malwarebytes and superantispyware free versions and see what they come up with.

#3

The bitcomet virus may be a false positive. Check out this topic: Comodo Forum .

As for the other problem follow What to do if you’re infected - eXPerience Rev.3.

#4

Thank You!

#5

I feel so stupid for having to report that in my frenzy to rid my "puter of what now turns out not to be a virus I think it is totally ■■■■■■■ it now. I tried to follow the instructions from your link but when it came to the trend micro report I got lost and do not know how to get it from my desktop to your forum. As of about a week ago I have not been able to access internet options and this has me worried that I may still be infected, even though bit defender, superantispyware, comodo and malwarebytes now all detect nothing, because I hear that this could be an indication of a serious infection/takeover. I must say the suspicion of being infected began when I noticed, in the taskbar lower righthand corner, two wireless connection icons where there use to be only one and if you know the icon I speak of, the little “desktop monitor” icon, well the new icon is a double monitor. Any ideas? Also, I am running windows xp proffesional!

#6

To show the result of the Hijack This scanlet HIT scan and make a report. Simply use copy paste to get the scan results here at the forum.

#7

If you can’t access internet options, reset Internet Explorer or run the repair tool. That may fix it.

#8

What do you mean with resetting IE? What repair tool do you mean?

#9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:43 PM, on 11/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=
O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM..\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKUS\S-1-5-20..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” (User ‘Default user’)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: [at]xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip..{263257B5-84E5-43B2-8843-ED2AD800FAAB}: NameServer = 192.168.0.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


End of file - 4087 bytes! Hope this is what you asked for my Friend! Also, does now having two wireless connection icons normal when I’ve always only had one? I wish I knew how to secure my connection as I have to use it unsecured!

#10

The IE repair tool and IE can also be reset to default settings. If you can’t get to Internet options through either the browser or control panel you can always uninstall and reinstall IE8.

#11

Bump!! Am I supposed to delete the red highlights???

#12
Am I supposed to delete the red highlights???
No sir :)

The only thing I see is this
F3 - REG:win.ini: run= <-----delete this, remember you’ll have a backup copy just in case :slight_smile:

On the Hijack this

  1. go to “open the misc tools section” and click on it
  2. click on “open ads spy”
  3. remove the check mark for “quick scan (windows base folder only)”
  4. display logfile here (if any)
does now having two wireless connection icons normal
I would follow the step here, to find out more on the wireless connections http://oit.pdx.edu/use-windows-to-manage-wireless when you get to step 5 , click on "view wireless connections"

If this don’t answer your question, at least your in the right area.
P.S. at least use (wep encryption key or wpa if it supports it) think of it as a password to access your wireless network

#13 
                                                                                                                                     C:\Documents and Settings\All Users\Application Data\TEMP : B3D74A13  (120 bytes)

C:\Documents and Settings\All Users\Application Data\TEMP : D1B5B4F1 (170 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : ECF54A0E (162 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : B3D74A13 (120 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : D1B5B4F1 (170 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : ECF54A0E (162 bytes)
C:\Documents and Settings\Hotel\Favorites\Download BitComet - A free C++ BitTorrent-HTTP-FTP Download Client.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\Download pci audio driver.url : favicon (1406 bytes)
C:\Documents and Settings\Hotel\Favorites\FotoFlexer.url : favicon (1406 bytes)
C:\Documents and Settings\Hotel\Favorites\Home - Point Carbon.url : favicon (894 bytes)
C:\Documents and Settings\Hotel\Favorites\http–www.qp.gov.sk.ca-documents-English-Statutes-Statutes-C30-1.pdf.url : favicon (5694 bytes)
C:\Documents and Settings\Hotel\Favorites\http–www.qp.gov.sk.ca-documents-English-Statutes-Statutes-S1.pdf.url : favicon (5694 bytes)
C:\Documents and Settings\Hotel\Favorites\Satellite and FTA Forums - FTA Forum and Resources.url : favicon (10134 bytes)
C:\Documents and Settings\Hotel\Favorites\SatNow Free-to-Air Forums - Powered by vBulletin.url : favicon (17542 bytes)
C:\Documents and Settings\Hotel\Favorites\Showtime - Boxing MMA.url : favicon (726 bytes)
C:\Documents and Settings\Hotel\Favorites\Video Movies - TPB.url : favicon (824 bytes)
C:\Documents and Settings\Hotel\Favorites\Windows XP Professional SP2 (download torrent) - TPB.url : favicon (824 bytes)
C:\Documents and Settings\Hotel\Favorites\WINDOWS XP SP3 2009 ULTRA EDITION (download torrent) - TPB.url : favicon (824 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - 10 In A Bed.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - B.I.N.G.O…url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - Baa Baa Black Sheep-Youtube Channel Anamorphic.mp4.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - Nursery Rhymes - Five Little Ducks.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - Rain, Rain, Go Away!.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - There Was An Old Lady.url : favicon (1150 bytes)
C:\Documents and Settings\Hotel\Favorites\YouTube - This Old Man.url : favicon (1150 bytes) Thank You My Friend!! I hope I am doing everything properly?

#14

If you still think that you may be infected you can do a scan with HitMan Pro.
Although I don’t think it can remove infections it has superb detection and is very fast.

It is a cloud scanner that scans using G Data, NOD32, Avira AntiVir, Prevx, and a-squared. I’d give it a shot. If it doesn’t find anything then you’re probably clean and simply need to change some settings.