is this a virus? vbc.exe?

Maxheadroom · 26 Sep 2012

ok thanks

Jacee · 26 Sep 2012

Max, yes you are in fected ... read about the infection here: Generic.bfr!09E9EAAFB04E | Virus Profile & Definition | McAfee Inc.

You are going to have to use a known 'clean' computer to change all your passwords. Do not use the infected one.

Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

After rebooting, let's flush the bad DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. *Your computer will reboot itself*.

Now, I'd like you to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Maxheadroom · 26 Sep 2012

thank you Jacee i will do this asap, can i just ask
you mention changing my passwords does it matter if the clean computer is networked and do i need to change all my passwords as this virus may have copied them?

Layback Bear · 26 Sep 2012

Thank you Jacce for coming to the rescue. I will watch and learn.

Jacee · 26 Sep 2012

Maxheadroom said:

thank you Jacee i will do this asap, can i just ask
you mention changing my passwords does it matter if the clean computer is networked and do i need to change all my passwords as this virus may have copied them?

You have a 'trojan' ... it's better to change all passwords that may have been compromised, rather than be sorry later.
If the 'networked' computer is clean, then you can use it.

Maxheadroom · 27 Sep 2012

C:\Users\KandC\Downloads\SoftonicDownloader_for_windows-live-movie-maker.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantine

F:\FireFox\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined

J:\Audio\audio.rar probably a variant of Win32/TrojanProxy.Agent.IIIVZSY trojan deleted - quarantined

J:\Galaxy S2\Rom Flashing\Roms\DlevROM2_3.0_KI4.zip multiple threats deleted - quarantined

J:\Galaxy S2\Rom Flashing\Roms\DlevROM2_3.1_KI4(1).zip Android/MTracker.A application deleted - quarantined

J:\Galaxy S2\Rom Flashing\Roms\Hyperdroid_Androidmeda-XDXD9-signed.zip a variant of Android/MTracker.A application deleted - quarantined

J:\Galaxy S2\Rom Flashing\Roms\DlevROM 1.3\DlevROM2_1.3.zip Android/MTracker.A application deleted - quarantined

J:\Galaxy S2\Rom Flashing\SuperOneClickv1.9.5\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined

J:\STUFF\GAZ'S\from desktop\Rom Flashing\DlevROM 1.3\DlevROM2_1.3.zip Android/MTracker.A application deleted - quarantined

J:\STUFF\GAZ'S\from desktop\Rom Flashing\SuperOneClickv1.9.5\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined

Maxheadroom · 27 Sep 2012

after i restarted the pc theres no more MSE warnings and no dodgy looking files in the temp folder, thank you Jacee looks like its gone.

Do you class ESET/nod32 as a better virus scanner than MSE and is it possible to use both or not necessary?

Jacee · 27 Sep 2012

Keep MSE, but every once in a while scan with ESET online scanner!

Make a clean/fresh restore point now: Turn off System Restore, reboot, now turn on System Restore System Restore - Enable or Disable

All old restore points will be cleared out, so you don't have the chance of going back to an infected point. :)

Maxheadroom · 29 Sep 2012

thanks for the help Jacee