It is Nice Ware! Opera Gold Soft version 2011

Viruses and worms
1

This outfit seems to generate hm*.exe files which are trojans. anyone know anything about how to get rid of them?

2

I need help on this my self, thought I would add a post to show more than one person needs help.

I have been googling and searching for freeware to no avail and McAfee does not spot it.

I also checked it out on hxxp://www.virustotal.com and searched for “It is Nice Ware Opera Gold Soft version 2011” but I can’t make heads or tales of it, so much so that I don’t know how relevant it is.

Besides having to buy a new AV package can anyone help. PLEASE!!!

Mod: Changed http to hxxp, Im not very computer literate so sorry for that.

3

Did you submit the url to Virus Total and if so, can you please post the results? Thank you.

4

No, I only ran a search for It is Nice Ware Opera Gold Soft version 2011.

I wanted to see if they had anything about it and if you go there and search yourself you might make sense out of it.

One of virustotals users classes it as a “non-harmfull” Trojan and Backdoor program - hxxp://bugbopper.com/md5lookup.asp?md5=5a93e050b67ee00cea83740757a9c206]http://bugbopper.com/md5lookup.asp?md5=5a93e050b67ee00cea83740757a9c206

Mod: Changed http to hxxp, Im not very computer literate so sorry for that. 2nd Mod: The above hxxp is not the malware url, bugbopperguy is a virustotal member.

5

Please do not post potential links that could be malware on the forum…change the http to hXXp please. Thank you.

6

You can run the link (actual url) through the following scanners and report back:

Virus Total: http://www.virustotal.com/
URL Void: http://www.urlvoid.com/
NoVirusThanks: http://scanner.novirusthanks.org/
Unmask Parasites: http://www.unmaskparasites.com/security-report/?page=servepics.com
Anubis: http://anubis.iseclab.org/?action=home

Thank you.

7

Oops, that wasn’t a link to the malware, it was a link to one of virustotals users called BugBopperGuy.

The “It is Nice Ware Opera Gold Soft version 2011” malware is already on my computer, thas why I need help.

8

I’m sorry that no one helped you while I was away.

I need some information from you first:

  1. What is your OS, 32 or 64-bit?
  2. What version of Avast did you install? 5.0.677 is the current version.
  3. What product of Avast did you install? Free, Pro, AIS?
  4. What other security software do you currently have or did you have in the past on this machine including antivirus (AV), firewall (FW), and other security programs, including trial versions?
  • If they were in the past, how did you remove them (the vendor’s uninstaller’s tool or another way)?

Are you running both Avast and Mcaffee? Anything else?

Have you run any scans with Avast? If so, is anything in the Virus Chest? Please give a screen shot if possible.

Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.

9

My OS is Windows 7 HP, 64-bit.

Avast not installed, I found this site through google after typing the name of the program Im having trouble and a link to this thread was a search result.

McAfee is my only security program, the firwall is the windows 7 default firewall I think. I have not used any other fire wall, And by the way I have only had home internet access for about 3 days no so alot of this stuff is new to me.

Downloading Malwarebytesa, following your instructions, 14 objects found, quarantining and report is as follows:

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 5128

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/11/2010 16:46:31
mbam-log-2010-11-16 (16-46-31).txt

Scan type: Quick scan
Objects scanned: 155324
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FraudPack) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FakeAlert) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\sshnas21.dll (Trojan.FraudPack) → Quarantined and deleted successfully.
C:$Recycle.Bin\S-1-5-21-792975953-2777179533-2835648044-1000$RVAZQET.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
C:\Users"username"\AppData\Local\Temp\Nw2221.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
C:\Users"username"\AppData\Local\Temp\Nw2222.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
C:\Users"username"\AppData\Local\Temp\Nw2223.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
C:\Users"username"\AppData\Local\Temp\Nwz2224.exe (Trojan.FraudPack) → Quarantined and deleted successfully.
C:\Windows\Tasks{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Windows\Tasks{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) → Quarantined and deleted successfully.
C:\Windows\Tasks{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) → Quarantined and deleted successfully.

(End Log)

Please note that I replaced my real user name with “username”.

Also, I have recently not been having any problems with the “It is Nice Ware! Opera Gold Soft version 2011”, maybe it’s just playing hide and seek.

10

Is this a new machine? Did it have a trial version of antivirus on it prior to you putting McAfee IS on it? The reason I’m asking is because even remnants of an existing antivirus (AV) will cause conflicts and problems with your machine. But it is obvious that you have significant malware from your MBAM log.

I am not familiar with McAfee IS, but from the looks of the amount of malware you got in 3 days, it doesn’t look like McAfee is doing a good job. :o Have you considered perhaps changing to Avast. We have a Free version as well as paid (Pro antivirus) and Internet Security (AIS)? Here is the comparission of the products: http://www.avast.com/comparison-chart. You can always layer your protection with MBAM on-demand and Windows7 firewall is fine and other free products that we can recommend. Just something to think about.

In the meantime, I would suggest for your malware problem:

  1. Update MBAM again (you always need to update prior to running a scan) and run a FULL scan. Quarantine any infections and if any infections come up, post another log.

  2. Double check your Action Center in your machine to make sure that it “sees” that you have an antivirus and firewall “on.”

  3. Make sure your MS Updates are current.

  4. Make sure your software is current by downloading free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/. This is something that many of us scan our machines with weekly since software is changing so rapidly. This link will give you a direct download to the vendor making it easy for you to patch your software.

  5. Is your machine acting normally now? If not, please describe the problem.

Let me know if you have any questions. Thank you.

11

  1. No Malware wares detected in full scan (after update)

  2. Action Centre>Firewall is on.

  3. MS. Updates are current.

  4. Downloaded Secunia, ran scan and got 5 threats, 2 at Level 5, 1 at level 3, 1 at level 1 and 1 at zero.

     4 of the 5 threats are Adobe releated, 1 was for Quicktime.
 All but two threats sorted so far. I'm dealing with the others now (at time of posting)

  5. Machine seems okay, still seems a bit slower than usual at times, but I’ll give it time.

I have to say I do seem a bit more at ease now and thank you for you’re support.

I’m going to clear my computer of every unwanated/needed app and then probally do a disk defrag scan. Then run malware and secunia scans again and if all looks godd I will create a recovery backup. If i’m doing anything wrong or ot needed let me know.

12

Wonder where the OP went to…

13

@ Dane Strife,

I’d say you’re doing a great job so far. You just needed a little guidance and that is what we are here for. :wink:

Do you use a cleaner for your machine? Something that many of us use here is CCleaner, a freeware system optimization, privacy and cleaning tool. There is a Slim version available as well at http://www.piriform.com/ccleaner/builds - 4th option down. It removes unused files (cache, temporary Internet files, etc.) from your system allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner (I suggest making a back up in Documents for a week as a “just in case”).

You may also want to try to figure out how you got infected in the first place to avoid this happening again. Keep me posted.

@ scythe944,

No clue. ::slight_smile:

14

Hello, I am posting here because I have a much similar problem with a similar malware. There is a program running on my system under the description “It is gold soft version 2011” under the image names “pfa.exe”, “pfe.exe” and another. I posted here because when I Google’d the description, this was the only relevant site I found. Anyway, I think the program came on my computer 3 or 4 days ago. What it does is load pop-ups with ads to known companies. The problem, aside from it being annoying and unwanted, is that it opens the ads in Internet Explorer (I use FireFox) and can take up to 50mb of my memory. Every time I end the process(es) in my task manager, they reappear shortly thereafter and up to three different image names with the description can be open at one time. McAfee and Spyware Doctor haven’t found it and if I search for the .exe files on all my hard-disks, they are not to be found. If my info helps out, so be it or if anyone has a recommendation, let me know. I will try MBAM. I use Vista. Thanks.

15

@scythe944

Wonder where the OP went to.

Maybe found the soloution elseware, maybe got annoyed about someone else hijacking his thread… ::slight_smile:

Anyhoo, back to business.

The malware hasn’t reared it’s fugly head recently so i’m guessing it’s gone.

Thanks for the help, advice, tips and most importantly… underling free in freeware. :o

Secunia is working well - found another problem and got rid of it, though two of the original problems are proving tricky as I have downloaded secunia’s soloutions but it still shows as a threat, I haven’t followed the links to sort that out yet so I will do it now (at time of posting).

Downloaded CCleaner, cleared out just over 1 gb (1,194mb) of stuff, maybe that will help with my afformentioned lag problem, the slim version removed 3mb.

@NortyNort,

I’d reccomend the secunia program mentioned above - http://secunia.com/vulnerability_scanning/personal/, it’s a usefull tool.

I’m not an expert at computer stuff but my problem seems to be gone after getting advice here, stick with em.

16

Ok I found a solution to get rid of the application that pops up commercials via Internet explorer.
I have Windows 7 32 bit.
I found the malware in my drive C/windows
It is called pgamya.exe or something close to this.
To remove this I installed Malwarebytes software. It is free.
Install the software and do a quick scan. [It might take long but let the scan to be completed]
It did found the application on my computer and hopefully it is going to find yours as well. Click on “show results” and remove it. You have to restart the computer otherwise the application wont be removed.
Everything is working smoothly again yeyyyyy!! :slight_smile:

17

I’m very glad that your problems seem to be worked out and that you are happy with the services we provided you. It it odd that you and NortyNort, who also uses McAfee, both had the same problem. Perhaps Dane, if you are satisfied with us, you may want to consider changing over to Avast some day. We are introducing a new version soon and new products in the near future. The forum will be introducing the news as they are released.

Should you have any future questions or problems, feel free to come back any time you need help, to learn something new, or just to ask questions. We are here 24/7 for your convenience. Thank you for allowing me to assist you. :slight_smile:

18

@ NortyNort,

I will await your FULL MBAM log (cut and paste) to post to this thread. Remember to update MBAM prior to running a scan. Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.

Once MBAM comes out clean, please review the information I provided for Dane Strife in this thread for the removal of his malware and cleaning up his machine. Let me know if you have any questions.

19

@SafeSurf.

I’m in the process of registering a PayPal account, if all goes well I might just give avast A.V. a try.

I’ll continue to visit the Avast forums as a guest but untill I have another problem it’s goodbye from me 8)

Edit: The above line appears a little “cold and ungratefull” when I read it back after posting, I meant I won’t waste time with pointless posts as i’m a computer dunce but I will keep track of the forums for any usefull info and tips. ::slight_smile:

20

The next time these programs loaded into my processes, I found their file location, which was in my temp folder. I ended the processes and then deleted all the related files (pfe.exe, pfa.exe, etc.) in the temp. Since then (awhile after), it has not reloaded and annoyed me. It appears to be fixed now. Thanks.