BleepingComputer.com: Virusalert Next To Clock, No C: And D: Drives Under My Computer

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Virusalert Next To Clock, No C: And D: Drives Under My Computer Malwarebytes log and other methods I've tried.

#1 User is offline   Porkape 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 07-September 08

Posted 07 September 2008 - 06:16 AM

I am having a bit of a problem since last night. I am running a Win XP Pro SP3 machine with AVG Free installed. I ran a file called "RARPassGen.exe" to get a password of some archives I had. Instead I got what I deserved for downloading and running such useless software. My notebook became infected not sure with what but I got icons of "virusalert2008" on my desktop along with popups saying that I was infected and redirecting me to a website which opened itself in Internet Explorer called "safewebnavigate2008". Very annoying this - kept happening frequently. Then I discovered my C: and D: drive shortcuts were missing from under My Computer. I could still get to them by typing in the corresponding drive letter in the address bar, also my Task Manager had been disabled.

At this point I stopped further checking for what is wrong and went about fixing things. I ran the latest SDFix in safe mode and let it do its thing. It ran once more upon reboot. The popups have stopped but I had to manually enable my WiFi and my AVG. Still no C: and D: drive shortcuts and the AM/PM next to my computer clock says "VIRUS ALERT" (which was not there earlier) and the Windows Security Alert icon stays there too no matter how I configure it. I have also run something called Rogue Remover, SuperAntiSpyware Free, Spybot S&D, Spyware Blaster along with my AVG Scan to no luck in getting rid of "VIRUS ALERT" or getting my drive shortcuts back.

I found this site and got some more tips so here I am after running Malwarebytes with the log of a quick scan. Please take a look and help me help myself.

Thank You

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

9/7/2008 4:44:06 PM
mbam-log-2008-09-07 (16-44-06).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\psveta.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6b5d424-3c88-4bf5-8df2-425ad89ca47f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6b5d424-3c88-4bf5-8df2-425ad89ca47f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\psveta.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuktvdgn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngdvtkut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywthbuol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shalu\Local Settings\Temporary Internet Files\Content.IE5\23J37RUD\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shalu\Local Settings\Temporary Internet Files\Content.IE5\IDNOMJ0V\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
.

#2 User is offline   DaChew 

  • Visiting Alien
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 10,317
  • Joined: 20-May 07
  • Gender:Male
  • Location:millenium falcon and rockytop

Posted 07 September 2008 - 07:46 AM

Would you download the ATF cleaner and DrWebCureit?

Make sure that spybot's teatimer is disabled from running resident until we can get you clean


http://www.bleepingcomputer.com/forums/ind...st&p=934959


http://www.bleepingcomputer.com/forums/ind...st&p=935171

After you have downloaded these two and updated MBAM and SAS would you run cureit from safe mode,

stay physically disconnected from the internet(make sure wireless can't connect)


I would then run atf cleaner and SAS from safe mode

Last I would run another scan with MBAM


Welcome to BleepingComputer

ps, just a simple paste log into reply is much easier to read

This post has been edited by DaChew: 07 September 2008 - 07:47 AM

Chewy

No. Try not. Do... or do not. There is no try.

#3 User is offline   Porkape 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 07-September 08

Posted 07 September 2008 - 03:00 PM

Thank You, It seems to have sorted itself after the first time I did MBAM scan and rebooted. But just for good measure I did what you said and came up with nothing. Here is a log of what I have now.

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

9/8/2008 1:02:30 AM
mbam-log-2008-09-08 (01-02-30).txt

Scan type: Quick Scan
Objects scanned: 54922
Time elapsed: 17 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users