BleepingComputer.com: No idea what kind of virus

Will MBAM not update?

oh bleep, I forgot to update. I just updated now, and performing another full scan. I'll post the logs when done.

now updated:

Malwarebytes' Anti-Malware 1.34
Database version: 1800
Windows 5.1.2600 Service Pack 3

2/24/2009 7:44:20 PM
mbam-log-2009-02-24 (19-44-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170232
Time elapsed: 55 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eeekp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kellan\DoctorWeb\Quarantine\ytprjxsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\cxfagn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Would you download a new copy of drweb-cureit.exe and run a scan from normal mode?

log of dr.web

Process.exe;C:\Documents and Settings\Kellan\Desktop\SDFix\SDFix\apps;Tool.Prockill;Incurable.Moved.;

Let's try a quick scan with MBAM and see if those backdoor bots are gone?

Any sign of infection?

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/24/2009 3:00:30 PM
mbam-log-2009-02-24 (15-00-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 168675
Time elapsed: 1 hour(s), 0 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

How's your computer running right now? It seems a lot was cleared out.

With Regards,
Extremeboy

extremeboy, on Mar 1 2009, 01:36 PM, said:

quite well, thankyou. Although I do have a question for future use. What should I use to protect my computer, what's some good programs for that and how should I go about using them?

Hello.

Here's my prevention tips and as well as some free AV, FW and AS software. Malwarebytes and SAS is a very good AS/anti-malware scanner IMO.

Install an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Some Free Anti-Virus software I recommend are:

• Antivir
  
• Avast Free
  
• AVG Free
  
• Bitdefender Free

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Install a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Some Firewall programs I recommend to others are:

• PCtool Firewall
  
• Online-Armor Free
  
• Agnitum
  
• ZoneAlarm Free
  
• Webroot Desktop Firewall

Update your Firewall Program - It is imperitive that you update your Firewall at least once a week (Even more if you wish). If you do not update your firewall then it will not be able to catch any of the new variants that may come out.

Install an Antispyware Program

Please download and install an antispyware program:

• Spybot - Search & Destroy - Tutorial
  
• Spyware Terminator
  
• SuperAntiSpyware
  
• WinPatrol

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

• So How did I get infected?
  
• Miekies' prevention suggestions
  
• Hardening Windows Security - Part 1 & Part 2.

• Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

Quote

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!

• Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  
• Update ALL Critical updates and any other Windows updates for services/programs that you use.
  
• If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  
• Note that it will download them for you, but you still have to actually click install.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck

With Regards,
Extremeboy

About all I could add to that excellent advise would be to flush system restore, do disk cleanup and then defrag

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use Disk Cleanup to remove all but the most recently created Restore Point.
  
• Go to Start > Run and type: Cleanmgr
  
• Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
  
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  
• Click Yes, then click Ok.
  
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
  
• Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Thank you so much for all your help, you really saved me there! Definitely the best site for virus help, I'll pass the word on if someone is having trouble with their computer!

Thanks! We always welcome more members to BC!

You should thank Da Chew more, I didn't do anything except asking you one question and giving you some prevention tips

Happy surfing again and good luck

With Regards,
Extremeboy

Oh for sure, DaChew thanks again for walking me through everything and fixing my laptop!

You are welcome