BleepingComputer.com: Infected with Viruses and Internet disconnected

After my computer got infected the viruses disconnected/blocked the internet completely even my internet cable box doesn't work. Its been 3 months since it's been infected I had no way of trying to get it fixed till now. I'm using my sisters computer. I had used Malwarebytes' Anti-Malware and SUPERAntiSpyware, it removed most of the viruses but there were some subborn ones I couldn't remove. My computer works fine it's just the internet is blocked.

These are the two subborn viruses I can't seem to remove

Trojan.Downloader-CREW
C:\windows\system32\ujoyvzji.dll

Adware.Vundo/Variant-MSFake
C:\windows\system32\dwrmmuq.dll

Thanks

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Could you please update Malwarebytes by going to the Update Tab, and then run a Full Scan?

how can i update malwarebytes if i don't have access to the internet on my computer?

Please transfer this file from a clean computer to the infected via USB thumb drive or CD and then execute the file, as this will update the Malwarebytes program:

Please download and install the database from here.

Then run a Full Scan and post back the log

Sorry I wasn't able to comeback online till now, so the you gave link doesn't work. Could you possibly give the link again?

I did a full scan on the infected computer on the 8th of this month even though the program wasn't updated.
None of the following infections were deleted even though it said that it was. The computer still has the viruses in log and the other two I posted up earlier.


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/8/2009 12:14:33 AM
mbam-log-2009-08-08 (00-14-33).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 280514
Time elapsed: 2 hour(s), 25 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This post has been edited by yoori: 21 August 2009 - 05:04 AM

Here's the new link for the manual database update for MBAM

http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Thank you
I'll post the log when I get a chance to comeback online again

Ok, I will be waiting on the log

I know it's been a while since I was last online, but I had no way of getting online till now. Sorry.
Here's the log I was suppose to have posted up


Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

8/24/2009 2:12:08 AM
mbam-log-2009-08-24 (02-12-08).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 283201
Time elapsed: 2 hour(s), 29 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\dyae.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\N41FST9V\wcypzaer[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\VH0IXNON\loaderadv563[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Ok, since it has been awhile, please download the new version of Malwarebytes from here:

Malwarebytes

Install that, and then go to the "Update" tab and update the program.

Finally after it is updated, run a Quick Scan and post back the log.

Hi I installed the new version, but it wouldn't let me update... this would pop out

http://mbam.malwarebytes.org/database/mbam-rules.exe

Please use that link to manually update the def's. Then please run the Quick Scan and post back the log.

How come I can't update Malwarebytes?

Here's the log


Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 2

11/8/2009 3:43:21 PM
mbam-log-2009-11-08 (15-43-21).txt

Scan type: Quick Scan
Objects scanned: 142316
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\shpsv (Adware.Rewardnet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\3367958559.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\3160614809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\181611020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\2997487612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3001394762.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3060314584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3824709410.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\4206984966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

The viruses are blocking it from updating. Since it's been awhile, can you please restate all of the symptoms that you are having (any new, any still the same, any gone, etc.)

Some of the viruses is still there... I think the viruses that won't go away are the ones blocking me from connecting to the internet on my computer, it would say, "Proxy Server Refused Connection".