BleepingComputer.com: Infected with Viruses and Internet disconnected

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Infected with Viruses and Internet disconnected Need help to remove them

#1 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 31 July 2009 - 09:05 PM

After my computer got infected the viruses disconnected/blocked the internet completely even my internet cable box doesn't work. Its been 3 months since it's been infected I had no way of trying to get it fixed till now. I'm using my sisters computer. I had used Malwarebytes' Anti-Malware and SUPERAntiSpyware, it removed most of the viruses but there were some subborn ones I couldn't remove. My computer works fine it's just the internet is blocked.

These are the two subborn viruses I can't seem to remove

Trojan.Downloader-CREW
C:\windows\system32\ujoyvzji.dll

Adware.Vundo/Variant-MSFake
C:\windows\system32\dwrmmuq.dll

Thanks

#2 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 01 August 2009 - 10:49 AM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Could you please update Malwarebytes by going to the Update Tab, and then run a Full Scan?
Computer Pro

#3 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 07 August 2009 - 07:03 PM

how can i update malwarebytes if i don't have access to the internet on my computer?

#4 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 07 August 2009 - 07:30 PM

Please transfer this file from a clean computer to the infected via USB thumb drive or CD and then execute the file, as this will update the Malwarebytes program:

Please download and install the database from here.

Then run a Full Scan and post back the log
Computer Pro

#5 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 21 August 2009 - 05:02 AM

Sorry I wasn't able to comeback online till now, so the you gave link doesn't work. Could you possibly give the link again?

I did a full scan on the infected computer on the 8th of this month even though the program wasn't updated.
None of the following infections were deleted even though it said that it was. The computer still has the viruses in log and the other two I posted up earlier.


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/8/2009 12:14:33 AM
mbam-log-2009-08-08 (00-14-33).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 280514
Time elapsed: 2 hour(s), 25 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This post has been edited by yoori: 21 August 2009 - 05:04 AM

#6 User is offline   DaChew 

  • Visiting Alien
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 10,313
  • Joined: 20-May 07
  • Gender:Male
  • Location:millenium falcon and rockytop

Posted 21 August 2009 - 05:05 AM

Here's the new link for the manual database update for MBAM

http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Chewy

No. Try not. Do... or do not. There is no try.

#7 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 21 August 2009 - 06:06 PM

Thank you
I'll post the log when I get a chance to comeback online again

#8 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 21 August 2009 - 10:07 PM

Ok, I will be waiting on the log
Computer Pro

#9 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 08 November 2009 - 06:09 AM

I know it's been a while since I was last online, but I had no way of getting online till now. Sorry.
Here's the log I was suppose to have posted up


Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

8/24/2009 2:12:08 AM
mbam-log-2009-08-24 (02-12-08).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 283201
Time elapsed: 2 hour(s), 29 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\dyae.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\N41FST9V\wcypzaer[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\VH0IXNON\loaderadv563[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

#10 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 08 November 2009 - 02:55 PM

Ok, since it has been awhile, please download the new version of Malwarebytes from here:

Malwarebytes

Install that, and then go to the "Update" tab and update the program.

Finally after it is updated, run a Quick Scan and post back the log.
Computer Pro

#11 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 08 November 2009 - 06:15 PM

Hi I installed the new version, but it wouldn't let me update... this would pop out

Posted Image

#12 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 08 November 2009 - 06:19 PM

http://mbam.malwarebytes.org/database/mbam-rules.exe

Please use that link to manually update the def's. Then please run the Quick Scan and post back the log.
Computer Pro

#13 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 08 November 2009 - 08:58 PM

How come I can't update Malwarebytes?

Here's the log


Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 2

11/8/2009 3:43:21 PM
mbam-log-2009-11-08 (15-43-21).txt

Scan type: Quick Scan
Objects scanned: 142316
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\shpsv (Adware.Rewardnet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\3367958559.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\3160614809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\181611020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\2997487612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3001394762.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3060314584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3824709410.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\4206984966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#14 User is offline   Computer Pro 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 2,448
  • Joined: 26-June 09
  • Gender:Male

Posted 08 November 2009 - 09:00 PM

The viruses are blocking it from updating. Since it's been awhile, can you please restate all of the symptoms that you are having (any new, any still the same, any gone, etc.)
Computer Pro

#15 User is offline   yoori 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 149
  • Joined: 06-July 08
  • Gender:Female
  • Location:In Your Dreams

Posted 09 November 2009 - 03:08 AM

Some of the viruses is still there... I think the viruses that won't go away are the ones blocking me from connecting to the internet on my computer, it would say, "Proxy Server Refused Connection".

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users