BleepingComputer.com: viruses

Today i started up my computer and it wouldn't connect to the internet. when i tried to run kapersky antivirus 2010, it said that i had 4 trojans and 15 virus. when i try to fix the problem it keeps saying that my databases are corrupted and i can't even update the antivirus. any help with getting this off of my computer would be greatly appreciated

Hello, can you give us the names of the infections.
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

Download Link 1
Download Link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

1/8/2011 8:02:37 AM
mbam-log-2011-01-08 (08-02-37).txt

Scan type: Quick scan
Objects scanned: 155665
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Next run an Online scan, then update and run KIS.


To check for and confirm the MBR rootkit, use either GMER or the standalone mbr.exe tool by Gmer (preferable).
Dr. Web Cureit detects and sometimes fixes it...and RootRepeal can fix the MBR rootkit.


Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

• Click the green button.
  
• Read the End User License Agreement and check the box:
  
• Check .
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  
• Click the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer.
  
• If offered the option to get information or buy software at any point, just close the window.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  
• When the scan completes, push
  
• Push , and save the file to your desktop as ESETScan.txt.
  
• Push the button, then Finish.
  
• Copy and paste the contents of ESETScan.txt in your next reply.

Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt

• Click Ok and the scan results will open in Notepad.
  
• Copy and paste the contents of log.txt in your next reply.

-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

How is it now??

C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1baeccbb-76ae91bb probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined

Ok run your KIS (Kaspersky_ and tell me how the machine is doing aftr that.

it still won't run because the databases are corrupted and when i try to update i get the same message.

Uninstall ,then reboot then reinstall Kaspersky.

I cannot reinstall kaspersky. when i try i get a message saying:The Setup Wizard could not install Kaspersky Anti-Virus 2011. It is possible your computer is infected.

Ok. let's run these then.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5525

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

1/15/2011 10:52:06 AM
mbam-log-2011-01-15 (10-52-06).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 356501
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\admin\Music\ben's music\snoop dogg\snoop dogg doggystyle\04 - snoop doggy dogg - tha shiznit.mp3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Any trouble with running tdsskiller? It appears you downloaded an infected music file.