BleepingComputer.com: Vista security 2011 virus

Hello, I ran into this virus yesterday after visiting a lyrics website. Ive been running my computer in safe mode. Ive googled around for hours and did everything suggested for this virus(malware bytes,task manager, etc) and nothing seems to work. It would go away for a while after I run malware bytes, but comes again. The Rkill does not run for me, I asume its the virus that stops it from working. I tried ending a process that i googled (csrss.exe) that I read was a virus, but all I got was a blue screen. the vista virus changes my default browser, stops my security program(avira) unless im in safe mode and it stops my windows defender from running. My computer is a 32 bit windows home vista basic 2007, service pack 2. I jut ran a quick scan using malware bytes, and these are the results:



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6297

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

4/7/2011 6:43:30 AM
mbam-log-2011-04-07 (06-43-30).txt

Scan type: Quick scan
Objects scanned: 156770
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jEM\AppData\Local\Temp\0.2575564221173654.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\AppData\Local\Temp\0.35115968843544476.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\fvn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\hes.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\kwx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\application data\fvn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\application data\hes.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\local settings\application data\kwx.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Appreciate any feedback, TIA

ETA I later ran a full scan and found these additional infections:

Files Infected:
c:\Users\jEM\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21\1b267915-314bde92 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\jEM\AppData\LocalLow\Sun\Java\deployment\cache\6.0\9\2101d09-4ee28e11 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\judith\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31\7c87c1df-7196a8f1 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\judith\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\6e56ada3-10aa5af2 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\judith\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\72a57626-6ea1d944 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\judith\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\5b8e2cec-3dbc3415 (Trojan.Agent) -> Quarantined and deleted successfully.

This post has been edited by hamluis: 07 April 2011 - 09:54 AM
Reason for edit: Moved from Vista to Am I Infected.

bump

Hi there,

Have you tried the following removal guide: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

Casey

I have and it comes back again.

Now I can't access my browser,or security suite because of the virus. I have to type this from my phone.

Sorry about the delay!

In that case, I recommend that you read this topic and start a new topic for help with malware removal.

Casey