BleepingComputer.com: Vista Antivirus 2012

Hi,

Last night (Actually early this morning), Kaspersky gave me red error messages about two programs. Immediately afterwards Vista Antivirus 2012 popped up and told me that I had all kinds of wicked, bad, evil viruses on my computer. When I realized it was blocking my internet access, I used my laptop to find your site and this article: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

I ran through the instructions and everything seemed to work. Rkill got rid of 2 files for me, but I didn't copy the log because I didn't think it was important. I can't find it now to post here -- if someone tells me where the log is I'll be more than happy to post it.

Anyway, I get to the MBAM section, and after running all night, it tells me that there are no problems. Does that mean that I got it before it spread, or is there more out there that needs to be done to get rid of this thing?

Thanks.

This post has been edited by phoenix0401: 05 December 2011 - 09:42 AM

I work on virus infected computers

Even after mbam removing this trojan ,i could find it popping up

I found out that it was located in Appdata/local folder

You can find a exe file and a system file

example:dhf.exe and vsfsfggskg

You may need to check show hidden files and uncheck hide OS files

It should be visible now

Delete both of them and run exe registry fix

This is how i was able to remove it

Senior BC members may help you

Thanks

It's still very much around. Despite multiple programs telling me there were no issues (Kaspersky PURE 2011, Malwarebytes, Spybot S&D), it just re-installed itself. I really could use a hand with this.

Thanks

have you tried running Malwarebytes in safe mode?

Okay, so I happened to run it this morning -- before you replied -- because the problems were unbearable, and it actually caught 2 somethings. Then I ran it in Safe Mode when I got home and -- perhaps not surprisingly -- nothing. I've also attached the run from directly after the initial infection to show you that I'm not crazy.

I'm kind of concerned that there was nothing, then it re-installed itself, then something pops up. Anywhere else I should check to be sure it's really gone? (The computer is acting better -- but still having issues. Like locking up briefly when I try to type an address in Firefox.)

Thanks


Log after infection:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8314

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/5/2011 6:29:53 AM
mbam-log-2011-12-05 (06-29-53).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 382050
Time elapsed: 5 hour(s), 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Log this morning:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8357

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

12/12/2011 8:50:10 PM
mbam-log-2011-12-12 (20-50-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 369978
Time elapsed: 2 hour(s), 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Log in safe mode:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8357

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

12/12/2011 9:53:17 PM
mbam-log-2011-12-12 (21-53-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 368717
Time elapsed: 56 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And it just reinstalled itself.

Download and run TDSSKiller and post the log. If it asks you to fix anything, then please DO NOT FIX ANYTHING.

In the process of wiping and rebuilding the hard disk, so ignore me.

Just saw that message. Thanks a lot for trying.

So what happened?

I need the computer working for work and decided that biting the bullet and reinstalling would get it up faster. Sorry for wasting your time.

Hey no biggie