Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Plz


  • This topic is locked This topic is locked
7 replies to this topic

#1 dmndmn

dmndmn

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 22 March 2008 - 02:40 PM

Hello all,
Since a few hours i have been infected with a serious virus and a malware program, probably both being of the same origin. It is detected in all drives, for example E:/stw1ojde it says it has Win32:AuCrypt Malware trace or something like that. So could anyone suggest a free anti-malware program or a one that i could purchase (preferably the former) . Also Will moving infected Sys32 / Win32 files and folders to the anti-virus chest affect my system and cause OS errors?

Also I have 2 Different Hard drives
1 20gb one split into C( containing windows) and D
1 80gb one into E and F
So if i installed Windows XP OS on C will i lose the files i have on E and F??

And also i cant change my folder options, ie, i cant view my hidden files and folders, when i go to tools > Foler Options > Show hidden Files and folders, apply and ok , I Still can't view them, they dont show up at all.
PLz Urgent help needed.

Thanks for any help in advance.

Edited by dmndmn, 22 March 2008 - 03:08 PM.
Moved to more appropriate forum ~ OB


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 March 2008 - 03:53 PM

Also Will moving infected Sys32 / Win32 files and folders to the anti-virus chest affect my system and cause OS errors?

It will cause errors if you move legitimate files, so my advice is to not move files at will, but rather only those that your AV finds.
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 March 2008 - 12:41 AM

I Installed SuperAntiSpyware and Scanned C Drive with all the preferences you told me about. It asked for reboot, i rebooted the system, but now when i tried to view the log file, it opens in notepad and then it just freezes, i cannot do anything with the notepad, therefore, i cannot copy the log file but i'm posting the list of identified and quarantined items in the 'Manage Quarantine' tab. The List and the details are as follows :

1) Adware.Tracking Cookie -
- C:\Documents and Settings\admin\Cookies\admin@toplist[1].txt
- C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@doubleclick[1].txt
2) Trojan.Media-Codec/V5
- C:\Program Files\Helper
- C:\Program Files\Netproject
- C:\Program Files\Netproject\uninst.exe
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Display name - Internet Service)
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (UninstallString - "C:\Program Files\Net
Project\scu.exe")
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Display name - Secure Browsing)
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (UninstallString - "C:\Program Files\Net
Project\sbun.exe")
- HKUS\S-1-5-21-682003330-854245398-1343024091-1003\Software\NetProject
3) Unclassified.Unknown Origin
- C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\AVAST TOOLS\ [ NOTE : 3 files with the same location but with nfo
extensions , which i had downloaded to run some programs ]


Also i ran Malwarebytes Anti-Malware and this is the log :

Malwarebytes' Anti-Malware 1.09
Database version: 521

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 114961
Time elapsed: 22 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aclient.httpguard (Packer.Morphine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aclient.httpguard.1 (Packer.Morphine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_adw.bhoad (Unknown.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_adw.bhoad.1 (Unknown.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ca1536d-5689-40ca-b92a-f646301517d7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{09dc28c6-bce2-42b1-b3ea-8ab82f0f3b0a} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Also, the Win32 malware i was talking about pops up only when i go to access "My Computer and the drives"

I did these scans and rebooted when asked and still the problem persists, any help is very much appreciated, also i want to thank all the moderators of this site as they are doing a very good job of running a helpfull site like this :thumbsup: . Cheers, and also can anyone solve my hidden folders not showing up problem please?

Thanks in advance

#4 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 March 2008 - 01:04 AM

also one more thing when i start up windows i generally get this :

This instruction at "0x10011e27"referenced memory at "0x00000000". The memory could
not be "read".

Click on OK to terminate the program.


Then i see the avast IE Script blocker notification, this shows a flash screen only
when IE is opened and Avast runs the script blocker.

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 March 2008 - 03:04 AM

Due to the amount of infections that seem to be present, I think your next course of action would be to post a HiajckThis log for analysis from one of our experts. Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log. Do not post your log here, but instead use our HijackThis Logs and Analysis Forum.
After posting a log you should NOT make further changes to your computer except those that are advised by a member of the HijackThis Team; doing so can cause system changes that may not be visible in your log. Please be patient whilst waiting for a response, our HJT Team is currently very busy, and as we try to deal with logs on a "first come first served" basis, you may have to wait a short while.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 dmndmn

dmndmn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 March 2008 - 09:55 AM

Thanks for your help Rookie147, but i have just 1 more question, in the HJT log preparation manual, it lists a lot of anti-viruses to download and run , so is it k to run only the ones i have and do the steps only related to posting the log? I have Avast pro v4.7, SUPERantispyware Pro edition, ThreatFire and Malwarebytes anti-malware free home edition. So can i just run these programs and post the HJT log? also i've been asking this question for days but it just keeps getting shot down, telling me that the topic is closed and that I have already posted a similar thing. So Please i just want to know if moving the infected system32 files detected by my anti-virus as infected to the chest will cause system errors?

Thanks in advance.

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:59 AM

Posted 23 March 2008 - 03:44 PM

Hello dmndmn,

To clarify:

There are differences between AntiVirus, AntiSpyware, AntiMalware etc. programs. There are antivirus suggested which are ONLINE scans, not full program installations. These you should run. You should not install an AntiVirus program because you already have one installed.

As for the AntiSpyware programs, yes please download, install, and run them. Each AntiSpyware program looks for and finds different things.

If something doesn't work, then skip it and go to the next step. When you post your log, please be sure to let them know what worked and what didn't work.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:59 AM

Posted 23 March 2008 - 03:49 PM

Now that you have your HJT log posted here: http://www.bleepingcomputer.com/forums/t/137797/hijack-this-log/ DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

To avoid confusion, I am closing this topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users