Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maleware Bell Variant


  • Please log in to reply
32 replies to this topic

#1 cabletrax

cabletrax

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 26 April 2008 - 11:13 AM

My computer has some variant of the malware bel trojan I downloaded spyhunter to find the problem but now spybot search and destroy says spyhunter is a
problem as well...I cant boot into safe mode and i'm afraid to do anything else because I feel im digging a deeper hole for my self.

You should know a couple of things I bought this laptop from best buy it was the display model and they never gave me any xp install disk or restortion disks
or any other disks or cd's for that matter. For some reason windows updates wont download to my computer.

This all started about 2 days ago...I was listening to a Japanese podcast and all of a sudden AVG says I have a trojan, heal or delete so selected heal next thing some strange blue cmd window pops up with some strange error and then my computer shuts down...I tried to reboot in safe mode to run a diagnostic.
But it just hangs after all the dll's are loaded. I rebooted the computer in safe mode network still no joy so I tried to boot normal mode the only thing that
came up was my background desktop with no taskbar, start menu or any other options...In a last resort attempt i decided to use the task manager to find
spybot search and destroy and sent him on a do or die mission he found a whole bunch of crap from maleware bell, after he got back I sent out adware se to
see what she could find when she got back she only found few entrys so i killed those this time out AVG when she got back she had taken quite a few
hostages I put them in quarentine rebooted into safe mode...again same issue but l was able to get back into windows. I decided to send out all my soldiers
one more time they all came back empty handed...Ok it worked but I couldn't figure out why safe mode wasn't working so decided it was time to incorporate
the services of my highly trained detective Google to find out what the story was with the malware that had snuck in un noticed well turns out there was very
little information on the one I kept seeing. All I know is it's some variant of malware bell. After searching maleware bell spyhunter kept coming up as the
solution to finding it, so I did a few searches for spyhunter to make sure it was not some scam...I couldn't find any issue so downloaded it let it do its thing...Came back saying my favorite folder was infected mainly the yahoo games one which i never use, so figured ok and the folder packing the other thing
that popped up was a stack of regestry issues thats were i said this requires a real pro oh also downloaded prevxcsi and manually deleted the issues it found
and also used regscanner to find the keys spyhunter reported but then I sent spybot out again he said spyhunter was bad news too. So i took a screen shot of
spyhunters findings and spybots too. next I went and downloaded processxp but couldn't open it...I didn't want to go any further because i figured it might
really screw up my PC. The name of the variant trojan was something like psw.gamesonline... somthing something

This is what im working:

1-Spybot search and destroy
2-Adaware SE free
3-AVG 7.5 free
4-Prevxcsi
5-Spyhunter v3
6-Regscanner
7-ProcessXp

Operating system is Windows XP, Firefox browser with some greesemonkey scripts...If you need more intel let me know I cant think of anything else thanx in
advance.

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 26 April 2008 - 01:05 PM

oh dear :thumbsup:

may one ask how this computer was sold to you and how long have you had it??
was it sold TO you as a fully working computer ?
does the microsoft windows update site allow you to validate the XP that is on the computer as I think you may have a NOT legit version of XP on there?
I dont suppose it has service pack 2 on there or at least service pack 1?

#3 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 26 April 2008 - 01:35 PM

Its legit as far as i know, im not computer savy so the only thing iv done is let auto update take over but it wont no warnings or errors. Is there a way i
can do it manually? Yes it is a laptop i wanted to buy one out the box but they didnt have any more so they gave me the store model...just checked it
dose have service pack 2 and it lists an oem number too iv had the computer for about 5 years now.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:43 PM

Posted 26 April 2008 - 01:46 PM

http://www.malwarebytes.org/forums/index.p...ware+bell\

this might work on the new variant
Chewy

No. Try not. Do... or do not. There is no try.

#5 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 26 April 2008 - 01:57 PM

Ok i got it at the moment im running kapersky to speed things along im about 90% done, so far its found 2 viruses and 2 infected objects as soon as it
finishes ill download malware bites. Do you need me to post the log from it or kapersky?

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:43 PM

Posted 26 April 2008 - 01:58 PM

Do you need me to post the log from it or kapersky?


both
Chewy

No. Try not. Do... or do not. There is no try.

#7 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 26 April 2008 - 02:03 PM

ok no problem, i have to go to work in a few minutes so ill have to do it in the am...thanks again for the replys

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 26 April 2008 - 02:05 PM

am I correct that you only recently lost the ability to update windows?

also, you seem to be running your scans while you are on line?

this is not really recommended practice as any scans are best run separately and OFF line for best results and in safe mode is even better ........

#9 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 27 April 2008 - 01:11 AM

Yes recently, I was doing it online because i thought kapersky was a web scanner, when i boot into safe mode it just hangs when its loading the dll's.
After the scan malwarebytes asked me to delete what it found i havnt done it yet...I'll wait on you.

Here is Kapersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 3:52:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 649353
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 96265
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 02:17:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\GoodSync\GoodSync-2008-04.log Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\history.dat Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\key3.db Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Best Buy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rapidbolt.com.dll Infected: Trojan.MSIL.Dedem.q skipped
C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rs.dr.ag.0.dll Infected: Trojan.MSIL.Dedem.r skipped
C:\Documents and Settings\Best Buy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Best Buy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Best Buy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Best Buy\Local Settings\Temp\~DF9159.tmp Object is locked skipped
C:\Documents and Settings\Best Buy\Local Settings\Temp\~DFC601.tmp Object is locked skipped
C:\Documents and Settings\Best Buy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Best Buy\NTUser.dat Object is locked skipped
C:\Documents and Settings\Best Buy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1213\A0227151.exe Infected: Trojan-Dropper.Win32.Agent.hrw skipped
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1213\change.log Object is locked skipped
C:\VAIO Entertainment\database\VzCdbDat.ldf Object is locked skipped
C:\VAIO Entertainment\database\VzCdbDat.mdf Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET341B.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_314.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

This is Malwarebytes log:

Malwarebytes' Anti-Malware 1.11
Database version: 686

Scan type: Quick Scan
Objects scanned: 33512
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{ee60714f-ac17-427e-861a-fd60cbdf119a} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Adware.Cinmus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{ee60714f-ac17-427e-861a-fd60cbdf119a} (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qviexio3.dat (Malware.Trace) -> No action taken.
C:\Program Files\Internet Explorer\PLUGINS\SysWin16.Jmp (Spyware.OnLineGames) -> No action taken.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:43 PM

Posted 27 April 2008 - 01:25 AM

MBAM is about as safe an effective program as I have ever used, it will let you restore a false positive.

Let it remove those items

You have a little in system restore but let's wait on that

After removing the items reboot and check how everything is working?
Chewy

No. Try not. Do... or do not. There is no try.

#11 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 27 April 2008 - 01:50 AM

ok i'll go offline to do it

#12 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 27 April 2008 - 02:27 AM

Ok i'm back here's the new log:

Malwarebytes' Anti-Malware 1.11
Database version: 686

Scan type: Quick Scan
Objects scanned: 33158
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:43 PM

Posted 27 April 2008 - 02:45 AM

===== Locked Objects =====

Number of items = 89

C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf
C:\Documents and Settings\Best Buy\Application Data\GoodSync\GoodSync-2008-04.log
C:\Documents and Settings\Best Buy\Application Data\Mozilla\Firefox\Profiles\7u3803yx.default\foxmarks.log
C:\Program Files\Veoh Networks\Veoh\client.log
C:\Program Files\Veoh Networks\Veoh\upload.log
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1213\change.log
C:\VAIO Entertainment\database\VzCdbDat.ldf
C:\VAIO Entertainment\database\VzCdbDat.mdf
C:\WINDOWS\system32\CatRoot2\edbtmp.log
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log

===== Infected Objects =====

"C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rapidbolt.com.dll"
"C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rs.dr.ag.0.dll"

===== Details =====

Number of items = 3
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0

C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rapidbolt.com.dll --> Trojan.MSIL.Dedem.q
C:\Documents and Settings\Best Buy\Desktop\CryptLoad_1.0.4\CryptLoad_1.0.4\plugins\rs.dr.ag.0.dll --> Trojan.MSIL.Dedem.r


===== System Restore's cache: =====

Number of items = 1
Trojan-Dropper.Win32.Agent.hrw


I did a little google on these and all hit a torrent so I would believe Kasp on this one, looks like a good infector?
Chewy

No. Try not. Do... or do not. There is no try.

#14 cabletrax

cabletrax
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 27 April 2008 - 02:48 AM

so what do you think i should do now?

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:43 PM

Posted 27 April 2008 - 03:37 AM

CryptLoad_1.0.4

delete this

and turn off system restore then turn it back on if your computer seems to be running fine
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users