Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusalert Next To Clock, No C: And D: Drives Under My Computer


  • Please log in to reply
2 replies to this topic

#1 Porkape

Porkape

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 07 September 2008 - 06:16 AM

I am having a bit of a problem since last night. I am running a Win XP Pro SP3 machine with AVG Free installed. I ran a file called "RARPassGen.exe" to get a password of some archives I had. Instead I got what I deserved for downloading and running such useless software. My notebook became infected not sure with what but I got icons of "virusalert2008" on my desktop along with popups saying that I was infected and redirecting me to a website which opened itself in Internet Explorer called "safewebnavigate2008". Very annoying this - kept happening frequently. Then I discovered my C: and D: drive shortcuts were missing from under My Computer. I could still get to them by typing in the corresponding drive letter in the address bar, also my Task Manager had been disabled.

At this point I stopped further checking for what is wrong and went about fixing things. I ran the latest SDFix in safe mode and let it do its thing. It ran once more upon reboot. The popups have stopped but I had to manually enable my WiFi and my AVG. Still no C: and D: drive shortcuts and the AM/PM next to my computer clock says "VIRUS ALERT" (which was not there earlier) and the Windows Security Alert icon stays there too no matter how I configure it. I have also run something called Rogue Remover, SuperAntiSpyware Free, Spybot S&D, Spyware Blaster along with my AVG Scan to no luck in getting rid of "VIRUS ALERT" or getting my drive shortcuts back.

I found this site and got some more tips so here I am after running Malwarebytes with the log of a quick scan. Please take a look and help me help myself.

Thank You

[codebox]Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

9/7/2008 4:44:06 PM
mbam-log-2008-09-07 (16-44-06).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\psveta.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6b5d424-3c88-4bf5-8df2-425ad89ca47f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6b5d424-3c88-4bf5-8df2-425ad89ca47f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\psveta.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuktvdgn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngdvtkut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywthbuol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shalu\Local Settings\Temporary Internet Files\Content.IE5\23J37RUD\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shalu\Local Settings\Temporary Internet Files\Content.IE5\IDNOMJ0V\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
[/codebox].

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:17 PM

Posted 07 September 2008 - 07:46 AM

Would you download the ATF cleaner and DrWebCureit?

Make sure that spybot's teatimer is disabled from running resident until we can get you clean


http://www.bleepingcomputer.com/forums/ind...st&p=934959


http://www.bleepingcomputer.com/forums/ind...st&p=935171

After you have downloaded these two and updated MBAM and SAS would you run cureit from safe mode,

stay physically disconnected from the internet(make sure wireless can't connect)


I would then run atf cleaner and SAS from safe mode

Last I would run another scan with MBAM


Welcome to BleepingComputer

ps, just a simple paste log into reply is much easier to read

Edited by DaChew, 07 September 2008 - 07:47 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Porkape

Porkape
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 07 September 2008 - 03:00 PM

Thank You, It seems to have sorted itself after the first time I did MBAM scan and rebooted. But just for good measure I did what you said and came up with nothing. Here is a log of what I have now.

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

9/8/2008 1:02:30 AM
mbam-log-2008-09-08 (01-02-30).txt

Scan type: Quick Scan
Objects scanned: 54922
Time elapsed: 17 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users