Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32: Trojen-gen.dq


  • Please log in to reply
16 replies to this topic

#1 volty

volty

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 01:17 AM

Hi all, I'm currently writing from my laptop, the computer not infected.


On my desktop I am getting frequent pop-up message clicking noises and other various sounds..
and a windows defender screen that pops up saying that my computer is infected with one of various trojans or worms or etc.
the message varies.

I've run the following programs:

superantispyware-in regular boot up
spybot-in regular boot up
trend micro antivirus-both regular boot up and in safemode
avast- both in regular boot up and in safemode
malwarebites anti malware-in regular boot up
ATF cleaner-regular boot up

and have tried using the brute force uninstaller with the alcra?-I think it's called. (in safemode)

the brute force uninstaller for some reason did not go through all the way, it stopped at 98% and said "run time error 7 out of memory"
so, that was a fail.

I'm still getting these darned sounds and random popups.. I'm a musician and use my computer to compose songs and.. it's where I spend almost 16 hours a day..

I'm extremely bothered by this.

Tell me what to do...


Lesson I've learned.. don't let horny teenagers on your computer while you step out of the room for fifteen minutes...

The computer has windows xp media edition.

I would not be apposed to a fresh install of XP I have an XP pro disc with one install left on it.
In fact, I would have done a fresh install already, but I'm not sure if I can find all of the drivers again.

Edited by volty, 18 October 2008 - 01:27 AM.


BC AdBot (Login to Remove)

 


#2 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 01:44 AM

just wanted to update.

I tried running the other computer, regularly.

There is no more clicking, or pop-ups.

but the computer is lagging.. INCREDIBLY.
I also got a message saying that there was a virus (avast) and told me to put it in the chest..

and THEN.. I said.. okay. well let me try to do another scan.


and when I try to start a program, in this case, the malwarebites program.. the whole system froze up and I had to do a hard reboot.

so, I am now in the system, IN safemode.. again. running the superantispyware on a full scan.

this is too frustrating.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 18 October 2008 - 06:41 AM

Have you tried using System Restore or System Restore from a command prompt in Safe Mode to return to a previous state before your problems began?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 11:59 AM

Have you tried using System Restore or System Restore from a command prompt in Safe Mode to return to a previous state before your problems began?


Yes, in fact, that was the first thing I tried.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 18 October 2008 - 12:10 PM

Launch SuperAntispyware.
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Also post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.

Edited by quietman7, 18 October 2008 - 12:12 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 12:24 PM

Malwarebytes' Anti-Malware 1.28
Database version: 1276
Windows 5.1.2600 Service Pack 3

10/16/2008 3:15:22 PM
mbam-log-2008-10-16 (15-15-22).txt

Scan type: Quick Scan
Objects scanned: 69408
Time elapsed: 11 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 18
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\N82DbMlI.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbgenapl (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xrt_Shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_id (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_server1 (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_reserv (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_forms (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_certs (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_ss (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pstorage (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_command (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_file (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_idproject (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pauseopt (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pausecert (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletecookie (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletesol (Backdoor.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tsfwjcpy.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\N82DbMlI.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Owner.COMPUTER2\xrt_aaif.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IY2AWC72.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nVTd2m4i.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XudX8cST.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini104552663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




mbam^^


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/18/2008 at 04:10 AM

Application Version : 4.21.1004

Core Rules Database Version : 3599
Trace Rules Database Version: 1585

Scan type : Complete Scan
Total Scan Time : 01:28:23

Memory items scanned : 165
Memory threats detected : 0
Registry items scanned : 7416
Registry threats detected : 29
File items scanned : 34890
File threats detected : 31

Trojan.Unclassified/PotPWS
HKLM\Software\Classes\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}#AppID
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\InprocServer32
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\InprocServer32#ThreadingModel
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\ProgID
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\Programmable
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\TypeLib
HKCR\CLSID\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}\VersionIndependentProgID
HKCR\solution.solution.1
HKCR\solution.solution.1\CLSID
HKCR\solution.solution
HKCR\solution.solution\CLSID
HKCR\solution.solution\CurVer
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}\1.0
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}\1.0\0
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}\1.0\0\win32
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}\1.0\FLAGS
HKCR\TypeLib\{00476C87-A276-49BF-86BC-FF005732430B}\1.0\HELPDIR
C:\WINDOWS\SYSTEM32\N82DBMLI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
HKCR\Interface\{892B2785-B0D0-4AA2-AE6A-0ED60B00A979}
HKCR\Interface\{892B2785-B0D0-4AA2-AE6A-0ED60B00A979}\ProxyStubClsid
HKCR\Interface\{892B2785-B0D0-4AA2-AE6A-0ED60B00A979}\ProxyStubClsid32
HKCR\Interface\{892B2785-B0D0-4AA2-AE6A-0ED60B00A979}\TypeLib
HKCR\Interface\{892B2785-B0D0-4AA2-AE6A-0ED60B00A979}\TypeLib#Version

Trojan.Downloader-Gen
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner.COMPUTER2\Application Data\Mozilla\Firefox\Profiles\iw9cqszv.default\cookies.txt ]
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@burstnet[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@zedo[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@realmedia[2].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@specificclick[1].txt
C:\Documents and Settings\Owner.COMPUTER2\Cookies\system@www.burstnet[1].txt

Trojan.Dropper/Gen
C:\DOCUMENTS AND SETTINGS\OWNER.COMPUTER2\~.EXE

Trojan.Unclassified/Solution
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP744\A0081051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP744\A0082137.DLL

^^superantispyware

#7 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 12:28 PM

but like I said, even after all of that i'm still having problems. not immediately after the boot up but approximately ten minutes after starting up. regardless if there is an internet connection or not.

also, the whole system freezes up without letting me do ANYTHING...so I'm forced to do hard reboots if I want to get back on the computer.

Edited by volty, 18 October 2008 - 12:31 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 18 October 2008 - 02:28 PM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, some infections can be difficult to remove because of their morphing characteristics which allows the malware to regenerate itself.

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 02:42 PM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, some infections can be difficult to remove because of their morphing characteristics which allows the malware to regenerate itself.

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.



:le sigh:

I'll update in a bit, I guess.

#10 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 04:17 PM

While it was scanning..again.. my computer restarted itself. ugh.

so, I'm rescanning..and hoping that it doesn't restart itself this time..again...

and now I'm getting the red x in my toolbar, by my clock saying i have a virus.. one of those rogue programs, i think that's what it's called.

is it possible that these viruses keep on installing themselves over and over again even after I get rid of them?


ugh...
Agitated.

Edited by volty, 18 October 2008 - 04:21 PM.


#11 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 04:24 PM

latest mbam



Malwarebytes' Anti-Malware 1.28
Database version: 1276
Windows 5.1.2600 Service Pack 3

10/18/2008 5:19:56 PM
mbam-log-2008-10-18 (17-19-56).txt

Scan type: Quick Scan
Objects scanned: 53724
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\nVTd2m4i.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10251.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#12 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 04:27 PM

still infected..

and now I can't open my trend micro antivirus...for some reason.

and the clicking is back.


I got into the trend micro virus scan.. somehow.

it scanned, and detected nothing..

but obviously it's still here.

Edited by volty, 18 October 2008 - 04:31 PM.


#13 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 05:12 PM

Okay guys..

I'm sick of this, I'm just formatting my hard drive and starting fresh...

wish me luck.

#14 volty

volty
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 October 2008 - 05:33 PM

Ah! And I've decided to make an extra 30gb partition to put linux on.

So, it'll be 200gb hard drive for my audio recording and a 30gb hard drive for web browsing and other tasks


Linux..is..a good idea, right?

I mean, I can let my kiddies roam around on that without the fear of getting some crazed virus, right?

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 18 October 2008 - 07:09 PM

If you have not reformatted yet, try this.

Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users