Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

your computr is infected, red circle white x


  • This topic is locked This topic is locked
26 replies to this topic

#1 rockas

rockas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 23 November 2008 - 10:42 PM

ok so i've been reading other posts describing the same problem

i am using a different comp to post here and

i have already downloaded mbam set up file from this comp,
loaded onto cdr and uploaded onto my laptop (problem comp)

it installed but wont run
tried renaming mbam set up file on laptop, no luck, uninstalled it (which was problematic)
downloaded again changing the name right as i saved it, then burned cd and loaded on laptop again, installed but won't run, uninstalled it

tried the process again, this time changng the name of the mbam.exe via opening through c:\Program Files\ .....etc etc only the file was not labeled as mbam.exe , just mbam (maybe i just can't fine the exe file to change the name.

anywat this is where i'm stuck and i have bumped a few other threads and also asked for some help in one of them, but i am realizing that i should have my own post to avoid confusion here (cause i've been reading this site now for hours so i gtting the hang of it)

PLEASE HELP

Edited by rockas, 24 November 2008 - 12:03 AM.


BC AdBot (Login to Remove)

 


#2 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 23 November 2008 - 11:42 PM

ok so its after 11 right now and I really realized i had a problem maybe 4-5ish this afternoon so a waste of almost a whole day when you really check it. i really had something else to do (that i still have to do) but i thought i would take a moment to point out a few things and hopefully save you some time

:thumbsup: I am finally posting from my laptop again and that means that bleepin x is gone thanks to the good people and BC...

basically the Malwarebytes' Anti-Malware download and instructions you will invariably see under similarly titled posts are good to go as they are. most peeople that posted seemed to be able just download from their computers or other computers and just upload the mbam program and it worked right away ... mine didn't work so smooth but hours later if i just knew what was up i could have been done so long ago ...... so

i downloaded from another computer and burned the programs onto a cd

wasted a lot of time downloading and uploading, installing and uninstalling, and renaming the file ....

just download on another computer, burn on cd, drag and drop on your desktop if you are unable to access BC or other sites from the comp you are having the x problem

then follow the instructions the other posters provide.... do not change the names anywhere, just got through and install.

if the Mbam wont open then go to start, then run , then c:\Program Files\Malwarebytes' Anti-Malware (which is the folder that the install file loads the program to) and the folder should open.....i noticed it opened when i went to the address bar in my documents and typed the same thing

well i did not see an exe file in my folder but i guessed the exe file was the largest file and was titled just mbam not mbam.exe so i changed that to a number of other number/lertter combos in the style 12345.bat or help.car (someletters, then a dot, then 3 letters) - this was a waste of time ... but then i tried glue a four letter word (cause mbam was four but i bet it doesn't matter) and there was no file extension (i think thats what its called) - hey i just figuring this now, not advanced user at all




and it ran, i followed the instructions (THANKS AGAIN BLEEPINGCOMPUTER!!!) :flowers: ... when it finished the log pops up just like the instructions..... the only thing i didn't do was save the log file because it says the log is saved ..... i just wanted to restart my computer as quickly as possible also. i'm going to post this and then go look for the log and post it too and then run a full scan and chill out for the rest of the evening

yeah so if any of this is flawed ...please one of the experienced members come sort it out

i'm just posting my experience and i'm grateful others did too! i just hope the problem doesn't 'pop up' again.

Edited by rockas, 23 November 2008 - 11:54 PM.


#3 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 24 November 2008 - 12:01 AM

ok so thats the log... someone please tell me what it all means :thumbsup:














Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

11/23/2008 11:04:41 PM
mbam-log-2008-11-23 (23-04-41).txt

Scan type: Quick Scan
Objects scanned: 53124
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\SysFile.brk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10895.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfub.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoexh.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Rootkit.Agent) -> Delete on reboot.

#4 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 24 November 2008 - 08:58 AM

i ran a full scan after and here are the results .... i think going to have to run it again then something else...









Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

11/24/2008 8:50:02 AM
mbam-log-2008-11-24 (08-50-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 99641
Time elapsed: 5 hour(s), 47 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Wayne Copeland\Local Settings\Temp\TDSS5778.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wayne Copeland\Local Settings\Temp\TDSS5cf6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:31 PM

Posted 24 November 2008 - 06:14 PM

I'm sorry you slipped by us
one more time

Please reboot your computer and update Malwarebytes. This time do a quick scan and post the new log here
We might have to take other measures
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 24 November 2008 - 06:41 PM

I'm sorry you slipped by us
one more time

Please reboot your computer and update Malwarebytes. This time do a quick scan and post the new log here
We might have to take other measures



no prob...its my fault since i didn't read any instructions, i just began posting away...thanks for your help i like what you are doing here at this website.

so i just keep scanning, restarting, checking log and seeing infected files that have been deleted...i already began doing a full scan before logging on to BC and will post when it is done or is it possible to access the log while its running?

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:31 PM

Posted 24 November 2008 - 07:46 PM

I'll see it tonight or in the morning
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 24 November 2008 - 11:16 PM

I'll see it tonight or in the morning



THANKS garmanma!


so i have run the mbam scan a few times now ... the second time it found 2 infected files, then o infected with the quickscan and everytime after that just 1 infected file... i hope repeating the scan is not a problem ....

everytime it almost finished scanning a yellow triangle with an exclamation in a pop up box apears and says


" Windows - Delayed Write File
Windows was unable to save all the data for the file c:\WINDOWS\system32\config\sysEvent.Evt
The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try
to save this file elsewhere "


then if finishes. i click show results, then removed selected, and i get the prompt whether i want to restart because computer needs to restart so the process can complete (or something to that extent) so i click yes and it restarts (did this everytime i scanned)




anyway here are my logs and i wont run scan again or do anything else till i hear back




Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

11/24/2008 9:13:13 AM
mbam-log-2008-11-24 (09-13-13).txt

Scan type: Quick Scan
Objects scanned: 52834
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

















-------------------------------then this log


Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.1.2600 Service Pack 2

11/24/2008 4:04:45 PM
mbam-log-2008-11-24 (16-04-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101621
Time elapsed: 4 hour(s), 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP743\A0193434.sys (Trojan.Downloader) -> Quarantined and deleted successfully.






-----------------------and this last one


Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.1.2600 Service Pack 2

11/24/2008 10:55:58 PM
mbam-log-2008-11-24 (22-55-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101473
Time elapsed: 4 hour(s), 29 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP743\A0193469.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by rockas, 25 November 2008 - 11:45 AM.


#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:31 PM

Posted 25 November 2008 - 12:16 PM

I'm away from my computer. I''l get back to you in a while
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 25 November 2008 - 12:28 PM

np

#11 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:31 PM

Posted 25 November 2008 - 03:21 PM

That one infected file bothers me
Please try Mbam one more time
Don't forget to reboot
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 25 November 2008 - 03:52 PM

ok i will run it again as soon as i get home ... full scan i guess would be better?

what should i do about the Windows - Delayed Write File message????.... it shows up before the scan completes but then i have to restart computer as soon as mbam finishes so clicking it doesn't seem to be an option.

#13 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:31 PM

Posted 25 November 2008 - 05:57 PM

Everything I've found on the delayed write failure indicates a problem with the hard drive
http://support.microsoft.com/kb/330174
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 25 November 2008 - 07:22 PM

Everything I've found on the delayed write failure indicates a problem with the hard drive
http://support.microsoft.com/kb/330174



do you think this is a result of the malware/virus or an unrelated problem that is just surfacing now (maybe as a result of all the recent complications?





more importantly, what should i do now??? i'm going to scan again as you suggested before ...


please let me know if i should do something different from restarting my computer if i encounter the delayed write failure prompt.

Edited by rockas, 25 November 2008 - 07:27 PM.


#15 rockas

rockas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 26 November 2008 - 12:40 AM

its still there!!!!!!!!!!!!


here's my latest log......



Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.1.2600 Service Pack 2

11/26/2008 12:00:47 AM
mbam-log-2008-11-26 (00-00-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 101590
Time elapsed: 4 hour(s), 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP743\A0193484.sys (Trojan.Downloader) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users