Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware


  • Please log in to reply
1 reply to this topic

#1 Armadillo19

Armadillo19

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 December 2008 - 12:08 AM

Hello,
I seem to have the common malware infection that everyone else does.
I ran Malwarebytes numerous times, and here is what the latest log says:

Malwarebytes' Anti-Malware 1.31
Database version: 1504
Windows 5.1.2600 Service Pack 3

12/16/2008 12:02:37 AM
mbam-log-2008-12-16 (00-02-37).txt

Scan type: Quick Scan
Objects scanned: 62123
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c5701c8-6299-42ec-9942-d97efbc6e426} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2c5701c8-6299-42ec-9942-d97efbc6e426} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bawidewihe (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The problem is, I run, re-run, and re-re-run Malwarebytes and it seems that i never can delete one file, which then seems to be able to respawn other problems. Here is the closest I have come to removing all files:

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 5.1.2600 Service Pack 3

12/15/2008 5:40:34 PM
mbam-log-2008-12-15 (17-40-34).txt

Scan type: Quick Scan
Objects scanned: 56877
Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bawidewihe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have rebooted as it says, and still, the same thing.
Now, I have tried using SDFix, but when I get past the first page where it asks for Y, N or A, all I get on the screen is something that says:

Starting Repairs
Checking Running Processes and Services

It doesn't have the 3rd message (Please be patient as this may take up to 20 minutes).

I have logged into SafeMode under both the administrator, and my own account, and the same thing happened. Both times it got this far, but then it didn't make any noise indicating loading, and it didn't progress past that point even after I left it open for about a half an hour.

So, what should I do?
Any help would be greatly appreciated!

BC AdBot (Login to Remove)

 


#2 Armadillo19

Armadillo19
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 December 2008 - 03:08 PM

I'm going to BUMP this just in hopes that a mod sees this before it gets lost in the shuffle.
Oh and also, I have the classic "hijacked browser" syndrome where popups for antivirus 2009 and other things constantly come up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users