Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open Internet Explorer


  • Please log in to reply
3 replies to this topic

#1 lizzylondon

lizzylondon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 December 2008 - 06:19 PM

Hello all:

Am trying to help my flatmate fix her laptop. We are 99% sure that it is infected with 1 (or more?) "things". 4 years ago the folks on this website helped me save my computer from an infection so am hopeful you can help Lizzie as well.

My flatmate noticed that IE was acting slower and then yesterday Internet Explorer won't open. Her brother managed to download firefox so we have internet access.

Two additional things. One, we get this lovely little error message as a balloon in the bottom right hand corner that says "system alert: Trojan-spy.win32@mx - Click this baloon to download antispyware for Windows". The incorrect spelling of balloon tipped me off to be very wary of this. Two, occasionally a new window appears that says "critical system warning! Your system is probably infected with the latest version of spyware.cyberlog-X......". We've not clicked ok on that either.

Occassionally, IE seems to be trying to open a new window to this address: http://ruzvhf.com/?pn=srch0p5total7s2&c=208

Have looked through the other postings and have downloaded Malwarebytes Anti-malware, run itMalwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

16/12/2008 23:21:37
mbam-log-2008-12-16 (23-21-37).txt

Scan type: Quick Scan
Objects scanned: 74873
Time elapsed: 17 minute(s), 58 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 2
Registry Keys Infected: 25
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 64

Memory Processes Infected:
C:\WINDOWS\581129513.exe (Spyware.Passwords) -> Unloaded process successfully.
C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat197.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat196.tmp (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e25c29ab-12b9-4523-a53c-324b5fba648c} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cryptographic services (cryptsvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cryptographic services (cryptsvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cryptographic services (cryptsvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dcom server process launcher (dcomlaunch) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dcom server process launcher (dcomlaunch) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcom server process launcher (dcomlaunch) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcafee network agent (mcnasvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mcafee network agent (mcnasvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafee network agent (mcnasvc) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mcafee scanner (mcods) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mcafee scanner (mcods) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafee scanner (mcods) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roxmediadb9 (roxmediadb9) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roxmediadb9 (roxmediadb9) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roxmediadb9 (roxmediadb9) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\workstation (lanmanworkstation) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\workstation (lanmanworkstation) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\workstation (lanmanworkstation) (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktime task (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysberay2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat197.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat196.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\581129513.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\900053\900053.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\dat78.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\dat79.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\dat7A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\dat7B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\587267969ow.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat10.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat11.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat116.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat117.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat118.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat12.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat13.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat14.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat15.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat18E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat18F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat190.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat192.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat193.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat194.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat198.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat1E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat21.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat25.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat3.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat409.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat5.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat6.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat6A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat8.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat9D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat9E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\dat9F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datA.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datA4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datA5.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datA6.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datB.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datBC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datD.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datDC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datDE.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datDF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datE.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datE1.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elizabeth Jane\Local Settings\Temp\datF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttasku.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\bolivar30.exe (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\che08.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\KerndDrv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\tt_1229438899.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\tt_1229439419.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Visitor\Local Settings\Temp\qpgiqmsi2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
and here is the log.

Thanks in advance for your help!

Tina and Lizzie.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 16 December 2008 - 06:35 PM

Reboot your computer, run the Malwarebytes Full Scan and post the new log.

Edited by Budapest, 16 December 2008 - 06:37 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 lizzylondon

lizzylondon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 December 2008 - 07:37 PM

Done and thank you. FYI, still can't open IE and is redirecting itself to http://go.microsoft.com/fwlink/?LinkId=74005.

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

17/12/2008 00:16:19
mbam-log-2008-12-17 (00-16-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 108815
Time elapsed: 38 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 16 December 2008 - 07:45 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users