Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware 2008 Trojan help! please!


  • Please log in to reply
24 replies to this topic

#1 Neofire

Neofire

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 03:52 PM

Hey im new and i googled help for this problem and this site was recommended and was wondering if someone could please help me get rid of this ive tried almost everything i know. its pretty much got rid of my avast anti-virus program.

BC AdBot (Login to Remove)

 


#2 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 04:00 PM

Its blocking Malwarebytes and Microsoft one care from scanning my computer. And if i try to install anything it says access denid something about the registery or something

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:26 AM

Posted 27 December 2008 - 04:13 PM

If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 04:34 PM

Yea for some reason when i rename it, it will not take the .exe. I says RegCreateKeyEx failed: code 5

#5 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 04:37 PM

Ok i got it to scanning what do i do from there? after it detects the infection?

#6 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 04:56 PM

here is my scan log


Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/27/2008 3:50:03 PM
mbam-log-2008-12-27 (15-49-53).txt

Scan type: Quick Scan
Objects scanned: 57251
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lwiral (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fneyuqiyukebicit (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> No action taken.

Files Infected:
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\Tdusitite.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\anapoxazigu.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\winlogin.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\winloggn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\TDSS1501.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\TDSSf501.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\Setup_ver1.1740.0.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\darnel\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\TDSSgurc.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSvoce.dll (Rootkit.Agent) -> No action taken.

#7 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 05:10 PM

Im doing a full scan now i'll post log when done.

#8 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 06:56 PM

Crap i did the mbam scan in normal and safe mode that bleep is still there. can anyone help me?

#9 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 06:59 PM

Here is my last scan log

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/27/2008 4:38:03 PM
mbam-log-2008-12-27 (16-37-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86182
Time elapsed: 40 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> No action taken.

Files Infected:
C:\System Volume Information\_restore{61334A12-1227-417B-B44D-B0E38E3654D6}\RP106\A0017844.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{61334A12-1227-417B-B44D-B0E38E3654D6}\RP106\A0017845.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{61334A12-1227-417B-B44D-B0E38E3654D6}\RP106\A0017846.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{61334A12-1227-417B-B44D-B0E38E3654D6}\RP106\A0017847.dll (Trojan.TDSS) -> No action taken.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> No action taken.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.



Its not removing it when i reboot why?

#10 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 07:15 PM

Can anyone tell me why its not removing the infected files when i complete the scan? From my log you can see that it did no action to remove them why?

#11 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:26 AM

Posted 27 December 2008 - 07:30 PM

1 - That's not the most current version, you need to update mbam.
2 - You need to reboot the computer to finish the uninstall process
3 - Some walware is pretty stubborn and it can take a few scans to remove it

reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 07:34 PM

When i try to update it says that mbam's connection to the net is being blocked

#13 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 07:47 PM

should i update it in safe mode?

#14 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:26 AM

Posted 27 December 2008 - 08:21 PM

If possible, yes
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#15 Neofire

Neofire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 December 2008 - 09:08 PM

ok im running SUPERanti spyware in safe mode




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users