Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having problems please help


  • This topic is locked This topic is locked
23 replies to this topic

#1 smiley1124

smiley1124

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 17 January 2009 - 12:54 AM

i know that i had a virus at some point because when i clicked on my c drive it told me C:\resycled\boot.com is not a valid Win32 application.and found out it was caused by the spyware/virus named 'Troj/Rustok-N' so i did as instructed by downloading malwarebytes anti-malware. did the full scan and when it was done i removed all that was selected. i also for each drive, open it and delete the "resycled" folder and autorun.inf. so it seemed like my problem was solved.now i cannot use the system restore,disk defragment, or the disk cleanup.all those were working just fine after i did all those things and now just stopped working.well all of them worked except the system restore.it will let me go in but when i choose any restore points i can go back to it will let me click it but it will not do anything else and actually start restoring. when i do disk defragment it says that it could not start. also i just recently started having problems with internet explorer when i go to open it it says it encountered an error.after a while of waiting i click on it again and it will open. i have looked up so many ways to fix all this and cannot come up with anything.i just did another scan and this was what i got

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

1/17/2009 12:54:05 AM
mbam-log-2009-01-17 (00-54-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 263112
Time elapsed: 2 hour(s), 33 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 January 2009 - 04:32 AM

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 January 2009 - 12:38 PM

Hi,

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#4 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  

Posted 17 January 2009 - 05:32 PM

ok so i just finished the kaspersky scan and this is what i got

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 18:16:22
Records in database: 1637846
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 216626
Threat name: 4
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 03:18:53


File name / Threat name / Threats count
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7b662abf Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5a2aa795 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-491d64fb.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6f77976b.zip Infected: Exploit.Java.Gimsh.b 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP152\A0037647.com Infected: Worm.Win32.AutoTDSS.afw 1
C:\WINDOWS\system32\Updater.exe Infected: Backdoor.Win32.MoSucker.30.ak 1
C:\WINDOWS\Temp\tmp224.tmp Infected: Worm.Win32.AutoTDSS.afw 1
C:\WINDOWS\Temp\tmp7.tmp Infected: Worm.Win32.AutoTDSS.afw 1
C:\WINDOWS\Temp\tmpD4.tmp Infected: Worm.Win32.AutoTDSS.afw 1
C:\WINDOWS\Temp\tmpEB.tmp Infected: Worm.Win32.AutoTDSS.afw 1

The selected area was scanned.

#5 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 05:13 AM

Hi,

Open Notepad.
Copy this in the Notepad-file:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-491d64fb.zip"
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6f77976b.zip"
C:\WINDOWS\system32\Updater.exe
C:\WINDOWS\Temp\tmp224.tmp
C:\WINDOWS\Temp\tmp7.tmp
C:\WINDOWS\Temp\tmpD4.tmp
C:\WINDOWS\Temp\tmpEB.tmp) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7b662abf"
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5a2aa795") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: del.bat
File type: All files (*.*).
Now, click Save.
Doubleclick del.bat.
Post the contents of the logfile that opens in your next reply.

#6 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  

Posted 18 January 2009 - 05:06 PM

ok i did that and this is what i got

Deleting files
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-491d64fb.zip" deleted
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6f77976b.zip" deleted
C:\WINDOWS\system32\Updater.exe deleted
C:\WINDOWS\Temp\tmp224.tmp deleted
C:\WINDOWS\Temp\tmp7.tmp deleted
C:\WINDOWS\Temp\tmpD4.tmp deleted
C:\WINDOWS\Temp\tmpEB.tmp deleted

Deleting folders
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7b662abf" not deleted
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5a2aa795" not deleted

#7 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 January 2009 - 08:15 AM

Hi,

Please run del.bat again and post the results in your next reply. :thumbsup:

#8 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 19 January 2009 - 11:55 AM

Deleting files
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-491d64fb.zip" not found
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6f77976b.zip" not found
C:\WINDOWS\system32\Updater.exe not found
C:\WINDOWS\Temp\tmp224.tmp not found
C:\WINDOWS\Temp\tmp7.tmp not found
C:\WINDOWS\Temp\tmpD4.tmp not found
C:\WINDOWS\Temp\tmpEB.tmp not found

Deleting folders
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7b662abf" not deleted
"C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5a2aa795" not deleted

#9 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  

Posted 19 January 2009 - 12:04 PM

I just tried disk cleanup and it worked but it still will not let me do the disk defragment. I have not tried the system restore yet.

#10 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 19 January 2009 - 12:05 PM

Still doesn't let me do the system restore either

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 19 January 2009 - 12:06 PM

Hi,

Please DON'T USE system restore. You will get reinfected then!

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Tell me what your problems are after this. :thumbsup:

#12 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  

Posted 19 January 2009 - 05:35 PM

So after I do the ATF cleaner what I am suppose to try?

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 January 2009 - 01:33 AM

Do you still have problems? :thumbsup:

#14 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 20 January 2009 - 11:08 AM

still does not let me do the disk defragment and i have not tried the system restore

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 January 2009 - 11:16 AM

Hi,

Well you shouldn't use system restore. You can be reinfected then. :thumbsup:
Do this:

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users