Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009 has severely crippled my computer


  • Please log in to reply
9 replies to this topic

#1 Even Staves

Even Staves

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 04 February 2009 - 10:43 PM

I used to run Norton Antivirus on my box, but when I started living on my own, I started using Avast because a friend got it for me for free roughly 2-3 years ago. When I left that job, I wasn't able to use Avast anymore, and (foolishly, I now know) just ran the box without antivirus protection.

So late last year I started getting the pop-ups trying to get me to download Antivirus 2008. I had a feeling it was bogus, especially when they would re-open after closing them ("I mean come on, that's got be spam or something" was my mentality at the time). Didn't think much of it at the time, until we started getting affected by the re-routing thing; how (at least as Wikipedia defines it) Antivirus 2009 will re-route your search engine results, or block access to sites. My gf tried to download a new version of Norton (which I questioned the logic in, trying to download antivirus software on an infected computer, but anyways), and what I can only presume is the virus would prevent us from downloading the purchased software.

I downloaded a free version of the Avira Antivirus software in December 2008 and it did okay detecting/deleting lots and lots of Trojans on the machine, at least for a while. Any scans done more recently show nothing, either implying that the trojans have stopped or Avira isn't detecting them anymore.

I had a Norton/Symantec agent on the phone who remotely assumed mouse control of my computer and almost immediately informed me that I had a virus and he would refer me to a virus removal technician who would charge me $99.99 to remove the virus. *click*

Then this started happening: when the computer would boot, it would show the Windows XP loading bar, but then flash a bluescreen with code on it for a split second, then reboot. This would happen over and over, constantly rebooting and never actually completing the boot. A friend told me about hitting F8 during the boot and choosing Safe Mode manually, which finally allowed us to bypass this rebooting thing and some modicum of access.

It was then that I heard through the Wikipedia page on MS Antivirus (as well as Googling how to remove Antivirus 2009) about Malwarebytes, which supposedly can detect & get rid of AV 2009. Tried to download that, but got re-routed (of course) trying to access the Malwarebytes site. I was, however, able to get to download.com, where I was able to download the mbam_setup.exe, and eventually run the installation, which got the program's icons on the Desktop, Start Menu & QuickLaunch. The program, for all intents and purposes, is installed (it's listed in Add/Remove Programs), but when I double click the desktop icon (or trying to choose any of the other mentioned access methods), simply nothing happens. Malwarebytes does not run, and that is where I am stuck right now.

Probably the most recent thing I've done with regards to solving this is, I watched some YouTube videos on removing Antivirus 2009 (the ones I watched all implied that I needed to run Malwarebytes), but the only thing I've accomplished with that is turning System Restore off. I can't turn it back on now, either, because apparently you can't do that in Safe Mode (which if you'll recall two paragraphs up is the only way I can access my computer now).

What I would like to do is, if I can figure out how get Malwarebytes to run, I can theoretically "remove" AV 2009, and, if it doesn't re-route my searches & prohibit visiting sites, I'm going to complete that Norton download, and run that & Malwarebytes simultaneously from here on out.

I'm stuck having to write this on my parents' computer, and I do searches for cures on my computer at work, because my infected computer will not access bleepingcomputer.com. Can anyone recommend what to do that would help?

Thanks in advance, because I'm running out of options, and if it gets to be too much longer, I might fork over the hundred to the Norton guy.

Even Staves

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:01 AM

Posted 05 February 2009 - 12:35 AM

http://www.bleepingcomputer.com/forums/ind...t&p=1115897

Use sub's flash disinfector to immunize a usb thumb drive and the clean computer

http://www.bleepingcomputer.com/forums/ind...p;#entry1120792

Use the clean computer to download ATFCleaner and MBAM to the thumb drive, be sure and include the manual updates

Transfer to the infected computer and capture a MBAM log for us to analyze
Chewy

No. Try not. Do... or do not. There is no try.

#3 Even Staves

Even Staves
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 February 2009 - 02:00 AM

I followed those steps, installed ATFCleaner & Malwarebytes on the flash drive and brought them home to the infected comp. I tried to run Malwarebytes from the drive, but it didn't run right away. I tried re-naming the .exe file, I heard from someone today it might be preventing the file by recognizing its filename, but also after minimizing some stuff I saw the popup that mentioned I would have reboot with the drive in for something to work, so I rebooted. Whichever of those two it was, for some reason upon the reboot Malwarebytes was able to run!

Here is the log saved from the QuickScan:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/6/2009 1:13:31 AM
mbam-log-2009-02-06 (01-13-24).txt

Scan type: Quick Scan
Objects scanned: 48666
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5035e84e-d6f4-4d56-8a59-0782e517b1ce} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5035e84e-d6f4-4d56-8a59-0782e517b1ce} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Dropper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> No action taken.
C:\Program Files\Mjcore (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> No action taken.
C:\Documents and Settings\Steve\Application Data\gadcom (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Steve\Application Data\speedrunner (Adware.SurfAccuracy) -> No action taken.

Files Infected:
C:\WINDOWS\system32\jzinyn.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\guzuyavu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jelukahu.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Log\2009 Jan 06 - 08_44_21 PM_531.log (Rogue.Spyware.Remover) -> No action taken.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> No action taken.
C:\WINDOWS\system32\niwaluyu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job (Rogue.Spyware.Remover) -> No action taken.

#4 Even Staves

Even Staves
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 February 2009 - 02:01 AM

Also, here's the log from a few minutes later, post-quarantining & removal:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/6/2009 1:13:58 AM
mbam-log-2009-02-06 (01-13-58).txt

Scan type: Quick Scan
Objects scanned: 48666
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5035e84e-d6f4-4d56-8a59-0782e517b1ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5035e84e-d6f4-4d56-8a59-0782e517b1ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\jzinyn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guzuyavu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jelukahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Log\2009 Jan 06 - 08_44_21 PM_531.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwaluyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

#5 Even Staves

Even Staves
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 February 2009 - 02:05 AM

Upon completing these scans, the computer is still doing that rebooting-cycle thing, so I still have to boot in safe mode to access the machine, but it DID seem to get rid of the re-routing; I'm typing on my home computer as we speak, and I couldn't access this site before.

I completed the Norton download my gf initiated over a month or two ago now, and just got Norton installed & running. Did another Malwarebytes scan afterwards, and it picked up two more:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/6/2009 1:54:00 AM
mbam-log-2009-02-06 (01-53-55).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 113264
Time elapsed: 20 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


What do you all make of this? And, how can I stop this self-rebooting cycle and boot in Normal Mode again?

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:01 AM

Posted 06 February 2009 - 07:54 AM

http://malwarebytes.gt500.org/mbam-rules.exe

be sure and include the manual updates


your rule definition is way out of date

update and run MBAM again
Chewy

No. Try not. Do... or do not. There is no try.

#7 Even Staves

Even Staves
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 February 2009 - 11:22 AM

It was trying to prevent me from accessing this site again, but a full Malwarebytes scan seems to pick up whatever's causing the re-routing and, at the moment, I'm able to access this site again.

Here's the saved log after updating to 1735:

Malwarebytes' Anti-Malware 1.33
Database version: 1735
Windows 5.1.2600 Service Pack 3

2/6/2009 11:20:25 AM
mbam-log-2009-02-06 (11-20-25).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 114732
Time elapsed: 20 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Even with this, the self-rebooting cycle thing keeps happening. Do you think the part where this virus/malware affects the registry has anything to do with it?

#8 Even Staves

Even Staves
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 February 2009 - 11:23 AM

As in, I still have to boot in Safe Mode, or else the machine reboots endlessly during Win XP's loading sequence during the boot.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:01 AM

Posted 06 February 2009 - 03:50 PM

the tdss is a real nasty, let me refer this thread to someone that can reccomend something I cannot
Chewy

No. Try not. Do... or do not. There is no try.

#10 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:01 AM

Posted 06 February 2009 - 04:02 PM

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users