Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus 2009, and malwarebytes not removing it.


  • This topic is locked This topic is locked
2 replies to this topic

#1 eric.huntley

eric.huntley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 06 February 2009 - 11:52 AM

I managed to get infected with Antivirus 2009 recently. I followed the instructions and downloaded and used Malwarebytes. After completing the process three times I don't get nearly as many of the "You have a security problem! Do you want to scan your computer for viruses?" pop-ups, but they do still appear. There is atleast one other pop-up that appears occasionally, it's very similar to the other one but uses different wording. unfortunately It won't show up for me now that I want to quote it.

Any help would be greatly appreciated.

Thanks in advance,

Eric.

P.S. I read and followed the preparation guide, I'm terribly sorry if I overlooked or forgot to include something.


Here are the other pop-up messages:(added 10:26PST)

"ATTENTION! If your computer is infected, you could suffer data loss, erratic PC behaviour, PC freezes and creahes.Detect and remove viruses before they damage your computer! XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware. Do you want to install XP antivirus to scan your computer for malware now? (Recommended)"

And,

"Warning!!!Your computer contains various signs of viruses and malware programs presence.Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs."

This is starting to look like I may have atleast 3 different "anti-virus" scam issues going on. :thumbup2: :) :step4:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Eric at 8:30:49.43 on Fri 02/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1226 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\WINDOWS\system32\WLTRAY.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.qrz.com/
uSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [LPManager] c:\progra~1\lenovo\lenovo~1\LPMGR.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207986008640
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\yl00m4eg.default\
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-5-15 3026]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-25 201320]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [2008-5-15 3584]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-25 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-4-25 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-25 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-25 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-25 33832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2008-6-25 1694592]

=============== Created Last 30 ================

2009-02-06 07:08 <DIR> --d----- c:\docume~1\eric\applic~1\Malwarebytes
2009-02-06 07:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 07:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 07:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 07:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-06 01:44 1,152 a------- c:\windows\system32\windrv.sys
2009-02-06 01:43 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-02 16:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-31 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-01-31 23:52 36,864 a------- c:\windows\system32\ascbalon.dll
2009-01-31 23:52 208,896 a------- c:\windows\system32\ConTest.dll
2009-01-31 23:52 45,056 a------- c:\windows\system32\CreateLog.dll
2009-01-31 23:52 20,480 a------- c:\windows\system32\SysRestore.dll
2009-01-30 08:35 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-30 08:35 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-30 07:35 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-30 07:35 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-30 07:35 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-30 07:35 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-30 07:35 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-30 07:35 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-30 07:35 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-30 07:33 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-30 07:33 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2009-02-06 01:27 46,080 a------- c:\windows\system32\userinit.exe
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-13 02:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 8:32:01.26 ===============

Attached Files


Edited by eric.huntley, 06 February 2009 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:26 PM

Posted 13 February 2009 - 06:59 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:26 PM

Posted 20 February 2009 - 03:43 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users