Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downlowder.WinsecTB


  • Please log in to reply
2 replies to this topic

#1 Silverboy280

Silverboy280

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 15 March 2009 - 12:02 PM

I found this in HKEY_Current_USERS\Software\Microsoft\Windows\CurrentVersion\Controls Folder:wmsrcid.

How do I get rid of it?

It popped up after I deleted A360, which was infected. It was a fake Anti-Virus that infects you instead of deleting virus's.

BC AdBot (Login to Remove)

 


#2 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 15 March 2009 - 12:18 PM

I'm using a Dell and windows XP.

This isn't my computer but I told heri'd help. But when I run a browser it blocks sites and tells me to run A360, which gave me the virus.

#3 Silverboy280

Silverboy280
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 15 March 2009 - 12:56 PM

Ok, I ran malware bytes and this is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1852
Windows 5.1.2600 Service Pack 2

3/15/2009 1:48:46 PM
mbam-log-2009-03-15 (13-48-46).txt

Scan type: Quick Scan
Objects scanned: 67565
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c032ad4fec1d3156fd21c938482db4f (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Start Menu\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

___________________
Spyware nuker still finds the virus though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users