Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another infection


  • Please log in to reply
6 replies to this topic

#1 acera

acera

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 25 March 2009 - 09:37 PM

Hi lately my computer has been attack by viruses which are hiding behind the proccesses of explorer.exe and AVG cant delete it.. I'll just freeze up when i try to remove the infected files.. Now My computer Services are stopped and only a few services are runnning.. The virus is stopping these programs to work

this is the last scans with mbam.

alwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 6.0.6001 Service Pack 1

26/3/2009 10:16:52 AM
mbam-log-2009-03-26 (10-16-52).txt

Scan type: Quick Scan
Objects scanned: 73524
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\A (Trojan.Agent) -> Delete on reboot.


and the one before

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 6.0.6001 Service Pack 1

26/3/2009 6:46:02 AM
mbam-log-2009-03-26 (06-46-02).txt

Scan type: Quick Scan
Objects scanned: 70503
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Super anti spyware scans

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2009 at 06:59 AM

Application Version : 4.25.1014

Core Rules Database Version : 3795
Trace Rules Database Version: 1751

Scan type : Quick Scan
Total Scan Time : 00:12:37

Memory items scanned : 275
Memory threats detected : 0
Registry items scanned : 568
Registry threats detected : 1
File items scanned : 18035
File threats detected : 11

Trojan.Agent/Gen-FDUPX
[12436] C:\LBCRJHSA.EXE
C:\LBCRJHSA.EXE
C:\Windows\Prefetch\LBCRJHSA.EXE-D23B1B8C.pf

Adware.Tracking Cookie
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@kontera[2].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@atdmt[2].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@doubleclick[1].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@msnaccountservices.112.2o7[1].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@ads.techguy[1].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@revsci[2].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@mediaplex[1].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@statcounter[1].txt
C:\Users\SPUser\AppData\Roaming\Microsoft\Windows\Cookies\spuser@tribalfusion[2].txt

Thanks.

BC AdBot (Login to Remove)

 


#2 acera

acera
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 25 March 2009 - 10:03 PM

Hi i've found the files and deleted it. They were in my C:// folder. But now, I have 1 last problem, Services that were meant to be started on Startup are not working. I have to manually Start them up one by one.

i've scan again with mbam and super anti spyware, Both said that it was virus free now but My services are still blocked !!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:20 PM

Posted 25 March 2009 - 10:14 PM

Hi please run one more MBAM scan


Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 acera

acera
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 25 March 2009 - 10:32 PM

Crap their in my temp internet files.. AVG spotted them there. Currently running MBAM scans and AVG scans

#5 acera

acera
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 25 March 2009 - 10:34 PM

Ok here's the latest MBAM scan log

Malwarebytes' Anti-Malware 1.34
Database version: 1899
Windows 6.0.6001 Service Pack 1

26/3/2009 11:33:56 AM
mbam-log-2009-03-26 (11-33-56).txt

Scan type: Quick Scan
Objects scanned: 63451
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:20 PM

Posted 25 March 2009 - 10:42 PM

Please clean the temp and other files.. Looks like you got it now. PC running well now?
run ATF:

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 acera

acera
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 25 March 2009 - 10:49 PM

Services are running still.. Etc msn, ATI, AVG they arent starting up on startup.


now my firefox looks weird.. idk why

Edited by acera, 25 March 2009 - 10:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users