Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Houston I Think We Have A problem !!


  • Please log in to reply
9 replies to this topic

#1 nastytang

nastytang

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 May 2009 - 12:41 PM

I need some help with this here a pic.

Posted Image

I have sypbot.ad-aware,Paretologic,Malwarebytes and
Outpost security suite pro 2009

Thanks

Nasty

BC AdBot (Login to Remove)

 


#2 MrBoo

MrBoo

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 10 May 2009 - 01:28 PM

that infection can be really hard to remove sometimes, but if you do it right it can be easy.
When you press remove selected, it should be able to remove them all but msb.dll and nsrbqxod.bak, and they will download all the other infections whenever you reboot, so the trick is to remove those two files before you reboot.
Download a file deleter (i used Unlocker) and once only those two files are left, use a file deleter to delete nsrbqxod.bak and then delete msb.dll (they are both in windows temp folder). Make sure they are both deleted by running another MBAM scan after you manually delete them, and then reboot your computer and it shouldnt be able to reproduce itself anymore.

#3 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 10 May 2009 - 08:56 PM

Would you please post the log from that run of MBAM?
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please include the following in your reply:
MBAM log

#4 nastytang

nastytang
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 May 2009 - 11:42 PM

Here the log to that scan
Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 5.1.2600 Service Pack 2

5/10/2009 12:12:28 PM
mbam-log-2009-05-10 (12-12-28).txt

Scan type: Quick Scan
Objects scanned: 86352
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
D:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
D:\Documents and Settings\NASTYTANG\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
D:\Documents and Settings\NASTYTANG\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
D:\Documents and Settings\NASTYTANG\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Thanks

Nasty

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 11 May 2009 - 10:14 AM

Now rescan again with Malwarebytes Anti-Malware but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Your database shows 2104. Last I checked it was 2108.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 nastytang

nastytang
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 12 May 2009 - 04:50 AM

I may have a DEEPER PROBLEM then just Bugs!!,..... I can`t Finnish a full scan nor can I play Video`s or Edit Graphics :thumbsup: ,.......It acts to me as if you went in and Kill the Process thread!!!
the program just goes away!!
IE also does the same thing too!!



Thanks

Nasty

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 12 May 2009 - 08:52 AM

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 nastytang

nastytang
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 12 May 2009 - 07:05 PM

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.
If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply.


Attemping IT now,.... HEHE no kidding it will take away I have a BIG hard drive LOL

thanks for the help

Nasty

EDIT !! WOW STILL SCANING :thumbsup:

Edited by nastytang, 13 May 2009 - 05:43 PM.


#9 nastytang

nastytang
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 07 June 2009 - 10:00 PM

sorry every one this PC down for now not sure when it will be back up unrelated hardware issues!!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:44 PM

Posted 07 June 2009 - 10:12 PM

OK we ill leave this topic open,if you need to use it again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users