Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't eliminate virus


  • Please log in to reply
3 replies to this topic

#1 llopez01

llopez01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 22 June 2009 - 11:21 PM

Read through several blogs and followed instructions to remove trojan but it keeps coming back. I had to rename Mbam to something else to get it to run. My McAfee won't run the scan even after the "cleaning". I run mbam in both safe mode with netrworking and normal start up. I ran disk cleanup right after and each time the virus comes back. Spybot won't run correctly and neither will SUPERAntiSpyware Free Edition. What do I need to do to get this to stick?

Malwarebytes' Anti-Malware 1.38
Database version: 2320
Windows 5.1.2600 Service Pack 3

6/22/2009 10:57:01 PM
mbam-log-2009-06-22 (22-56-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 173691
Time elapsed: 15 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.

BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 25 June 2009 - 12:42 AM

Hi llopez01,

In your MalwareBytes report, it says No action taken. This normally means you didn't take the extra step at the end to fix the infection. Please run the scan once more, and be sure you have MalwareBytes fix anything it finds. Then I would like for you to do the following two things:

Step 1: ATF Cleaner


If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, please skip this step and continue with step 2.


Please download ATF Cleaner by Atribune & save it to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



Step 1: RootRepeal



Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.


Also, if MalwareBytes shows that it quarantined or deleted any files, (or wasn't able to), please post that log as well.


Step 3: When you post again, you should have logs or reports for the following:MalwareBytes
RootRepeal
Let me know how this went?
Zllio


#3 llopez01

llopez01
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 26 June 2009 - 11:19 AM

I worked on this last night and was finally able to wipe out the bug but I had to be in Safe Mode. I ran McAfee, Malwarebytes and SPybot and they all found no signs of the trojan. I really appreciate all the help. Thanks!!

#4 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 26 June 2009 - 04:17 PM

Hi llopez,

Glad things are going better. Just for my information, did you use the RootRepeal scan as well?

I'm not sure which protection software you have on your computer, but it is a good idea to use the Immunize feature in Spybot. After Spybot's updated, click on the Spybot Immunize button on the left side of the program after you open it. It has a blue and white shield.

I also recommend downloading and installing SpywareBlaster and then running it. This puts a database in the background of your computer which protects you from malicious internet interactions. It's very light on resources and a great tool. There's a tutorial on that here: Using SpywareBlaster to protect your computer from Spyware and Malware

Zllio




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users