Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple trojan infections [Moved]


  • Please log in to reply
13 replies to this topic

#1 kwyk

kwyk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 10 July 2009 - 09:50 AM

Hi. I'm on an alternate computer because I can't even get online with my troubled one.

It began with an"Anti virus system Pro" infection that weaseled its way past my active Avira software somehow. It was popping up continuously and redirecting my browser to viagra ads and other nice pharmaceutical supply options. I used malewarebytes to get rid of it. All was fine for a half day or so, but now I have other issues. I can't seem to get any browser to work.

Avira won't find a problem. Maleware bytes won't find a problem. Windows defender won't find a problem. Advanced System Care won't find it. But when I run Advanced System Care it shows names of things as it scans, and in a brief nanosecond I was able to write down Win32.BHO and Win32.Swizzer as two of several apparent trojans being scanned.

I'm using a Dell computer with XP installed. It's 3-4 years old. I can't get online so downloading things (like HJT) will be a trick. I had it on there already once but can't find it now. I'll have to do it via CD I guess.

Please Help. I'm kinda screwed right now. :thumbsup:

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:39 AM

Posted 10 July 2009 - 05:08 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 10 July 2009 - 08:11 PM

Hello and welcome.

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.
***
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.



Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 11 July 2009 - 08:44 AM

OK.
Sorry for mis - posting. I'll work on all this this morning.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 11 July 2009 - 09:16 AM

OK,not a biggie.. Post back when you can.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 11 July 2009 - 12:15 PM

boopme

Ok here's my malware report.. (i cant typpe well on this little lfunky laptop!) As i said in my initial posting, i had used malewarebytes and others , and gotten nowhere, aftger it found the first proxy trojan. This time it did find one however (whcih it id'd as simplly Trojan.Agent)). I can't tell if all are gone now, but i do know i still cant get any browser to connect to the internet. I know my router and wireless system is working becaused other compujters in the house are functioning fine. And all my tests of my beklin adaptor on the troubled computer come out fine. Ping test and all that jazz. So i still have an issue of some kind or another, and i suspect there is some bug hiding out somewhere.

What,s next? thanks in advance.


:thumbsup: Enable emoticons?
Enable signature?

Post Icons
(Optional)


Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 5.1.2600 Service Pack 3

7/11/2009 8:07:50 AM
mbam-log-2009-07-11 (08-07-50).txt

Scan type: Quick Scan
Objects scanned: 124209
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by kwyk, 11 July 2009 - 12:28 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 11 July 2009 - 06:52 PM

Hi can you d'load the Update for MBAM and do another scan?
Do you still not have the Internet.?

Enable emoticons?
Enable signature?
With these 2 checked you can use the mily face as you did and/or have a signature as I do. The writing at the bottom of my posts.

Post Icons
(Optional)
This adds a smiley to the Post title.


We need to run further tools...Rlse we will have to reformat.
Next run Dr.Web
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 11 July 2009 - 10:31 PM

Yikes! This is sounding serious!

I do NOT have internet. I thought I did download the manual update on malewarebytes?!

I'll have to do all of this via disc from my laptop or an alternate desktop,, so it'll take some time I have my sick computer turned off right now. It may be monday or late sunday before i can get to it

thanks again for the help.

#9 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 12 July 2009 - 08:23 AM

here is the dr web report. Still no internet, however. I will try again to update malewarebytes this afternoon. I have tried just running the update (whcih is what i did the first time) but that doesn't seem to take. I will attempt to locate and copy the file you mentioned in the Application Data later on today.




gtdownls_125.ocx;c:\windows\system32;Adware.Gdown;Incurable.Moved.;
Install_AIM.exe\data038;C:\Install_AIM.exe;Adware.Aws;;
Install_AIM.exe;C:\;Archive contains infected objects;Moved.;
freeripmp3.exe\data005;C:\Documents and Settings\Beth Wickham\Desktop\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe\data008;C:\Documents and Settings\Beth Wickham\Desktop\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe\data010;C:\Documents and Settings\Beth Wickham\Desktop\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe;C:\Documents and Settings\Beth Wickham\Desktop;Archive contains infected objects;Moved.;
A0000028.ocx;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Adware.Gdown;Incurable.Moved.;
A0000029.exe\data038;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000029.exe;Adware.Aws;;
A0000029.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Archive contains infected objects;Moved.;
A0000030.exe\data005;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000030.exe;Adware.MyWay;;
A0000030.exe\data008;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000030.exe;Adware.MyWay;;
A0000030.exe\data010;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000030.exe;Adware.MyWay;;
A0000030.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Archive contains infected objects;Moved.;

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 12 July 2009 - 12:42 PM

See if this fixes your Net issues .

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Edited by boopme, 12 July 2009 - 12:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 12 July 2009 - 06:26 PM

Boopme

Here is my latest Malwarebytes report. Unless I'm a total moron (you need not comment about that!) it appears to be perfectly wonderful. Although there is one warning, that appears to be some kind of system file that can't open? Plus I was able to download the latest malwarebyte update directly to my ailing computer after resetting my netsh winsock. Nice call there! Much easier than switching a bunch of CD's back and forth, or copying files from God knows where. And for good measure, I've included an Avira log, since I noticed on your profile you use that product. I think I'm good to go! And all I can say is:

Thanks so much. YOU'RE the MAN.

Is there anything else I need to do to clean this mess up? Hopefully I've learned a lesson. I think it all came from one of those fake Microsoft-looking warnings. If I had hesitated a second and realized there is no reason I'd be getting such a warning! But, NO!

I'm sure there is a place to make a donation. I'll look it up.


Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 3

7/12/2009 2:27:40 PM
mbam-log-2009-07-12 (14-27-40).txt

Scan type: Quick Scan
Objects scanned: 127262
Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________________________________________________________________________


Avira AntiVir Personal
Report file date: Sunday, July 12, 2009 14:29

Scanning for 1516702 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ****'sCOMPUTER

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/10/2009 14:44:23
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:29:38
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:49:18
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 7/12/2009 21:12:46
ANTIVIR3.VDF : 7.1.4.222 2048 Bytes 7/12/2009 21:12:46
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 22:33:10
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/2/2009 22:30:55
AESCN.DLL : 8.1.2.3 127347 Bytes 5/15/2009 23:20:36
AERDL.DLL : 8.1.2.2 438642 Bytes 7/2/2009 22:30:54
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 14:42:56
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 14:46:39
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 6/28/2009 22:31:53
AEHELP.DLL : 8.1.3.6 205174 Bytes 6/11/2009 14:43:44
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/2009 22:30:52
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/15/2008 18:49:36
AECORE.DLL : 8.1.6.12 180599 Bytes 5/28/2009 14:42:54
AEBB.DLL : 8.1.0.3 53618 Bytes 10/15/2008 18:49:34
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/10/2009 14:44:23
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: Sunday, July 12, 2009 14:29

Starting search for hidden objects.
'78975' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'tool_en.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'dlcccoms.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned
Scan process 'dlccmon.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'UNSECAPP.EXE' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: Sunday, July 12, 2009 16:02
Used time: 1:32:38 Hour(s)

The scan has been done completely.

11977 Scanned directories
387870 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
387869 Files not concerned
4678 Archives were scanned
1 Warnings
1 Notes
78975 Objects were scanned with rootkit scan
0 Hidden objects were found

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 12 July 2009 - 08:30 PM

Hi this sure does look good now,yes even AntiVir.,good AV choice.
Well here another tip .. If you come across another page like your infector buddy :thumbsup: .. Don't click on Close or the X.. Press ..CTRL+ALT+DEL ...(opens task Manager)
Then under the Applications tab(usually opens to that) Highlight that page. then select END TASK.. This will prevent you from executing the executable.

EDIT:

Although there is one warning, that appears to be some kind of system file that can't open?

Was this a "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message ??

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Edited by boopme, 12 July 2009 - 08:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 kwyk

kwyk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon, usa
  • Local time:10:39 PM

Posted 12 July 2009 - 11:08 PM

this is the "warning" I got, and this is all I ever saw of it in terms of an explanation:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.

Anything suspicious about that?

Thanks for the tip about deleting odd pages. I'll remember that. And thanks again for the guidance.

As for Avira, I think it is a good one too. I have the free version. Is there any real need to pay $$$ for an upgrade?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 AM

Posted 13 July 2009 - 09:20 AM

Hi, that warning is benign. It is just telling you that it canot scan that area. Like Sytem restore points AV's are not allowed in there.

I run Avira, MBAM and SAS with SpywareBlaster and my firewall. I have done well with all these free tools.. Remember to update at least weekly and before a scan. :thumbsup:
You can find SpywareBlaster here in our list.. Freeware Replacements

You're most welcome, please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:

Edited by boopme, 13 July 2009 - 09:21 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users