Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Severely infected - System Security 4.52?


  • Please log in to reply
No replies to this topic

#1 Maggie EMT

Maggie EMT

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 15 July 2009 - 10:56 AM

So my computer has been very slow lately, then all of a sudden something called system security 4.52 showed up and i can't open any programs (especially antivirus and malware ones). I cannot restart in safe-mode, when i try it just restarts over and over again until i chose normal setting. After trying to get rid of it, i was able to run malwarebytes and the following log came up:

Malwarebytes' Anti-Malware 1.38
Database version: 2384
Windows 5.1.2600 Service Pack 3

7/15/2009 9:19:48 AM
mbam-log-2009-07-15 (09-19-48).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 221270
Time elapsed: 43 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12231254 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12231254 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
c:\documents and settings\all users\application data\12231254\12231254 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\12231254\12231254.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\msb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nakrutchik.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\windows\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\windows\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\documents and settings\Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

When I reboot the pc, I get a pop-up that says
"Windows cannot find'C:\WINDOWS\system32\msbdjpy.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search."

There is only Ok button to click on and if i click that box the computer doesn't work. if i don't click it i can access everything on the computer. So what do i do? I keep cleaning out the pc at least once a week for the past month with different viruses or spyware. There must be something there that i dont see.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users