Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan infecting machine


  • Please log in to reply
3 replies to this topic

#1 rcgabda

rcgabda

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 17 July 2009 - 03:06 AM

Hi, I am new to this community. From last 2 days I am unable to update my AVG free 8.5 AV on my Dell Latitude D520 as the infection Trojan Horse Spam Tool.BOI, TRojan Horse Sheur.AMSD, Trojan Horse Agent_r.MM and Trojan Horse Adload_r. FAQ has entered my Windows XP SP2 OS. These infections are shown by AVG each time I start my internet.

I would be obliged if the moderators can help me as I tried to download the combofix as well , but each time I run it , I get the message ,
" Alert", It is not safe to continue
The contents of Combofix package has been compromised.
Please download a fresh copy from bleepingcomputer.com
Note:- You may be infected with a file patching virus' Virut'.

I tried to install the combofix after writing it on a dvd from a clean computer , but I get the same message on my laptop, as above.

Mod Edit: Topic moved to the AII forum~ TMacK

Edited by TMacK, 17 July 2009 - 04:34 AM.


BC AdBot (Login to Remove)

 


m

#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:42 AM

Posted 17 July 2009 - 05:01 AM

Do not run Combofix on your own, it could lead to an inoperable computer. Combofix should only be run with expert supervision. There are other ways that are less destructive to try to take care of this. Running Combofix should be your last resort, not first, and again, only under expert supervision.

I would start out by doing a scan with Malwarebytes...

It can be downloaded from any of these places...

http://www.malwarebytes.org/mbam.php

alternate download link 1
http://malwarebytes.gt500.org/mbam-setup.exe

alternate download link 2
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double-click on mbam-setup.exe to install the application. (If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.)

When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process.

After running that scan, post the log of the full results here and then download, install, update and run a quick scan with SuperAntiSpyware and post the log of the full results here. This scan may take some time to complete so please be patient.

That can be downloaded from SuperAntiSpyware.com

If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.

If possible, both programs should be run in regular Windows, not safe mode. Allow both programs to remove whatever they find and if they tell you that you need to reboot your computer to complete the removal process, reboot into normal Windows.

Edited by Stang777, 17 July 2009 - 05:03 AM.


#3 rcgabda

rcgabda
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 17 July 2009 - 12:23 PM

Thanks for the reply. But Malwarebytes Anti- Malware failed to update itself. I scanned it anyway and found these viruses and removed as stated by MBAM. And I am unable to open the website of Super Anti Spyware. com , so not able to download it. As well as, now the system is getting into Diagnostic mode at start and I am unable to acess my Dell keyboard and message pops as " Keyboard line failure, try to re-seat the keyboard". I am typing this by using USB keyboard.

The log of MBAM is as followws:-


Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

6/16/2009 1:13:55 PM
mbam-log-2009-06-16 (13-13-55).txt

Scan type: Quick Scan
Objects scanned: 87656
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\vishal\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\vishal\application data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\vishal\application data\RegSweep\Log\2009 Feb 08 - 04_45_19 PM_234.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\vishal\application data\RegSweep\Log\2009 Feb 08 - 04_57_14 PM_265.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\vishal\application data\RegSweep\Log\2009 Feb 08 - 04_59_40 PM_218.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\vishal\application data\RegSweep\Log\2009 Feb 08 - 05_07_43 PM_062.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
c:\documents and settings\vishal\application data\RegSweep\Log\2009 Feb 08 - 05_51_37 PM_734.log (Rogue.RegSweep) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:42 PM

Posted 17 July 2009 - 01:55 PM

Hello you have an older version of MBAM..
Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users