Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Viruses and Internet disconnected


  • This topic is locked This topic is locked
53 replies to this topic

#1 yoori

yoori

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 31 July 2009 - 09:05 PM

After my computer got infected the viruses disconnected/blocked the internet completely even my internet cable box doesn't work. Its been 3 months since it's been infected I had no way of trying to get it fixed till now. I'm using my sisters computer. I had used Malwarebytes' Anti-Malware and SUPERAntiSpyware, it removed most of the viruses but there were some subborn ones I couldn't remove. My computer works fine it's just the internet is blocked.

These are the two subborn viruses I can't seem to remove

Trojan.Downloader-CREW
C:\windows\system32\ujoyvzji.dll

Adware.Vundo/Variant-MSFake
C:\windows\system32\dwrmmuq.dll


Thanks

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 01 August 2009 - 10:49 AM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Could you please update Malwarebytes by going to the Update Tab, and then run a Full Scan?
Computer Pro

#3 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 07 August 2009 - 07:03 PM

how can i update malwarebytes if i don't have access to the internet on my computer?

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 07 August 2009 - 07:30 PM

Please transfer this file from a clean computer to the infected via USB thumb drive or CD and then execute the file, as this will update the Malwarebytes program:

Please download and install the database from here.

Then run a Full Scan and post back the log
Computer Pro

#5 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 21 August 2009 - 05:02 AM

Sorry I wasn't able to comeback online till now, so the you gave link doesn't work. Could you possibly give the link again?

I did a full scan on the infected computer on the 8th of this month even though the program wasn't updated.
None of the following infections were deleted even though it said that it was. The computer still has the viruses in log and the other two I posted up earlier.


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/8/2009 12:14:33 AM
mbam-log-2009-08-08 (00-14-33).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 280514
Time elapsed: 2 hour(s), 25 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by yoori, 21 August 2009 - 05:04 AM.


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:49 AM

Posted 21 August 2009 - 05:05 AM

Here's the new link for the manual database update for MBAM

http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Chewy

No. Try not. Do... or do not. There is no try.

#7 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 21 August 2009 - 06:06 PM

Thank you
I'll post the log when I get a chance to comeback online again

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 21 August 2009 - 10:07 PM

Ok, I will be waiting on the log
Computer Pro

#9 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 08 November 2009 - 06:09 AM

I know it's been a while since I was last online, but I had no way of getting online till now. Sorry.
Here's the log I was suppose to have posted up


Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

8/24/2009 2:12:08 AM
mbam-log-2009-08-24 (02-12-08).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|)
Objects scanned: 283201
Time elapsed: 2 hour(s), 29 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\dyae.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\N41FST9V\wcypzaer[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\VH0IXNON\loaderadv563[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 08 November 2009 - 02:55 PM

Ok, since it has been awhile, please download the new version of Malwarebytes from here:

Malwarebytes

Install that, and then go to the "Update" tab and update the program.

Finally after it is updated, run a Quick Scan and post back the log.
Computer Pro

#11 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 08 November 2009 - 06:15 PM

Hi I installed the new version, but it wouldn't let me update... this would pop out

Posted Image

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 08 November 2009 - 06:19 PM

http://mbam.malwarebytes.org/database/mbam-rules.exe

Please use that link to manually update the def's. Then please run the Quick Scan and post back the log.
Computer Pro

#13 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 08 November 2009 - 08:58 PM

How come I can't update Malwarebytes?

Here's the log


Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 2

11/8/2009 3:43:21 PM
mbam-log-2009-11-08 (15-43-21).txt

Scan type: Quick Scan
Objects scanned: 142316
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\shpsv (Adware.Rewardnet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\3367958559.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\3160614809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\181611020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\2997487612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3001394762.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3060314584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\3824709410.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\temp\4206984966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#14 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 08 November 2009 - 09:00 PM

The viruses are blocking it from updating. Since it's been awhile, can you please restate all of the symptoms that you are having (any new, any still the same, any gone, etc.)
Computer Pro

#15 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:06:49 PM

Posted 09 November 2009 - 03:08 AM

Some of the viruses is still there... I think the viruses that won't go away are the ones blocking me from connecting to the internet on my computer, it would say, "Proxy Server Refused Connection".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users