Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced Virus Removal


  • Please log in to reply
3 replies to this topic

#1 yoober

yoober

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 15 August 2009 - 01:17 AM

I've been reading along with the other AVR infection (here:http://www.bleepingcomputer.com/forums/topic248011.html)

I know that I have 'Advanced Virus Removal' because it's fake removal box popped up, but a lot of other things happened at the sametime and I am unsure if they are part of a separate attack. Here are somethings I realized were wrong.

-Windows firewall turned off. I can't turn it back on.
-My wallpaper changed without my permission. (warning me that I am infected)
-When I attempt to open my task manager a box opens saying it is unavailable.
-There are no system restore dates available.


OS: XP SP3
Security Software: McAfee
(and when I went to McAfee to do a scan after my computer was infected, I noticed while reading the logs that it had been disabled by AVR)

I cannot install Malware Bytes because AVR has disabled my wireless adapter as well.

Here is the log from my RootRepeal scan:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/14 23:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0x90FFB000 Size: 52608 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9A01B000 Size: 851968 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x971FC000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\hh.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\regedit.exe
Status: Allocation size mismatch (API: 167936, Raw: 147456)

Path: c:\windows\taskman.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\twunk_32.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\winhlp32.exe
Status: Allocation size mismatch (API: 307200, Raw: 286720)

Path: c:\windows\notepad.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\program files\outlook express\msimn.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\outlook express\oemig50.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\outlook express\setup50.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\program files\outlook express\wab.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\outlook express\wabmig.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\program files\movie maker\moviemk.exe
Status: Allocation size mismatch (API: 3579904, Raw: 3559424)

Path: c:\program files\windows media player\migrate.exe
Status: Allocation size mismatch (API: 806912, Raw: 786432)

Path: c:\program files\windows media player\mplayer2.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\windows media player\setup_wm.exe
Status: Allocation size mismatch (API: 794624, Raw: 774144)

Path: c:\program files\windows media player\wmplayer.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\program files\windows nt\dialer.exe
Status: Allocation size mismatch (API: 561152, Raw: 540672)

Path: c:\program files\internet explorer\iedw.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\netmeeting\cb32.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\program files\netmeeting\conf.exe
Status: Allocation size mismatch (API: 1052672, Raw: 1032192)

Path: c:\program files\netmeeting\wb32.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\inf\unregmp2.exe
Status: Allocation size mismatch (API: 229376, Raw: 208896)

Path: c:\windows\system32\esentutl.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\system32\eudcedit.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\windows\system32\eventcreate.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\magnify.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\system32\makecab.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\bootvrfy.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\chkntfs.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\diantz.exe
Status: Allocation size mismatch (API: 110592, Raw: 90112)

Path: c:\windows\system32\rasautou.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\rasdial.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\rasphone.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\bcmwlu00.exe
Status: Allocation size mismatch (API: 331776, Raw: 311296)

Path: c:\windows\system32\blastcln.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\system32\bootcfg.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\windows\system32\bootok.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\accwiz.exe
Status: Allocation size mismatch (API: 204800, Raw: 184320)

Path: c:\windows\system32\actmovie.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\ahui.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\windows\system32\arp.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\asr_fmt.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\asr_ldm.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\asr_pfu.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\at.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\atmadm.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\attrib.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\auditusr.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\cacls.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\calc.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\windows\system32\charmap.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\system32\chkdsk.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\cidaemon.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\cipher.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\cisvc.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\ckcnv.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\cleanmgr.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\cliconfg.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\clipbrd.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\system32\clipsrv.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\cmdl32.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\cmmon32.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\system32\cmstp.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\comp.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\compact.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\conime.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\control.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\convert.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\cscript.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\windows\system32\ctaudpth.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\dcomcnfg.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\ddeshare.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\defrag.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\dfrgfat.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\windows\system32\dfrgntfs.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\system32\diskpart.exe
Status: Allocation size mismatch (API: 184320, Raw: 163840)

Path: c:\windows\system32\diskperf.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\dllhost.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\dllhst3g.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\dmadmin.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\windows\system32\dmremote.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\doskey.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\dplaysvr.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\dpnsvr.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\dpvsetup.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\windows\system32\driverquery.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\drwtsn32.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\dumprep.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\dvdplay.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\dvdupgrd.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\dwwin.exe
Status: Allocation size mismatch (API: 200704, Raw: 180224)

Path: c:\windows\system32\dxdiag.exe
Status: Allocation size mismatch (API: 1318912, Raw: 1298432)

Path: c:\windows\system32\eventtriggers.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\windows\system32\eventvwr.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\expand.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\extrac32.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\fc.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\find.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\findstr.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\finger.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\fixmapi.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\fltmc.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\fontview.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\forcedos.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\freecell.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\fsutil.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\ftp.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\windows\system32\fxsclnt.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\windows\system32\fxscover.exe
Status: Allocation size mismatch (API: 249856, Raw: 229376)

Path: c:\windows\system32\fxssend.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\fxssvc.exe
Status: Allocation size mismatch (API: 290816, Raw: 270336)

Path: c:\windows\system32\getmac.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\system32\gpresult.exe
Status: Allocation size mismatch (API: 143360, Raw: 122880)

Path: c:\windows\system32\gpupdate.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\grpconv.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\system32\help.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\hostname.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\ie4uinit.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\iexpress.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\windows\system32\drmupgds.exe
Status: Allocation size mismatch (API: 270336, Raw: 249856)

Path: c:\windows\system32\fsquirt.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\windows\system32\imapi.exe
Status: Allocation size mismatch (API: 172032, Raw: 151552)

Path: c:\windows\system32\ipconfig.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\ipsec6.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\windows\system32\ipv6.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\ipxroute.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\label.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\lights.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\lnkstub.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\locator.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\lodctr.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\logagent.exe
Status: Allocation size mismatch (API: 122880, Raw: 102400)

Path: c:\windows\system32\logman.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\system32\logoff.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\logon.scr
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\windows\system32\logonui.exe
Status: Allocation size mismatch (API: 536576, Raw: 516096)

Path: C:\WINDOWS\system32\lowsec
Status: Invisible to the Windows API!

Path: c:\windows\system32\lpq.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\lpr.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\nddeapir.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\net.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\windows\system32\net1.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\windows\system32\netdde.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\windows\system32\migpwd.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\mmc.exe
Status: Allocation size mismatch (API: 1437696, Raw: 1417216)

Path: c:\windows\system32\mmcperf.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\mnmsrvc.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\mobsync.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\windows\system32\mountvol.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\mplay32.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\windows\system32\mpnotify.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\mqbkup.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\mqsvc.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\mqtgsvc.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\windows\system32\mrinfo.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\msdtc.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\msg.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\mshearts.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\windows\system32\mshta.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\msiexec.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\system32\mspaint.exe
Status: Allocation size mismatch (API: 364544, Raw: 344064)

Path: c:\windows\system32\msswchx.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\mstinit.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\mstsc.exe
Status: Allocation size mismatch (API: 700416, Raw: 679936)

Path: c:\windows\system32\napstat.exe
Status: Allocation size mismatch (API: 200704, Raw: 180224)

Path: c:\windows\system32\narrator.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\nbtstat.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\netsetup.exe
Status: Allocation size mismatch (API: 352256, Raw: 331776)

Path: c:\windows\system32\netsh.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\windows\system32\netstat.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\notepad.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\windows\system32\nslookup.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\ntbackup.exe
Status: Allocation size mismatch (API: 1224704, Raw: 1204224)

Path: c:\windows\system32\ntsd.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\ntvdm.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\windows\system32\nwscript.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\windows\system32\odbcad32.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\odbcconf.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\windows\system32\openfiles.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\windows\system32\osuninst.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\system32\packager.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\system32\pathping.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\pentnt.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\perfmon.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\ping.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\ping6.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\powercfg.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\print.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\progman.exe
Status: Allocation size mismatch (API: 131072, Raw: 110592)

Path: c:\windows\system32\proquota.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\proxycfg.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\taskkill.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\tasklist.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\taskman.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\taskmgr.exe
Status: Allocation size mismatch (API: 159744, Raw: 139264)

Path: c:\windows\system32\tcmsetup.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\tcpsvcs.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\telnet.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\rcimlby.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\rcp.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\rdpclip.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\rdshost.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\windows\system32\recover.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\reg.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\regedt32.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\regwiz.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\relog.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\replace.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\reset.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\rexec.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\osk.exe
Status: Allocation size mismatch (API: 237568, Raw: 217088)

Path: c:\windows\system32\regini.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\route.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\routemon.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\rsh.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\rsm.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\rsmsink.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\rsmui.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\rsnotify.exe
Status: Allocation size mismatch (API: 131072, Raw: 110592)

Path: c:\windows\system32\rsopprov.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\rsvp.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\windows\system32\rtcshare.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\runas.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\runonce.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\rwinsta.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\savedump.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\sc.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\scardsvr.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\windows\system32\schtasks.exe
Status: Allocation size mismatch (API: 143360, Raw: 122880)

Path: c:\windows\system32\scrnsave.scr
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\sdbinst.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: C:\WINDOWS\system32\sdra64.exe
Status: Invisible to the Windows API!

Path: c:\windows\system32\secedit.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\sessmgr.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\windows\system32\sethc.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\setup.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\setupn.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\sfc.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\shadow.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\shmgrate.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\windows\system32\shrpubw.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\system32\shutdown.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\sigverif.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\system32\skeys.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\smbinst.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\smlogsvc.exe
Status: Allocation size mismatch (API: 110592, Raw: 90112)

Path: c:\windows\system32\sndrec32.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\windows\system32\sol.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\system32\sort.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\spider.exe
Status: Allocation size mismatch (API: 561152, Raw: 540672)

Path: c:\windows\system32\spiisupd.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\spnpinst.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\spoolsv.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\system32\ss3dfo.scr
Status: Allocation size mismatch (API: 724992, Raw: 704512)

Path: c:\windows\system32\ssbezier.scr
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\ssflwbox.scr
Status: Allocation size mismatch (API: 413696, Raw: 393216)

Path: c:\windows\system32\ssmarque.scr
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\system32\ssmyst.scr
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\sspipes.scr
Status: Allocation size mismatch (API: 630784, Raw: 610304)

Path: c:\windows\system32\ssstars.scr
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\sstext3d.scr
Status: Allocation size mismatch (API: 700416, Raw: 679936)

Path: c:\windows\system32\stimon.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\subst.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\syncapp.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\syskey.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\sysocmgr.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\system32\systeminfo.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\system32\systray.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\tftp.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\tlntadmn.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\system32\tlntsess.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\system32\tlntsvr.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\system32\tourstart.exe
Status: Allocation size mismatch (API: 368640, Raw: 348160)

Path: c:\windows\system32\tracerpt.exe
Status: Allocation size mismatch (API: 282624, Raw: 262144)

Path: c:\windows\system32\tracert.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\tracert6.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\system32\tscon.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\tsdiscon.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\tskill.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\tsshutdn.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\tzchange.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\system32\unlodctr.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\system32\upnpcont.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\system32\userinit.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\system32\usrprbda.exe
Status: Allocation size mismatch (API: 81920, Raw: 65536)

Path: c:\windows\system32\usrshuta.exe
Status: Allocation size mismatch (API: 90112, Raw: 73728)

Path: c:\windows\system32\utilman.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\uwdf.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\vcredist_x86.exe
Status: Allocation size mismatch (API: 2703360, Raw: 2682880)

Path: c:\windows\system32\verifier.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\windows\system32\vssadmin.exe
Status: Allocation size mismatch (API: SSDT
-------------------
#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0x910013ad

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0x90fff485

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0x90fff545

Stealth Objects
-------------------
Object: Hidden Module [Name: PresentationCore.dll]
Process: PresentationFontCache.exe (PID: 4980) Address: 0x03320000 Size: 4206592

Object: Hidden Module [Name: WindowsBase.dll]
Process: PresentationFontCache.exe (PID: 4980) Address: 0x03930000 Size: 1257472

Object: Hidden Handle [Index: 508, Type: Thread]
Process: VRT1F27.tmp (PID: 2324) Address: 0x8801fda8 Size: -

Object: Hidden Handle [Index: 512, Type: Section]
Process: VRT1F27.tmp (PID: 2324) Address: 0xe1b7a2f0 Size: -

Hidden Services
-------------------
Service Name: 568f90bd
Image Path: C:\WINDOWS\System32\drivers\568f90bd.sys

==EOF==






Please help!!

BC AdBot (Login to Remove)

 


#2 yoober

yoober
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 15 August 2009 - 01:42 AM

I got MBAM to work but I was unable to update it, here is the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/14/2009 11:35:00 PM
mbam-log-2009-08-14 (23-35-00).txt

Scan type: Quick Scan
Objects scanned: 103887
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 10
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Vinay\Local Settings\Temp\1F1F.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyware Service (Trojan.Dropper) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vinay\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\Vinay\Local Settings\Temp\1F1F.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xyqed.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3523165165-3938159767-2160041231-1005\Dc273\Windows Antivirus Pro.exe (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT1F3B.tmp (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vinay\Local Settings\Temporary Internet Files\Content.IE5\QNWT6PGV\bbsuper3[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vinay\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Vinay\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vinay\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vinay\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Vinay\Local Settings\Temp\hn3h8.exe (Trojan.Dropper) -> Delete on reboot.


I deleted all the files that were checked following the scan so AVR is gone, however on reboot I get the following message:

GoogleUpdate.exe - Bad Image

"The application or DLL C:\WINDOWS\system32\winhelper.dll is not a valid Windows image. Please check this against your installation diskette.

When I click "OK" the message pops up again except this time for AdobeUpdate.exe...when I click "OK" again, GoogleUpdate.exe's message reappears...

Now both those programs' updaters aren't working and Adobe Updater fails on system boot.

I"m also not sure if the files that were to be deleted on reboot were actually deleted- the computer would not restart (after I waited 5-6 minutes) so I was forced to hard reset by removing the battery. To make sure they were deleted, I tried to run MBAM again, but I got the following message:

"Run-time error '0'"
and
"Run-time error '440'
Automation error"

Although my wireless connection is now working, I still cannot use the internet; when I open Firefox I get the following message:

jqsnotify.exe - Bad image

"The application or DLL C:\WINDOWS\system32\winhelper.dll is not a valid Windows image. Please check this against your installation diskette."

Firefox then opens, but it will not load any pages...I don't even get the "Page not available" page.

Thanks.

Edited by yoober, 15 August 2009 - 01:54 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 15 August 2009 - 10:50 AM

Ok, progress ,now rerun Rottrepealand select only FILES>..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 yoober

yoober
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 20 August 2009 - 06:36 AM

THIS IS A NIGHTMARE.

I went into safe mode with command prompt and I went through and deleted every malicious .dll or .exe created by the program, but when that didn't work, I decided to backup my files and reinstall the OS...2 days later, I think I'm safe, but NO! Advanced Virus Remover is back and stronger than before, RootRepeal won't even run!

Is there a better way of restore my computer to factory default settings that would permanently get rid of the effects of the program? I booted the OS Install disk from start and reformatted the hard drive and everything, assuming it would supercede all the changes to my registry that the virus created, and I was under the impression that I'd completed at clean install of XP but THE VIRUS WON'T LEAVE....I'm desperate!

I just ran MBAM again, but based on past experience, it won't last long- the virus just KEEPS COMING BACK.
What should I do?


EDIT: The virus also has this GREAT effect (note the sarcasm) on boot:

[Data Execution Prevention - Microsoft Windows"

To help protect your computer, Windows has closed this program.

Name: Userinit Logon Application
Publisher: Microsoft Corporation]


which means that I cannot DO ANYTHING once I've logged on- I must do everything in safe mode.

EDIT: Some details on my clean install of XP;

Thre partitions on my notebook, Partition1 is FAT, Partition2 is NTFS and Partition3 (DELLRESTORE) is FAT32, I installed XP SP3 on the NTFS partition (obviously), reformatting the partition which took a long time. Right now I'm trying another clean install, but by the time I get a new response to this thread, I'll probably have fully reinstalled the OS anyway, so please help!!!!

Edited by yoober, 20 August 2009 - 07:14 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users