Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Pro, AVAST 4.8 and W32:fasec


  • This topic is locked This topic is locked
10 replies to this topic

#1 bandaide

bandaide

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 24 August 2009 - 11:32 PM

Got the firehose out (AVAST 4.8) and washed away a ton of crud. But I've still got one last battle.

Win XP Pro with full updates. Tried to access the web using IE 7 but was blocked initially. I've run AVAST 4.8 in safe mode, bootscan and normal scan modes and it appears to get rid of everything but the next web access with IE 7 puts another file with W32:fasec in it on the computer. Single hard drive but I may need to disinfect a 250GB USB drive that was just installed on this system after the main system is cleared.

AVAST will clear the file dropped into the system folder that is infected if it's in Safe Mode. In Bootscan mode, it finds a boot record infected with the same virus but can't do anything with it. So what's next? :thumbsup:

BC AdBot (Login to Remove)

 


#2 bandaide

bandaide
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 25 August 2009 - 09:32 PM

Must be really busy around here.;)

Or I forgot the magic word.

So here's the question.

I've gotten rid of most all the problems but I'm still dealing with Win32:Fasec on this laptop running Win XP Pro. Further detail is in the post above.

The question: What would be your suggestion to clear the rest of this virus? I'm trying not to kill this laptop so I would appreciate your thought please.

Thank you

#3 bandaide

bandaide
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 26 August 2009 - 06:07 PM

Hmmm, I took a shower. Actually a couple of them now. Must be my deodorant.

:thumbsup:

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 26 August 2009 - 06:13 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#5 bandaide

bandaide
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 27 August 2009 - 12:17 AM

Ok, it was an entertaining battle but I finally got the Malwarebytes' application working properly. It took a couple of installation tries because I didn't trust my transfer from one pc to the infected pc but changing the suffix from .exe to .com got it going. As it finished, I was prompted to restart the system to remove a file with a name that began with UAC. I ran the restart but shut the power off after 15 minutes of a black intermediate screen during the boot process. I figured it may have hung. I turned the power back on and started much more normally (a minute or two before the login screen). After logging into the pc, an error message came up stating that the Malwarebytes application couldn't be found. At the same time StopZilla caught several items including one named UAC. So it may have worked in our favor.

Anyway, here is the log from Malwarebytes and I'll work on posting what Stopzilla may have caught afterwards.

Malwarebytes' Anti-Malware 1.40
Database version: 2702
Windows 5.1.2600 Service Pack 2

8/26/2009 11:36:29 PM
mbam-log-2009-08-26 (23-36-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 174359
Time elapsed: 43 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreguardAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.


End of MalWareBytes

Begin Stopzilla

Block/Extraction NT Service enforcer 2009-08-27 00:14:11 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:14:11 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:10:48 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:10:48 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:03:47 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:03:47 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:01:43 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:01:43 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:01:10 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-27 00:01:09 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:58:43 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:58:42 Disabled service: messenger -
Information Registry enforcer 2009-08-26 23:58:13 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Home page protection 2009-08-26 23:58:04 Checking homepage... OK
Block/Extraction NT Service enforcer 2009-08-26 23:58:01 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:58:00 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:57:54 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:57:53 Disabled service: messenger -
Information Registry enforcer 2009-08-26 23:57:53 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction NT Service enforcer 2009-08-26 23:57:10 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:57:10 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:56:38 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:56:38 Disabled service: messenger -
Information Internet ExplorerSiteguard 2009-08-26 23:56:16 Inspecting registered Internet Explorer toolbars
Block/Extraction NT Service enforcer 2009-08-26 23:56:16 Disabled service: messenger -
Information Registry enforcer 2009-08-26 23:56:16 Inspecting registered Explorer bars
Block/Extraction NT Service enforcer 2009-08-26 23:56:11 Disabled service: messenger -
Information Registry enforcer 2009-08-26 23:56:09 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-08-26 23:56:07 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-08-26 23:56:06 Inspecting registered Browser Helper Objects (BHOs)
Block/Extraction NT Service enforcer 2009-08-26 23:56:06 Disabled service: messenger -
Information Process enforcer 2009-08-26 23:56:03 Starting process watcher
Block/Extraction NT Service enforcer 2009-08-26 23:48:09 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:48:06 Disabled service: messenger -
Block/Extraction Pop-up blocker 2009-08-26 23:47:07 Removed file c:\windows\system32\uacosrqpxevdn.dll
Block/Extraction Pop-up blocker 2009-08-26 23:46:58 Removed file c:\windows\system32\uachbskfolwos.dll
Block/Extraction Pop-up blocker 2009-08-26 23:46:55 Removed file c:\windows\system32\uacoeiufxhonb.dll
Block/Extraction Pop-up blocker 2009-08-26 23:46:12 Extracted package Search Hijacker.G
Block/Extraction Pop-up blocker 2009-08-26 23:46:08 Extracted package UACD
Block/Extraction NT Service enforcer 2009-08-26 23:45:21 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:45:21 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:43:48 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:43:48 Disabled service: messenger -
Block/Extraction File enforcer 2009-08-26 23:43:11 Deleted file: c:\windows\system32\uacosrqpxevdn.dll
Block/Extraction File enforcer 2009-08-26 23:42:44 Deleted file: c:\windows\system32\uachbskfolwos.dll
Block/Extraction File enforcer 2009-08-26 23:41:14 Deleted file: c:\windows\system32\uacoeiufxhonb.dll
Information Registry enforcer 2009-08-26 23:41:06 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Internet ExplorerSiteguard 2009-08-26 23:40:43 Inspecting registered Internet Explorer toolbars
Information Home page protection 2009-08-26 23:40:43 Checking homepage... OK
Information Registry enforcer 2009-08-26 23:40:39 Inspecting registered Explorer bars
Block/Extraction NT Service enforcer 2009-08-26 23:40:17 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:40:13 Disabled service: messenger -
Information Registry enforcer 2009-08-26 23:40:07 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-08-26 23:40:06 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-08-26 23:40:05 Inspecting registered Browser Helper Objects (BHOs)
Block/Extraction NT Service enforcer 2009-08-26 23:40:05 Disabled service: messenger -
Information Process enforcer 2009-08-26 23:39:58 Starting process watcher
Block/Extraction NT Service enforcer 2009-08-26 23:38:06 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:38:04 Disabled service: messenger -
Block/Extraction File enforcer 2009-08-26 23:37:06 Deleted file: c:\windows\system32\drivers\dvqdrdxi.sys
Block/Extraction NT Service enforcer 2009-08-26 23:37:03 Disabled service: messenger -
Block/Extraction File enforcer 2009-08-26 23:37:00 Quarantined file: c:\windows\system32\drivers\dvqdrdxi.sys
Block/Extraction NT Service enforcer 2009-08-26 23:37:00 Removed service: wfclyc -
Block/Extraction Registry enforcer 2009-08-26 23:36:54 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\wfclyc
Block/Extraction NT Service enforcer 2009-08-26 23:36:52 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:12:47 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:12:47 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:10:15 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 23:10:15 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:51:06 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:51:05 Disabled service: messenger -
Block/Extraction Pop-up blocker 2009-08-26 22:43:07 Blocked Pop-up: view.atdmt.com/cnt/iview/158502306/direct;wi.300;hi.250/01/20090827034309/?click=http://media.fastclick.net/w/click.here?cid=160233;mid=343898;sid=45963;m=6;c=0;forced_click=
Block/Extraction Pop-up blocker 2009-08-26 22:43:04 Blocked Pop-up: view.atdmt.com/cnt/iview/155497486/direct;wi.728;hi.90/01/20090827034305/?click=http://media.fastclick.net/w/click.here?cid=168631;mid=343918;sid=45963;m=1;c=0;forced_click=
Block/Extraction Pop-up blocker 2009-08-26 22:30:48 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaam8biaaaaaaevgcaaaaaaaagaaaaoaaaaaap8aaaaefw46dqaaaaaabtgpaaaaaacojwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaaaaahymafrkpwaaaaaaaaaaaacogzur0t8aaaaaaaaaaaaaqbmbkde.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaacmiw1xaelebgab.5iiaxrykoto4yhxo58cmemcaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:30:47 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadbur0aaaaaalr9cqaaaaaaaaaaaayaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabjhs6haelebrdhpujesqwboqzbambifiz8ngv7aaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:30:46 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadiur0aaaaaalr9cqaaaaaaaaaaaaiaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabnodukaelebtis4s3nro7g0mvw0dfj4gb9gh8aaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:29:17 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaam8biaaaaaaevgcaaaaaaaagaaaaoaaaaaap8aaaaefw46dqaaaaaabtgpaaaaaacojwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaaaaahymafrkpwaaaaaaaaaaaacogzur0t8aaaaaaaaaaaaaqbmbkde.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab6enkhdulebiaylxs9ea.m14k395sv1pwrc4qpaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:29:16 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadiur0aaaaaalr9cqaaaaaaaaaaaaiaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad3ogy6dulebsvroabi-j1sjlerimhyaszflt3laaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:29:16 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadbur0aaaaaalr9cqaaaaaaaaaaaayaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad1qoy6dulebu91bprjhwkxm-ntudcoddy57c-yaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:27:46 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaam8biaaaaaaevgcaaaaaaaagaaaaoaaaaaap8aaaaefw46dqaaaaaabtgpaaaaaacojwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaaaaahymafrkpwaaaaaaaaaaaacogzur0t8aaaaaaaaaaaaaqbmbkde.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaafru5otohebkulfk29nmcc5gjczjjh8cwwqfilaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:27:45 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadbur0aaaaaalr9cqaaaaaaaaaaaayaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbig8wtohebou0tqhpzrldqvxjgyzsxeq8jpoqaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:27:45 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadiur0aaaaaalr9cqaaaaaaaaaaaaiaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamdzdis-hebujfcvpkdhbfhllzpunbf8ignuqbaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:26:15 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaam8biaaaaaaevgcaaaaaaaagaaaaoaaaaaap8aaaaefw46dqaaaaaabtgpaaaaaacojwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaaaaahymafrkpwaaaaaaaaaaaacogzur0t8aaaaaaaaaaaaaqbmbkde.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadr.xufwehebp2bh7xaicmumwluzmqwhoa5t5efaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:26:15 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaau8biaaaaaaevgcaaaaaaaaaaaaaiaaaaaap8a.waefw46dqaaaaaabtgpaaaaaacojwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaaaagpznrdpfpwaaaaaaaaaaaacmiuzezd8aaaaaaaaaaaaapormrmw.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad7kup4wehebsoggmr-lnrhfkh5nrazh-uwhrjaaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:26:15 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadbur0aaaaaalr9cqaaaaaaaaaaaayaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabcdkf9wehebqdccixlrbb7tyvd48ifcugu7-wiaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:24:52 Blocked Pop-up: ad.backtalkmedia.com/iframe3?rwqaacndcgbxgbsaaaaaaod.caaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaawfemaaaaaac15qwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaawaaaaaampmzmzmz2t-amzmzmznzp5qzmzmzmdk.mpmzmzmz2t-amzmzmznzp5qzmzmzmdk.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabxhfmpbuhebirygzdp7cj.gkekc2abnsim0ejwaaaaaa==,,http://ad.yieldmanager.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaacwj6rxa-hebvtzfgmdyuoexgpgrie8lsmpyrhwaaaaaa==,,http://ad.yieldmanager.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaeaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadndi9iaohebjgit0pqlgvxr0bq1zzogcw9smnlaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:24:49 Blocked Pop-up: ad.backtalkmedia.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaacwj6rxa-hebvtzfgmdyuoexgpgrie8lsmpyrhwaaaaaa==,,http://ad.yieldmanager.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaeaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadndi9iaohebjgit0pqlgvxr0bq1zzogcw9smnlaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:24:45 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaeaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadndi9iaohebjgit0pqlgvxr0bq1zzogcw9smnlaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:24:44 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracadbur0aaaaaalr9cqaaaaaaaaaaaayaaaaaap8a.waefw46dqaaaaaabtgpaaaaaaabma0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaaaaaaaaaaaad...p7-3nspwaaaaaaaaaa...vt6wi2d8aaaaaaaaaap..70-lotg.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaacnqai2.-debiwxgj3ndlhugjb5941egeh6qysuaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:23:10 Blocked Pop-up: ad.backtalkmedia.com/iframe3?rwqaacndcgbxgbsaaaaaaod.caaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaawfemaaaaaac15qwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaawaaaaaampmzmzmz2t-amzmzmznzp5qzmzmzmdk.mpmzmzmz2t-amzmzmznzp5qzmzmzmdk.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab2arqaoodebgjgdiqaqgig99e5-pn41meobkaoaaaaaa==,,http://ad.yieldmanager.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaba..hdnedebiprky63t6dzp2ejnwfgpw954tgxaaaaaa==,,http://ad.yieldmanager.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaace3vqxmedebqkzokc4ieoycjzbhbhplcs5incfaaaaaa==,,http://ad.yieldmanager.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaiaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3boujj-debivaqjblwgms9xzoqp0htfvzlfedaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:23:07 Blocked Pop-up: ad.backtalkmedia.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaba..hdnedebiprky63t6dzp2ejnwfgpw954tgxaaaaaa==,,http://ad.yieldmanager.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaace3vqxmedebqkzokc4ieoycjzbhbhplcs5incfaaaaaa==,,http://ad.yieldmanager.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaiaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3boujj-debivaqjblwgms9xzoqp0htfvzlfedaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:23:03 Blocked Pop-up: ad.backtalkmedia.com/iframe3?rwqaacndcgderywaaaaaahwldaaaaaaaagaaaaoaaaaaap8aaaaef1.weqaaaaaa5ciraaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqsauaaaaaaaiaagaaaaaampmzmzmzyt-amzmzmznjp5qzmzmzmck.mpmzmzmzyt8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaace3vqxmedebqkzokc4ieoycjzbhbhplcs5incfaaaaaa==,,http://ad.yieldmanager.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaiaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3boujj-debivaqjblwgms9xzoqp0htfvzlfedaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:22:55 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaderywaaaaaahwldaaaaaaaagaiaaoaaaaaap8aaaaefw46dqaaaaaacvedaaaaaadlwheaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaiaawaaaaaactejcd0ktz8k16nwpqq3p7gehetrul4.ub6f61g4vj-amzmzmznjp5qzmzmzmck.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3boujj-debivaqjblwgms9xzoqp0htfvzlfedaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction Pop-up blocker 2009-08-26 22:22:54 Blocked Pop-up: ad.103092804.com/iframe3?urieaeracaad4swaaaaaanladaaaaaaaagaiaaaaaaaaap8aaaaefw46dqaaaaaaeq4saaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadazaqaaaaaaaicagaaaaaaaaaaaaaa.j8aaaaaaad-pwaaaaaaaaraaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabd8.ydjudebksufdcvhikxoqlp6nh1g4ysswedaaaaaa==,,http://chinaontv.com/videos/5292.php
Block/Extraction NT Service enforcer 2009-08-26 22:22:20 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:22:20 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:21:21 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:21:21 Disabled service: messenger -
Information General 2009-08-26 22:17:01 Exploit definition update (08/26/2009 07:59 PM GMT) successfully applied.
Block/Extraction NT Service enforcer 2009-08-26 22:07:00 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:07:00 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:05:18 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:05:16 Disabled service: messenger -
Information Internet ExplorerSiteguard 2009-08-26 22:05:16 Inspecting registered Internet Explorer toolbars
Information Home page protection 2009-08-26 22:05:16 Checking homepage... OK
Information Registry enforcer 2009-08-26 22:05:11 Inspecting registered Explorer bars
Information Registry enforcer 2009-08-26 22:05:08 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-08-26 22:05:05 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-08-26 22:05:03 Inspecting registered Browser Helper Objects (BHOs)
Block/Extraction NT Service enforcer 2009-08-26 22:05:03 Disabled service: messenger -
Information Process enforcer 2009-08-26 22:05:02 Starting process watcher
Block/Extraction NT Service enforcer 2009-08-26 22:00:39 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 22:00:37 Disabled service: messenger -
Block/Extraction Pop-up blocker 2009-08-26 21:44:21 Blocked Pop-up: ad.doubleclick.net/adi/n1823.casalemedia/b3665690.5;sz=728x90;click0=http://c.casalemedia.com/c/2/1/78103/;ord=1472994914
Block/Extraction NT Service enforcer 2009-08-26 21:27:25 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:27:25 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:24:30 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:24:30 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:20:38 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:20:38 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:20:14 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:20:14 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:18:40 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:18:40 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:17:16 Disabled service: messenger -
Block/Extraction NT Service enforcer 2009-08-26 21:17:16 Disabled service: messenger -
Block/Extraction Pop-up blocker 2009-08-26 21:17:08 Removed file c:\program files\acceleration software\anti-virus\spy_virusresponse_lab.cnr
Block/Extraction Pop-up blocker 2009-08-26 21:17:03 Removed file c:\program files\acceleration software\anti-virus\spy_malwarewar.cnr
Block/Extraction Pop-up blocker 2009-08-26 21:17:02 Removed file c:\program files\acceleration software\anti-virus\spy_antispyspider.cnr
Block/Extraction Pop-up blocker 2009-08-26 21:17:00 Removed file c:\windows\system32\resdll.dll
Block/Extraction Pop-up blocker 2009-08-26 21:16:57 Removed file c:\documents and settings\owner\local settings\temp\d.exe
Block/Extraction Pop-up blocker 2009-08-26 21:16:54 Removed file c:\program files\stopsign\threatscanner\engines\nictatech\unzip.api
Block/Extraction Pop-up blocker 2009-08-26 21:16:50 Removed file c:\program files\stopsign\threatscanner\engines\nictatech\unarj.api
Block/Extraction Pop-up blocker 2009-08-26 21:16:47 Removed file c:\program files\stopsign\threatscanner\engines\nictatech\thebat.api
Block/Extraction Pop-up blocker 2009-08-26 21:16:45 Removed file c:\program files\stopsign\threatscanner\engines\nictatech\oe4.api
Block/Extraction Pop-up blocker 2009-08-26 21:16:42 Removed file c:\program files\stopsign\threatscanner\engines\nictatech\oe.api
Block/Extraction Pop-up blocker 2009-08-26 21:16:39 Removed file c:\program files\acceleration software\anti-virus\spy_winsoftware_ltd_winfixer.cnr
Block/Extraction Pop-up blocker 2009-08-26 21:16:34 Removed file c:\windows\system32\wingenocx.dll
Block/Extraction Pop-up blocker 2009-08-26 21:16:18 Removed registry path="hkus\s-1-5-21-1965084842-2734725606-401148875-1003\software\microsoft\windows nt\currentversion\taskmanager" value="preferences"
Block/Extraction Pop-up blocker 2009-08-26 21:16:15 Removed registry path="hkus\s-1-5-21-1965084842-2734725606-401148875-1003\software\microsoft\mediaplayer\preferences" value="silentacquisition"
Block/Extraction Pop-up blocker 2009-08-26 21:16:13 Removed registry path="hkus\.default\software\microsoft\mediaplayer\preferences" value="silentacquisition"
Block/Extraction Pop-up blocker 2009-08-26 21:16:11 Removed file c:\documents and settings\owner\local settings\temp\tmp1.tmp
Block/Extraction Pop-up blocker 2009-08-26 21:16:08 Removed registry path="hkus\s-1-5-21-1965084842-2734725606-401148875-1003\software\protection system"
Block/Extraction Pop-up blocker 2009-08-26 21:16:06 Removed file c:\windows\temp\installer.exe
Block/Extraction NT Service enforcer 2009-08-26 21:15:59 Disabled service: messenger -
Information Internet ExplorerSiteguard 2009-08-26 21:15:53 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2009-08-26 21:15:50 Inspecting registered Explorer bars
Block/Extraction NT Service enforcer 2009-08-26 21:15:49 Disabled service: messenger -
Block/Extraction Pop-up blocker 2009-08-26 21:15:46 Removed registry path="hklm\software\classes\*\shellex\contextmenuhandlers\simpleshlext\" value=""
Information Home page protection 2009-08-26 21:15:46 Checking homepage... OK
Block/Extraction Pop-up blocker 2009-08-26 21:15:42 Removed registry path="hklm\software\classes\clsid\{5e2121ee-0300-11d4-8d3b-444553540000}"
Block/Extraction Pop-up blocker 2009-08-26 21:15:37 Removed registry path="hkus\s-1-5-21-1965084842-2734725606-401148875-1003\software\microsoft\windows\currentversion\run" value="protection system"
Information Registry enforcer 2009-08-26 21:15:13 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2009-08-26 21:15:09 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2009-08-26 21:15:07 Inspecting registered Browser Helper Objects (BHOs)
Block/Extraction NT Service enforcer 2009-08-26 21:15:07 Disabled service: messenger -
Information Process enforcer 2009-08-26 21:14:56 Starting process watcher

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 27 August 2009 - 05:17 PM

Ok re run a Malwarebytes Quick Scan.
Computer Pro

#7 bandaide

bandaide
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 28 August 2009 - 04:40 AM

That was fun. :thumbsup: Spent the night fighting with the sucker. I was unable to run MBAM certainty using a standard start up. So I ran in safe mode and tried the quick scan mode. It came back with two infections and needed a restart to clear one of those. So I ran it as full scan twice in safe mode with this being the final MBAM log.

Malwarebytes' Anti-Malware 1.40
Database version: 2702
Windows 5.1.2600 Service Pack 2 (Safe Mode)

8/28/2009 4:23:10 AM
mbam-log-2009-08-28 (04-23-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167672
Time elapsed: 1 hour(s), 32 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 28 August 2009 - 05:47 PM

Ok you have a rootkit, and I am going to have to refer you to the HJT forum as there some rootkits on the loose right now that require a custom script to remove of which I cannot provide:

It looks like we are going to have to use more powerful tools than what we are allowed to use in the Am I Infected forum. I am going to need for you to post a DDS/HijackThis Log in the HijackThis Log section of the forum.

Please refer to this for your preparation reasons before posting:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

You can find the forum here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Once you have created a new topic in the HijackThis section, please post a link to it in this topic.
Please allow time for your topic to be replied to in the HijackThis section as the HJT Team is EXTREMELY busy posting logs before yours.

Good Luck!
Computer Pro

#9 bandaide

bandaide
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 29 August 2009 - 08:21 AM

Thank you for your help so far, Computer Pro. I'll be following up with your suggestions later today.

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 29 August 2009 - 02:34 PM

Ok, good luck in the HJT forum.
Computer Pro

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:19 PM

Posted 29 August 2009 - 11:32 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/253425/win-xp-pro-avast-48-and-w32fasec/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users