Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed!


  • Please log in to reply
2 replies to this topic

#1 Ron12314345

Ron12314345

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 August 2009 - 04:10 AM

Hello,
I was using "nod 32" anti virus software until recently when the trial version expierd. just shortly after, the computer started to act strange and i immedietly susspected it got infected with a virus, i tried to download an anti-virus software but was unable to access any anti virus web page, i was only able to download "malewarebytes" through www.downloads.com with "getright". but it was impossible to update it, just to scan. i tried to use combo fix but it keeps saying that the combo fix file was infected also, probably by a virut file, the messege appeared even after renaming the file to "combo-fix".

thanks in advance,

Ron

p.s. incase it's all doomed, as i suspect, will it be usefull to format my hard drive and reinstall vista from "vista recovery partition", or the virus can infect the secret partition as well?

Edited by Ron12314345, 28 August 2009 - 07:48 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:47 AM

Posted 28 August 2009 - 08:15 AM

You probably do have Virut but it would be better to see a MBAM log to confirm

%System%\reader_s.exe
%Temp%\infected\reader_s.exe
%Temp%\windows\system32\reader_s.exe
%UserProfile%\reader_s.exe


Chewy

No. Try not. Do... or do not. There is no try.

#3 Ron12314345

Ron12314345
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 August 2009 - 10:44 AM

Hello again,

thank you for your attention, Dachew. Unfortunatly it's no longer in doubt, there is a virus. malwarebytes discover 4 infected items.

here is the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

28/08/2009 18:45:39
mbam-log-2009-08-28 (18-45-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160760
Time elapsed: 1 hour(s), 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Recycle\P-1-3-64-8794238531-8742492-9897532 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Recycle\P-1-3-64-8794238531-8742492-9897532\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\win7service.exe (Worm.Palevo) -> Delete on reboot.


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- let us not forget it's not the updated version! so probably there are more, i removed the viruses and yet everything stayed the same.

i would appreciate if someone can offer another action and also advice regarding my question about formating the HD and using vista partition for reinstalling which i mentioned on my first post

thanks

Edited by Ron12314345, 28 August 2009 - 10:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users