Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think i have 3 corrupt files


  • Please log in to reply
12 replies to this topic

#1 josephawood6

josephawood6

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 15 September 2009 - 10:44 PM

I was responsible for openning a file I should not have and the result is atleast 3 files Anti-Malware bytes was unable to remedy. I ran a scan with Super Anti Spyware (in safe mode) and it cleaned out a bunch of stuf-f tracking cookies, viruses, Trojans, for starters. Then I used AntiMalware- bytes on complete scan- not in safe mode and it quarrantined 7 to 10 items 3 of which it said it had no solution for. My McAfee had shut down my computer on it's scan because it detected something harmful to the computer.

Running Windows Vista Home Premium 32 bit Home premium O/S, On a dell Imspiron 1525, dual core pentium. :thumbsup: and it's slowed down since the warnings were received. I'm going to atach a log of the Anti-Malware bytes scan log, (it's short) for your perusal. I'm fearing the worst.

1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

9/15/2009 11:40:31 AM
mbam-log-2009-09-15 (11-40-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184828
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Users\JAW\AppData\Local\Temp\b.exe (Trojan.Downloader) -> No action taken.

I also have the quarentine log if needed.

Hope I didn't make your job more difficult with the added info.

Thx Joe
WOODSY0

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 16 September 2009 - 12:19 PM

Your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having MBAM remove the threats. To confirm if everything was removed, rescan again in normal mode and check all items found for removal. Don't forgot to update MBAM through the program's interface (preferable method) and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing a new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

The database shows 2775. Last I checked it was 2809.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 16 September 2009 - 12:37 PM

I followed your directions to the t the 1st time, because I bookmarked a previous forum entry. The message I got after hitting remove was " there are three files the scan can take no action on. It did remove 7 files sucessfully. and I did restart.

Nonetheless I will Follow your directions and post a log file again.

Thank You Quietman, I appreciate the help.

Josephawood6
WOODSY0

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 17 September 2009 - 05:58 AM

Can you provide the specific file names and location (full file path) of those files?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 17 September 2009 - 09:40 AM

Hi quietman7, I did as you sugessted and updated my files again and ran another complete scan, here are the results:

alwarebytes' Anti-Malware 1.41
Database version: 2815
Windows 6.0.6002 Service Pack 2

9/17/2009 8:26:09 AM
mbam-log-2009-09-17 (08-26-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186366
Time elapsed: 1 hour(s), 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

There are 11 files in the quaratine, should they be left there or should I provie the file paths to you or is everything ok now?

thx for your hhelp again

sincerely,
josephawood6

Hi quietman7, I did as you sugessted and updated my files again and ran another complete scan, here are the results:

alwarebytes' Anti-Malware 1.41
Database version: 2815
Windows 6.0.6002 Service Pack 2

9/17/2009 8:26:09 AM
mbam-log-2009-09-17 (08-26-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186366
Time elapsed: 1 hour(s), 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

There are 11 files in the quaratine, should they be left there or should I provie the file paths to you or is everything ok now?

thx for your hhelp again

sincerely,
josephawood6
WOODSY0

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 17 September 2009 - 09:45 AM

That looks better.

With MBAM, once the scan is completed, infected files marked for "Remove Selected", are copied, renamed, handled with additional secure measures, then sent to Quarantine. The original file is either immediately removed or removed on reboot. While in Quarantine, the copy of the original file is no longer a thread and can do no harm. When the quarantined file is known to be malicious, you can delete it at any time. Choosing delete, removes the backup copy and it no longer can be restored. If you rebooted and are not having any issues, open MBAM, click on the Quarantine tab and select the option to Delete all.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 17 September 2009 - 11:13 AM

Just a note of thanks for your valuable and timeley assistance. Thank You very Much quietman7
josephawood6 :thumbsup:
WOODSY0

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 17 September 2009 - 12:26 PM

Not a problem. How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 17 September 2009 - 01:17 PM

Much Improved from when I first received the McAfee warnings that I had been infected, but there was a peoblem with windows defender and McAfee when I tried a free download of Windows Live one. I beleve It's some type of security software from MicroSoft. The issue orginated when I tried to reinstall the McAfee software and told it was incompatible with Windows Defender. So I spoke with MicroSoft and they helped me with some of their wizzardry and I was able to turn off the automatic security downloads/updates, and they showed me how to deactivate it all together. But I still get frequent error messages that are generic. You See one day, I strted screwing around with SQL Server Configuration Managerand some how I changed the error message to "please be advisied' instead of the actual error code and description. What a dumb action to take. So I am gettting about 3 -4 per error that I just close and IE7 sucks up huge memory capacity in the area of 350,ooo to 400,000 units of measure to run a single application. so the browser is slow and hangs and fails to respond, even after uninstall/ reinstall.

Care to assist with this issue, because I can live with it.

Let me know either way
josephawood6
WOODSY0

#10 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 17 September 2009 - 01:17 PM

Much Improved from when I first received the McAfee warnings that I had been infected, but there was a peoblem with windows defender and McAfee when I tried a free download of Windows Live one. I beleve It's some type of security software from MicroSoft. The issue orginated when I tried to reinstall the McAfee software and told it was incompatible with Windows Defender. So I spoke with MicroSoft and they helped me with some of their wizzardry and I was able to turn off the automatic security downloads/updates, and they showed me how to deactivate it all together. But I still get frequent error messages that are generic. You See one day, I started screwing around with SQL Server Configuration Managerand some how I changed the error message to "please be advisied' instead of the actual error code and description. What a dumb action to take. So I am gettting about 3 -4 per errors per hour, that I just close, while IE7 sucks up huge memory capacity in the area of 350,ooo to 400,000 units of measure to run a single application. so the browser is slow and hangs and fails to respond, even after uninstall/ reinstall.

Care to assist with this issue, because I can live with it.

Let me know either way
josephawood6

Edited by josephawood6, 17 September 2009 - 01:22 PM.

WOODSY0

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 17 September 2009 - 01:39 PM

I've never user the SQL Server Configuration Manager so I would have to do some research on the net. You may just want to start a new topic in another forum where those more familiar might offer suggestions.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista users can refer to these links: Create a New Restore Point in Vista and Disk Cleanup in Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 josephawood6

josephawood6
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:colorado
  • Local time:03:37 AM

Posted 17 September 2009 - 01:51 PM

thx for the follow up tips queitman7, i already got them bookmarked and will begim the process of creating a new restore point as well as cleanup per your instructions. thank you.

I was worried abour possible reinfection using the windows doanload icon, because I was careless last year and was nailed before i knew it the doaloader malware was fillimg my c:/ up with garbage. It was unstoppable. I eventally wiped and reinstalled the O/s again. what a time intensive task when you add in the driver doawnloads and all the updates>

thank you again
josephawood6
WOODSY0

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:37 AM

Posted 17 September 2009 - 01:59 PM

You're welcome.

Tips to protect yourself against malware and reduce the potential for re-infection:Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users