Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Horrible Antu Virus 2010 Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 srosen

srosen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 25 September 2009 - 10:04 PM

Hi - I posted in another forum and now have been referred back here. I'll post my initial request followed by the logs I was able to create per the suggestions on the "Am a infected forum"

My computer is infected with the Anti Virus 2010 malware. At first, it was just out a red button with a white X in the system tray. Now, however, the antivirus "program" is prompting me with alerts. Additionally, Windows takes forever to start up and each program also take a while to load. I have SpyWare Dr., and it did detect and remove the 2010 software, but it's back with a vengeance.

I tried to run Malware Bytes, but after installing and starting to scan, it terminates immediately. Now, it won't allow me to even open it. I can't run DDS either - it just quickly opens and closes the screen. I started using RootRepeal, but it started to created the report and now it won't open just like Malware Bytes. I assume this is due to the malware - I couldn't even open ComboFix.

Sorry I can't give you any more detailed information, but I can't even create the log to show you anything else? Any suggestions for this nasty piece of software?

here's the Win32Diag.txt file - Unfortunately, it looks like it didn't work properly:

Running from: C:Documents and SettingsScottDesktopWin32kDiag.exe

Log file at : C:Documents and SettingsScottDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINDOWS'...



Found mount point : C:WINDOWS$hf_mig$KB902400KB902400

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB912945KB912945

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB913580KB913580

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB916281KB916281

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB918899KB918899

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB920213KB920213

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB922760KB922760

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB924496KB924496

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB925454KB925454

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB928090KB928090

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB929338KB929338

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB931768KB931768

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB931784KB931784

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB932168KB932168

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB933566KB933566

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB937143KB937143

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB939653KB939653

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB942615KB942615

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB943460KB943460

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB944533KB944533

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB947864KB947864

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP153.tmpZAP153.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP302.tmpZAP302.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP490.tmpZAP490.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSassemblytemptemp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSassemblytmptmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConfigConfig

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConnection WizardConnection Wizard

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSDebugUserModeUserMode

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimechsimeappletsapplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeCHTIMEAppletsApplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeimejpappletsapplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeimejp98imejp98

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeimjp8_1appletsapplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeimkr6_1appletsapplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimeimkr6_1dictsdicts

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSimesharedresres

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed0DC1503A46F231838AD88BCDDC8E8F7C3.2.307293.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$ManagedDC3BF90CC0D3D2F398A9A6D1762F70F32.2.307292.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstallerOfficeAssistantMicrosoft Office ToolsMicrosoft Office Tools

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSjavaclassesclasses

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSjavatrustlibtrustlib

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET FilesBind LogsBind Logs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET FilesTemporary ASP.NET Files

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionchromechrome

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensiondefaultspreferencespreferences

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSmsappsmsinfomsinfo

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSmuimui

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSOptionsCABSCABS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSOptionsInstallInstall

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSpchealthERRORREPQHEADLESQHEADLES

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSpchealthERRORREPQSIGNOFFQSIGNOFF

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSpchealthhelpctrBATCHBATCH

Mount point destination : Device__max++>^

Cannot access: C:WINDOWSpchealthhelpctrbinarieshelpsvc.exe

And here is the contents of Log.txt:

Volume in drive C is SQ004101P01
Volume Serial Number is 001B-D93A

Directory of C:WINDOWS$NtServicePackUninstall$

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:WINDOWS$NtServicePackUninstall$

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:WINDOWS$NtServicePackUninstall$

08/04/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:WINDOWSServicePackFilesi386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:WINDOWSServicePackFilesi386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:WINDOWSServicePackFilesi386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:WINDOWSsystem32

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:WINDOWSsystem32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:WINDOWSsystem32

04/13/2008 08:11 PM 62,464 eventlog.dll
3 File(s) 650,752 bytes

Total Files Listed:
9 File(s) 1,938,432 bytes
0 Dir(s) 46,331,031,552 bytes free

Edited by The weatherman, 26 September 2009 - 08:48 AM.
Merged post.~Tw


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 13 October 2009 - 04:14 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.



*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.




Thanks and again sorry for the delay.


Kind regards
Net_Surfer

:(

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:09 AM

Posted 20 October 2009 - 07:54 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users