Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected


  • This topic is locked This topic is locked
32 replies to this topic

#1 dinudanu

dinudanu

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 November 2009 - 07:26 AM

Hello,


I am not sure about this, but u think my 2 laptop and 2 desktop pc are infected .... all the four computer seems to be working all fine ... but when i run a full system scan my laptop gets very slow and in the midway it gets terminated. Windows keeps popping up a message saying 547.exe,430.exe and etc has encountered a problem and needs to terminated.spybot continously nonstop pops up an message saying registry change not allowed category winlogon.

Particularly my internet usage seems to shot up . I have usage limit of 1.5 gb and have never crossed that limit .. but all of a sudden from last week my uploads have gone throught the rough .... apparently in a single day i have uploaded 2.3gb of data and another day around 1.5 gb of data has been uploaded .. but i do not upload any big file due to the usage limit.

I think my laptop was infected because of an infected usb ... i did run a scan with kaspersky 2009 (which is out of date because i did not renew it , will do it v.soon) before opening the usb and it showed it was clean ... but later when i was analysing the report there was folder "folder.temp/temp" which was scanned but could not be found on the usb it was not even a hidden folder .. i used the same usb in my other pc's and laptop.

Also one more thing .. these files are there in my temp folder aax4f.tmp,aax43.tmp etc

I am using windows xp in all the system

2 system have kaspersky installed,1 pc does not have any security it does not have net connection used only for official purpose, the other laptop has k7 total security system.

Thanks for helping me out.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 04 November 2009 - 11:23 AM

i did run a scan with kaspersky 2009 (which is out of date because i did not renew it , will do it v.soon)

Renew it right away or replace. Otherwise, you will be at risk of reinfection after removing the current malware.

Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2009 - 05:00 AM

Thanks i have scanned with malwarebytes ... it had detected 3 trojans/virus ... quarantined them all ... scanning the other 3 systems also .. is there anything else i need to do .

Also,all of a sudden (from last week) whenever i search with google i get a error message saying i am forbidden from searching or i get the results displayed in spanish language .. is this got anything to do with virus.

#4 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2009 - 05:07 AM

Also when u said me replace my antivirus ... i have replaced it avira antivir personal free version ... is that ok ... i will buying kaspersky 2010 once i get the money ... has avira doesnt have any firewall which one should i install

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 05 November 2009 - 07:37 AM

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs


i have replaced it avira antivir personal free version ... is that ok ... i will buying kaspersky 2010 once i get the money

That's fine for now. Just before to remove Avira before installing Kaspersky as you should not use more one anti-virus program on your system.

avira doesnt have any firewall which one should i install

Choosing a firewall is a matter of personal preference, your technical ability/experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find the one most suitable for your use.

Free firewalls: (choose and install only one)Before installing a 3rd-party firewall, make sure you turn off the the Windows firewallWhy? Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (a router) and a software firewall (Kerio or ZoneAlarm) in conjunction.

Edited by quietman7, 05 November 2009 - 07:38 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 November 2009 - 02:17 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3103
Windows 5.1.2600 Service Pack 3

11/5/2009 1:20:36 PM
mbam-log-2009-11-05 (13-20-36).txt

Scan type: Quick Scan
Objects scanned: 104028
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



***** Has i told you before i have 4 systems infected .. in one laptop malwar byte hasnt been able to remove secupdat.dat file even after reboot ( i havent post the log of that system has it might be confusing thanks****

also, is the google behaviour i mentioned related to this trojan.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 06 November 2009 - 09:02 AM

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

Edited by quietman7, 06 November 2009 - 09:03 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 November 2009 - 12:58 AM

Norman log

Norman Malware Cleaner
Version 1.5.0.5
Copyright 1990 - 2009, Norman ASA. Built 2009/11/06 14:25:12

Norman Scanner Engine Version: 6.03.02
Nvcbin.def Version: 6.03.00, Date: 2009/11/06 14:25:12, Variants: 4340509

Scan started: 07/11/2009 05:23:42

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 3
Logged on user: JAINS-WPO6HYBUT\jains

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "72.dll" -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000


Scanning running processes and process memory...

Number of processes/threads found: 1038
Number of processes/threads scanned: 1038
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 54s


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*

Scanning: E:\*.*

E:\pagefile.sys (Error opening file: Access denied)

E:\RECYCLER\S-1-5-21-4957869952-7683091460-808709656-6212\Desktop.ini (Infected with BAT/Autorun.IZJ)
Deleted file

Scanning: F:\*.*

Scanning: H:\*.*

Scanning: E:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 38422
Number of archives unpacked: 0
Number of files scanned: 38385
Number of files not scanned: 37
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 1
Number of infections removed: 1
Total scanning time: 45m 25s

#9 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 November 2009 - 01:04 AM

The log for dr web fix is v.long .. after the end of complete scan it showed no virus found ..

However after the scan was completed and exiting the dr web a popup showed up saying virus was detected and i need to perform a complete scan. i am confused as to wht it means.

i am pasting the first and last part of the scan

=============================================================================
Dr.Web Scanner for Windows v5.00.7 (5.00.7.09210)
© Doctor Web, Ltd., 1992-2009
Log generated on: 2009-11-08, 11:00:57 [jains]
Command line: "E:\DOCUME~1\jains\LOCALS~1\Temp\dc31445274\zf4x9XP.exe" /lng /ini:setup_XP.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================

Scan statistics
-----------------------------------------------------------------------------
Scanned: 146631
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 197 Kb/s
Scan time: 03:55:49
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 152888
Infected: 0
Modifications: 0
Suspicious: 0
Adware: 0

*** i am still scanning my other 3 systems ***

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 09 November 2009 - 08:55 AM

after the scan was completed and exiting the dr web a popup showed up saying virus was detected and i need to perform a complete scan. i am confused as to wht it means.

Then you should complete another scan. Be sure to update the program's definition database first.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 November 2009 - 04:54 AM

It is still the same .. even after updating and scanning again it said no virus found .. but once i close dr web i get a popup stating virus or suspicious object found .. It is strongly recommended to perform a complete scan.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 11 November 2009 - 08:32 AM

Did Dr.Web Scanner provide a specific file name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 November 2009 - 09:04 AM

No, No specific location ... it is just gave a warning dialog box .. after the complete scan was over the status bar of dr web showed that no virus was detected. After i closed Dr web the dialog box showed up.It is the same thing with my other systems too. Also, the dialog box mentioned that all the quarantined objects will be saved in the quarantine folder of user in documents and settings (hope u understood what i am tryin to say)

-- one more thing, i was scanning my other systems too in one of the systems norman malware cleaner disinfected a file folder.tmp in my usb .. but i am still able to view a hidden folder named "folder.tmp" in my usb .. but there was one change before the scan the folder had the icon of recycle bin .. after the disinfection the icon changed to a normal folder--

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 12 November 2009 - 10:52 AM

-- If you cannot find the folder/file, you may have to Reconfigure Windows to show hidden files, folders.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 dinudanu

dinudanu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 12 November 2009 - 12:38 PM

my windows is recinfigured to show hidden files and folder .. also i have already scanned with norman malware cleaner and have posted a log before ... i will scan again ... i will also post the screen shot of the dr web message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users