Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows security alert


  • Please log in to reply
4 replies to this topic

#1 krosati

krosati

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 December 2009 - 05:09 PM

I cannot access the web from my laptop due to spyware/malware. I cannot determine the name of it.
I am using my wifes laptop now to seek assistance.
Thanks in advance
Kenny

This is the bubble alert from the task tray

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps protect your computer against viruses and other
security threats. Click here for the scan you computer. Your
system might be at risk now.

This is the pop up square from the task tray as well

Antivirus Sytem Pro alert
Infiltration alert
Your computer is being attackedby an internet
Virus. It could be a password-stealing attack, a
trojan - dropper or similar.

Details
Attack from: changes periodicly
Attacked port: changes periodicly
Threat: changes periodicly

Edited by krosati, 13 December 2009 - 06:14 PM.


BC AdBot (Login to Remove)

 


#2 krosati

krosati
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 December 2009 - 06:16 PM

ttt with new info

#3 krosati

krosati
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 December 2009 - 06:54 PM

I tried to follow the instructions here: http://www.bleepingcomputer.com/virus-remo...irus-system-pro
But I connot get the download. I downloaded to a usb drive from my wifes PC but the spyware says:
Application cannot be executed. the file rkill.com is infected.
Do you want to activate your antivirus software now?

#4 krosati

krosati
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 15 December 2009 - 07:12 PM

ttt

#5 krosati

krosati
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 16 December 2009 - 03:32 PM

Ok, I finally made some headway. The malware had deactivated my zonealarm firewall as well.
I used a flash drive to download Malwarebytes' Anti-Malware and run it in safe mode. I had to run it three times to remove the malware enough to be able to get online.
Can anyone take a look at these and see if I need to do anything else?

Here are the logs
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

12/15/2009 7:15:36 PM
mbam-log-2009-12-15 (19-15-36).txt

Scan type: Quick Scan
Objects scanned: 109975
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ntndis (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rosati\Local Settings\Temp\7178.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Uninst2.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Unist1.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ntndis.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ntndis.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

12/15/2009 8:23:15 PM
mbam-log-2009-12-15 (20-23-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 173764
Time elapsed: 24 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rosati\Local Settings\Application Data\wcbcsg\belhsysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP403\A0066330.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

12/15/2009 9:11:00 PM
mbam-log-2009-12-15 (21-11-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 173711
Time elapsed: 39 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP427\A0068276.exe (Spyware.Passwords) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users