Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Defense Virus and other trojan horses


  • Please log in to reply
3 replies to this topic

#1 jinsoop3

jinsoop3

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 31 December 2009 - 01:54 AM

Hello friends. My first posting tonight - usually my computer works well for me so I have never had to seek help.

I have come down with 1 virus that is very apparent - Malware Defense Virus is what I call it. It appears to be an unregistered Microsoft product that has found ten or twenty viruses on my PC and asks that I register and pay for the product. It prevents me from running McAfee or Norton in regular mode (Safe mode runs fine from command line and does not find anything) - the services/applications won't start.

Additionally, there appear to be a number of trojan horses and viruses that constantly pop up in Microsoft Security Center Alert. They are listed below:
Trojan.win.agent.dcc
Trojan-downloader.js.multi.ca
Virus.win32.gpcode.ak
Net-worm.win32.dipnet.d
Email-worm.win32.netsky.q
Backdoor.win32.kbot.al
Backdoor.win32.agent.ich
Rootkit.win32.agent.pp
Chin09.win
Net-worm.win32.mytob.t


McAffee's online free scanner found the Malware Defense files in C:\Program Files\Malware Defense (3 to 5 files), but did not find any of the other infected files associated with the list of viruses and trojan horses above.

It appears that 2 iexplorer.exe processes run even after I stop them in taskmgr. Additionally I have stopped/disabled a number of services that don't seem to doing much to try to isolate these viruses. I can restart them as needed.

Taskmgr will not start from te control/alt/delete window - instead I need to start it from the command prompt.

Please advise on how I should proceed.

Thank you!

BC AdBot (Login to Remove)

 


#2 jinsoop3

jinsoop3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 31 December 2009 - 08:26 PM

So I made progress by getting rid of the Malware Defense virus/trojan horse by reading through the common malware issues and remedies on the homepage of this discussion board. However, now I am having issues getting Norton Antivirus to start up, run a complete scan without freezing and start up when I boot the computer up. My sense is that something is disabling it or has messed with the exe files so that it won't start up.

Since I was able to install Malwarebytes Anti Malware, I can run that scan after running rkill (provided in the Malware Defense fix) and it finds two issues repeatedly: Rootkit.TDSS and Trojan.DNSChanger. Does this mean I keep getting reinfected by these viruses after they are quarantined and deleted by the Malwarebytes Anti Malware?

#3 jinsoop3

jinsoop3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 31 December 2009 - 10:23 PM

Could not wait for a response as time is critical for me here, so I searched on Trojan.DNSChanger and Rootkit.TDSS in the forum and found instructions to go into safe mode and run ATFCleaner and SuperAntiSpyware, which I did. Here is the log file from SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/31/2009 at 09:49 PM

Application Version : 4.32.1000

Core Rules Database Version : 4437
Trace Rules Database Version: 2263

Scan type : Complete Scan
Total Scan Time : 00:23:29

Memory items scanned : 245
Memory threats detected : 0
Registry items scanned : 6530
Registry threats detected : 0
File items scanned : 17801
File threats detected : 1

Rogue.SmartProtector
C:\WINDOWS\system32\srcr.dat


Here is the log file from my last run of Malwarebytes AntiMalware (everytime I run it full scan or in quick mode, I find Trojan.DNSChanger and Rootkit.TDSS:

Malwarebytes' Anti-Malware 1.43
Database version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2009 9:04:41 PM
mbam-log-2009-12-31 (21-04-41).txt

Scan type: Quick Scan
Objects scanned: 151552
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Please let me know if you think there are more or different steps I need to take to rid my computer of this stuff. Thank you in advance and I hope I have not screwed anything up.

#4 jinsoop3

jinsoop3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 01 January 2010 - 12:15 AM

Happy New Year friends! The problems are not solved - none of the antivirus software gets rid of the problems and after a reboot or two the anitvirus software won't work (except MBAW after running Rkill). When I log in regular the desktop does not come up unless I hit Ctl-Alt-Del immediatly after logging in. Task Manager does not start from the Ctrl-Alt-Del box, only from the command prompt. Please let me know if you have any ideas or suggestions on how I can solicit a response (am I being ignored?) Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users