Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Trojan and Delf Crypt Viruses


  • Please log in to reply
3 replies to this topic

#1 punchdrunk75

punchdrunk75

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 January 2010 - 12:00 PM

I have run AVG and Malwarbytes software and it is not fixing the problem. My registry edit function was not working, but I fixed it. Went through and deleted the files that Malwarbytes could not. I am still being redirected to unknown sites when I search through google. Some sites that normally work for me are not working and are loading incredibly slow. Should I run combo fix?

BC AdBot (Login to Remove)

 


#2 punchdrunk75

punchdrunk75
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 January 2010 - 12:13 PM

Can someone please help me????????????????????????????////

#3 punchdrunk75

punchdrunk75
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 January 2010 - 12:27 PM

Here is my log from Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Database version: 3550
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/12/2010 5:51:12 PM
mbam-log-2010-01-12 (17-51-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 176733
Time elapsed: 1 hour(s), 59 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0594d326-1d50-4513-968a-d83031ab139d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0594d326-1d50-4513-968a-d83031ab139d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1e88a88-9b9b-45d8-9cdc-39a934318e46} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1e88a88-9b9b-45d8-9cdc-39a934318e46} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e88a88-9b9b-45d8-9cdc-39a934318e46} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe dwtt.mro bpqvc) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ijqwv45.dll (Password.Stealer) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\6ED.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\6FB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\64D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\64F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\658.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D62CA84F-F786-4600-AE5E-DE1A847A28BF}\RP896\A0070214.dll (Trojan.Tracur) -> Quarantined and deleted successfully.


Every time I have run it since there have been no infections found, but my computer is still doing the same thing.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 15 January 2010 - 10:05 PM

Hello,

Since the above log is an MBAM log, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started.

==>PLEASE DO NOT NOW POST OTHER LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users