Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im Infected with Trojan "KillAV.RG" and "Vundo.JK"


  • Please log in to reply
2 replies to this topic

#1 blaze4376

blaze4376

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 26 January 2010 - 07:18 PM

Hey guys,
This is my first post ever Im usally pretty good at removing virus but this one has stumped me. I will post as much info as possible so you can help me. I know I have a virus (its my own fault) I clicked on a Keygen program and it activated. I tried running malwarebytes right away but the virus deleted the exe file ( Windows is serching for mbam.exe) I then tried to run spybot s&d (the program began to load but just sits there and never loads) I switched to safe mode and was able to run AVG 8.5 and have the results of that log I will post it at the end of this message.

I did some research and tried a few things with no luck
1. Tried setting up a Malwarebytes from a cd (downloaded newest version from a clean computer with no luck)
2. Tried the renaming of that program from a post here where you rename malware to explorer.exe from a clean computer and place it on the infected one in the program file directory..No luck.
3. Scanned my computer with a program named "cleankillav" It was able to scan but found no results.

Im running Windows xp ® (Build 2600.xpsp_sp3_gdr.090804-1435: Service Pack 3) and AVG free 8.5 I have a cable modem but connect to the internet through wireless adapter.
Also Im in safe mode now and disabled my wireless adater and 1034 connection.
Right next to me I have another clean desktop to download/transfer data via cd burning only (wish I had a usb flash but I don't)

If I missed anything Im sorry and here is the the log of my AVG scan after I was infected.

AVG 8.5 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 8.0.431, engine 8.0.432
Virus Database: Version 271.1.1/2644 2010-01-25

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d3761a5b4dc0ebd045e71faed1a324d_652def8a-b44b-46bb-986b-86430e4cb6b2 Locked file. Not tested.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\5.tmp Trojan horse Vundo.JK Object was moved to Virus Vault.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nsu3.tmp\keygen.exe Trojan horse KillAV.RG Object was moved to Virus Vault.
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 393747
Found infections : 2
Found PUPs : 0
Healed infections : 2
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 blaze4376

blaze4376
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 27 January 2010 - 03:05 PM

You can close this, I would like to thank myself for all my hard work and resolving the problem.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 AM

Posted 27 January 2010 - 03:19 PM

Before i close you and all your hard work you should double check with an online scan..

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users