Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 + "YOUR SYSTEM IS INFECTED!"


  • Please log in to reply
26 replies to this topic

#1 loveissummer

loveissummer

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 07 February 2010 - 05:11 PM

Hello.

I am using Windows XP. I got a virus on my computer. My desktop is set to an image that reads: "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Sypware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware is removed."

Also a program under the name of "Internet Security 2010" automatically opens and is running constantly. I can't close it.

I would appreciate any help that I can get. I would really like to remove this from my computer without losing any of my files. I have disconnected my computer completely from the internet.

Thank you.

BC AdBot (Login to Remove)

 


#2 Arctic

Arctic

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:00 AM

Posted 07 February 2010 - 05:14 PM

http://www.bleepingcomputer.com/virus-remo...irus-vista-2010

try these instructions
I can only help.. If i know what the problem is.

we never have time to do things right, but we always have time to do them again

LAWL

#3 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 07 February 2010 - 05:21 PM

Thanks for the fast reply =)

It won't let me get past step #5. I plug in the USB drive that I have the file saved on and I click on it to run it and I get the following error: "Application cannot be executed. The file is infected. Please activate your antivirus software."

So I skipped this step and ran Malwarebytes' Anti-Malware program. It performed the scan and said I had 10 infected files. I made sure they were all selected and removed them. I restarted my computer and I'm still having the same problems. Here's the log file:

Malwarebytes' Anti-Malware 1.36
Database version: 1973
Windows 5.1.2600 Service Pack 3

2/7/2010 2:55:36 PM
mbam-log-2010-02-07 (14-55-24).txt

Scan type: Quick Scan
Objects scanned: 76851
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yonelaliro (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by loveissummer, 07 February 2010 - 05:56 PM.


#4 Sonic98

Sonic98

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 07 February 2010 - 05:35 PM

I'm not sure if you know this but I've read a lot of threads on this saying to download MalwareBytes, which is what I would usually do first. This is on a computer that already has the program installed, and it will not run. IT keeps saying it can't find mbam.exe. I've even tried renaming the setup file and choosing a different name and location for the installation. I guess I will try copy the exe off my other computer and just rename it


--------------------------------
Update: I had already had a fixreg program on the drive I was using. I think it was for something else. I will re-run with this one and see how it goes. I hope it does because Super Anti-Spyware and Spybot didn't do anything

Edited by Sonic98, 07 February 2010 - 05:43 PM.


#5 Arctic

Arctic

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:00 AM

Posted 07 February 2010 - 06:16 PM

two things I am noticing.

The malewarebytes you are using is out of date. I believe they are on version 1.4x

also all of the logs indicate that no action was taken.

my advice would be to try and launch malware bytes again, update it to the latest definitions

perform a full scan and then select remove on all issues found.

Edited by Arctic, 07 February 2010 - 06:16 PM.

I can only help.. If i know what the problem is.

we never have time to do things right, but we always have time to do them again

LAWL

#6 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 07 February 2010 - 07:06 PM

Oh thanks. I didn't even realize I was running an older copy. Installed a newer version and now it says I have 42!

Removed them all and I'm still having problems.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/7/2010 4:02:10 PM
mbam-log-2010-02-07 (16-02-10).txt

Scan type: Quick Scan
Objects scanned: 119361
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Unloaded process successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\livukafa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dahuvuze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\homefebe.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82c55839-788b-4589-ab9b-0bc1ab8f4ed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82c55839-788b-4589-ab9b-0bc1ab8f4ed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yonelaliro (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dahuvuze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\livukafa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dahuvuze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\homefebe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zasezara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\horj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lorisa Lee\Local Settings\Temporary Internet Files\Content.IE5\U32QG2GQ\dwgqq[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lorisa Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00003e8d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#7 Arctic

Arctic

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:00 AM

Posted 07 February 2010 - 07:31 PM

I believe you will need to reboot, malwarebytes should take care of the rest according to the log

Memory Modules Infected:
C:\WINDOWS\system32\livukafa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dahuvuze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\homefebe.dll (Trojan.Vundo.H) -> Delete on reboot.

- if that doesn't work..

I'd try to boot safemode and re-run a scan with malwarebytes
I can only help.. If i know what the problem is.

we never have time to do things right, but we always have time to do them again

LAWL

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 08 February 2010 - 01:09 PM

Hello, actually you still need an update.. database version is at 3700+ now.
Please run MBAm in normal if it will. Running a scan in safe mode is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 08 February 2010 - 08:28 PM

It won't let me update MalwareBytes. I uninstalled it completely. Shut down my computer and tried to redownload it but now I can't access the website for Malware so I couldn't download from it. I use FireFox and I get a "The connection was reset" error. I had to use a different computer to download it, put it on a flash drive and reinstall it. But it still won't let me update the database. I get this error:
"An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.
Error code: 732 (12031, 0)

I was able to download ATF Cleaner from the computer that is infected but not SUPERAntiSpyware. Same thing I get when I tried downloading MalwareBytes.

I tried updating SUPERAntiSpyware and I get this error:
"There was an error trying to retrieve definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the Internet.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 08 February 2010 - 09:35 PM

Hello ... You appear to have IS 2010 not XP IS 2010.
As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\ tc... so please follow our Removal Guide here http://www.bleepingcomputer.com/virus-remo...t-security-2010

You will move to the Automated Removal Instructions for Internet Security 2010 using Malwarebytes' Anti-Malware:

After you completed that post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 08 February 2010 - 09:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 08 February 2010 - 10:18 PM

Alright. I tried following the instructions. I got stuck on step #8. When I try to download from that link on the infected computer, my FireFox will not load the page. So then I downloaded it on a different computer and then placed it in the folder and tried running that. It opens but when I go to update, I get the same error as before.

Edited by loveissummer, 08 February 2010 - 10:19 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 08 February 2010 - 10:35 PM

Hello what antivirus and firewall is running?

Have tried this?

MBAM 732 error

This routine will confirm that Internet Explorer is set to the Online mode.
Click on START - RUN and Copy/Paste the following into the run line (On Vista you can use the Search line) and click OK

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f

OR
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 08 February 2010 - 11:38 PM

Antivirus - I use AVG and firewall, just the regular Windows one that comes with the operating system.

I cannot access the Malware website at all from the infected computer. I have tried using both Firefox and even Internet Explorer. I get this error:
Posted Image

Do you want me to download it from another computer and install it that way?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 08 February 2010 - 11:49 PM

Yes.. do so. I will be off now but will look tomorrow.
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

Also running the ATF and SAS first may remove some malwares they may be causing this.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 loveissummer

loveissummer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:00 AM

Posted 09 February 2010 - 12:09 AM

Here's the log:

Malwarebytes' Anti-Malware 1.43
Database version: 3710
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/8/2010 9:07:35 PM
mbam-log-2010-02-08 (21-07-35).txt

Scan type: Quick Scan
Objects scanned: 123528
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seagate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.224,93.188.166.70 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0356ebca-c1ef-434c-8f69-8cb27f110b97}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.224,93.188.166.70 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\dqccpnq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\kkalf.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\ojjw.exe (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lorisa Lee\Local Settings\temp\Vbz.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lorisa Lee\Local Settings\temp\s0q6yr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.

Edit:

Yay! I think it worked this time!!! After I ran the scan, I restarted my computer and opened up Malwares and I was able to finally update it =) I can also access the website from the computer now too. Thank you SOOOO much! =)

Does this mean the whole problem is taken care of? Should I still boot the computer in safe mode and run the SuperAntiSypware program?

Edited by loveissummer, 09 February 2010 - 12:29 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users