Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What steps can I take to figure out if I've really gotten rid of my virus?


  • Please log in to reply
15 replies to this topic

#1 aslum

aslum

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 01:02 AM

I recently had a virus. I thought I had successfully removed it. However my CD/DVD drive isn't working all of a sudden, and I am starting to worry that I haven't successfully cleaned it off.
I'm running windows XP. Service pack 3.
I was running Avast, but it wasn't able to get rid of the virus, so I switched to MS Security Essentials as that seemed to have the best ratings from the googling I did on my uninfected laptop. And it along with the recommended tools seemed to have done the trick.
I also run Malwarebytes, Spybot, Spywareblaster and Hijackthis.

MSSE found (and claims to have removed) RealVNC, Yabector.gen and Antivirusxp

Avast had found Bravix and Fasec.

What should I do?

BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 09:48 AM

Can you post your Malwarebytes log for us to look at please? It may give some insight into what's going on.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#3 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 01:39 PM

This is the log from when I realised I was infected and started trying to clean things up:

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/2/2010 7:32:53 PM
mbam-log-2010-02-02 (19-32-53).txt

Scan type: Quick Scan
Objects scanned: 122475
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Aslum\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.


This is the latest log:

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/22/2010 3:43:38 AM
mbam-log-2010-02-22 (03-43-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 473955
Time elapsed: 2 hour(s), 38 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#4 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 01:56 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3681

Your Malwarebytes database is out of date. The datebase is 3776 ( as of 1:55 pm 2-22-2010 ).

Please update your malwarebytes and run one more quick scan.

Post your logs when complete.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#5 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 02:02 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3776
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/22/2010 2:01:59 PM
mbam-log-2010-02-22 (14-01-59).txt

Scan type: Quick Scan
Objects scanned: 112468
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#6 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 02:09 PM

Ok. Your Malwarebytes logs look clean ( as I'm sure you noticed that too :thumbsup: ) so let's have a look at upper and lower filters in the registry.

The Microsoft Knowledgebase Article KB314060 explains in detail how to remove these upper and lower filters from the registry.

***NOTE*** You will be making changes to the registry in Windows XP. Please pay very close attention to the points in the registry that the knowledgebase article is referring to. There are many that look very similar.

Also, please set a restore point before making any changes to your registry. This will allow roll-back should something go wrong.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#7 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 02:28 PM

There are no upper or lower filters to removed. *confused*
Posted Image

#8 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 02:34 PM

When you look in Device manager, does it show any hardware with a problem?

Your CD/DVD drive, does it show in "My Computer"?

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#9 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 02:37 PM

Device manager is convinced it is working fine.

The drive shows up in My Comp but it always acts like there is no disc inserted, even if there is one in there.

#10 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 02:46 PM

Try removing your CD/DVD drive from device manager and reboot.

Your computer should reboot and redetect your drive. The chances are that your drive not working properly and your virus problems are "coincidental" and the drive has been dying for awhile.

Let me know what happens.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#11 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 02:54 PM

I uninstalled the drive, rebooted, and it's back, but still not recognizing any disc that's in it.

#12 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 03:00 PM

Does your CD/DVD drive recognize any bootable disks? ( i.e. Windows XP, Linux, etc )

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#13 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 03:16 PM

No, it won't boot (I tried an Ubuntu Live CD) from the CD.

#14 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:01 AM

Posted 22 February 2010 - 03:19 PM

Then we have exhausted the operating system as a culprit and have also tested the drive without an operating system.

If it will not boot from a CD inserted into it, then you can be sure that the drive itself has died.

I would recommend purchasing a replacement.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#15 aslum

aslum
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 22 February 2010 - 03:20 PM

Alright. Thank you for all of the help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users