Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP SP3 - Malware Am I Infected?


  • Please log in to reply
No replies to this topic

#1 mattbronson

mattbronson

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:21 AM

Posted 10 April 2010 - 12:56 PM

++++EDIT++++

I've just noticed that there are other users on this machine called 'c' and 'mycomputername-c' but it has not been set up by anyone using the machine. The user has shortcuts to Remote Access and On Screen Keyboard, Utility Manager, Magnifier, Narrator, Command Prompt, Notepad, Synchronize, Windows Explorer. Am I being paranoid or are all these programs the sort of things a hacker would use?!!! Both accounts have exactly the same program shortcuts as mentioned.

I really want to delete these unwanted users urgently so if someone could advise me as to whether they are required for further information I would be grateful - thanks.

Offline Files has also been enable which is not familiar to anyone here - this is preventing fast switching between users so I have disabled it.

+++END EDIT+++

Hi, I'm looking for some help with potentially a virus removal. If it's not a virus and the thread needs to be posted elsewhere please do so.

In the middle of checking gmail on my friend's machine we experience what seemed like a system shut down. All programs suddenly closed and we were prompted to delete all messages in his Outlook 'deleted items' (which is the setting he has set). We were then kicked out of Windows and the Windows logon screen was displayed showing the user as c (or maybe c:) but the worrying part was that the message on the logon screen said the computer was in use by another user. At that point I cut the power to the machine immediately.

Whilst offline, I performed an Avast AV scan which did not find any infections.

I then went back online to download Malwarebytes, updated the definitions file and set it to scan overnight. I checked it this morning and it had found 2 infections which it asked me to remove and I did. Since removing the infections my friend's machine takes about 5-10 minutes longer to boot up and to reach the Windows desktop screen... it has a blank blue screen with a mouse pointer on for ages. In addition a piece of software that runs on this machine 24/7 failed to start as it was missing a needed windows file.. Please see MWB log file results below

===========================================================
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

4/10/2010 1:12:12 PM
mbam-log-2010-04-10 (13-12-12).txt

Scan type: Quick scan
Objects scanned: 188508
Time elapsed: 1 hour(s), 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=========================================================


I fear I may have screwed up his machine by doing the MWB removal.. please help if you can.

Thanks in advance.

Matt

Edited by mattbronson, 10 April 2010 - 01:40 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users