Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c00002la fatal system error safe mode works


  • This topic is locked This topic is locked
22 replies to this topic

#1 Spectear

Spectear

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 12 April 2010 - 02:55 PM

I had a computer at my workplace with one of those XP Security Viruses (rogue spyware that try and get you to buy their fake AV) only this one was much worse than the few I had run into so far. Normally with a single cleaning of MalwareBytes it would be gone but this latest one took a lot more time even going so far as to disable taskmgr, regedit, changing group policy, system restore, safe mode (would go into BSOD).

I basically tried to restore the Windows system files by taking the XP Pro disk and repairing at least to the point where I could run Safe Mode and eventually renaming MWB so that it would run and start removing some of the viruses. I believe the latest version of MWB was able to get rid of the virus but I still have a problem.

The virus had a sleeper mode and the first time I thought I had gotten rid of it I was reinfected within a few minutes of starting my web browser. I have since deleted it and run a temp file cleaner which I hope helped contribute to getting rid of it entirely.

As far as I can tell the computer is virus free but the problem I have now is that when Windows starts up in normal mode it just crashes and resets itself. I've tried running sfc /scannow but I just get an RPC error. I've tried copying the Windows system files again with the install disk in the hopes of repairing normal mode but it doesn't work. This is an XP Pro SP2 disk.

Safe mode works perfectly fine and I can use it in networking mode to recover any files I might need but I would rather not format the computer when it seems so close to being fully functional again.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 PM

Posted 12 April 2010 - 03:16 PM

Are you 100% certain that you are clean?

#3 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 12 April 2010 - 03:33 PM

I wouldn't be comfortable saying 100% but I'm doing my best to make sure. I've installed Firefox again on the computer in concern to see if browsing will somehow activate a hidden file and start the virus over again. So far though I haven't experienced any problems aside from the very obvious one of not being able to use a normal startup mode.

Are there any other ways to repair Windows system files if that is indeed the issue? I would have thought that having the original disk would be enough but I guess not or I am missing something.

#4 Joe C

Joe C

  • Members
  • 775 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 12 April 2010 - 03:35 PM

It sounds like you have a rootkit
Rootkits are usually hidden from most anti virus/malware scans

Edited by Joe C, 12 April 2010 - 03:36 PM.


#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 PM

Posted 12 April 2010 - 03:36 PM

I would download and run MalwareBytes Anti-Malware - http://www.malwarebytes.org/mbam.php and then post the logs here.

Do you have previous logs of your MBAM Scans?

#6 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:02:53 PM

Posted 12 April 2010 - 03:36 PM

I would suggest you go to the Am I Infected forum at http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ and post for help there mentioning that you have been infected and want to make sure your system is clean, make sure you mention anything you have already tried to clean the machine in your opening post.

Someone with professional training will instruct you on what to do from there, this way you know your machine is in fact clean.

After they give you the all clear, you can try rebuilding your corrupted OS with repair options.

Good luck.

Edited by MrBruce1959, 12 April 2010 - 03:37 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#7 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 12 April 2010 - 03:41 PM

I do have all of the logs and I'll post them in a minute. If I do still have some lingering rootkits or whatever else is there something I can do to detect that? I've run the latest MBAM and it hasn't spotted anything.

Should this topic be moved to the infection forum? I don't want to spam the board with two topics about the same thing.

#8 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 12 April 2010 - 03:45 PM

This was the last cleaning I did that picked up anything. I updated to the latest one this morning but haven't gotten anything after 3 scans.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3972

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

4/12/2010 9:40:07 AM
mbam-log-2010-04-12 (09-40-07).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|P:\|R:\|S:\|U:\|V:\|W:\|)
Objects scanned: 668243
Time elapsed: 8 hour(s), 24 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 17
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 98

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mplay32xe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Symantec Shared\ccapp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccapp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vptray (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remotecontrol (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\searchsettings (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\client access service (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\client access help update (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\client access check version (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\client access express welcome (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwqueuedreporting (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\clim\Local Settings\Temp\tdx8e01 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\clim\Local Settings\Temp\mplay32xe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\nwiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Symantec Shared\ccapp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Symantec AntiVirus\vptray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\CyberLink\PowerDVD\pdvdserv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\IBM\Client Access\cwbsvstr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\IBM\Client Access\cwbinhlp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\IBM\Client Access\cwbckver.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\IBM\Client Access\cwbwlwiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\clim\nwiz .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\clim\nwiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\clim\rundll32 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\363625.old (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\xxxxxxacrotray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\xxxxxxxxxxx555490390.old (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\internet explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\nbam .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\nbam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000010.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000011.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000014.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000017.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000018.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000050.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000051.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000052.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000056.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000057.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000058.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000059.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000060.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0000062.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003115.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003117.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003118.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003119.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003120.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003121.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003123.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003124.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003126.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003127.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003133.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003134.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003135.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003137.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003138.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003141.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003142.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003143.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003144.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003145.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003149.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003150.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003151.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003153.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003154.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003158.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003159.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003160.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0003161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP0\A0006162.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\axxxxxxxxxxxpp_dll.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxxxxxxxxxxb8ht4p.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxxxxxxxxxxsrsvc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\INETSRV\nwiz .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\INETSRV\nwiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\INETSRV\rundll32 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\INETSRV\rundll32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\debug .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#9 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:53 AM

Posted 12 April 2010 - 04:53 PM

Should this topic be moved to the infection forum?


Moved topic from XP to the more appropriate forum, at member request. ~ Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#10 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 13 April 2010 - 11:56 AM

Thanks Animal. I'll be checking this all day so if anyone has any insight please feel free to recommend a program or solution.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:53 PM

Posted 13 April 2010 - 02:16 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 13 April 2010 - 02:26 PM

Nothing has changed since yesterday. I haven't tried anything in addition to MBAM yet. All logs come up clean. I tried putting in a new hard drive but I must've missed a connection because it's saying it's not powered or connected properly.

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 PM

Posted 13 April 2010 - 02:33 PM

Are you getting anymore BSOD's?

#14 Spectear

Spectear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 13 April 2010 - 04:03 PM

Yes. If I login under normal mode it gives the same fatal system error. Safe mode still works.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 PM

Posted 13 April 2010 - 04:15 PM

Can you perform the scans again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users