Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP cant execute anything


  • Please log in to reply
3 replies to this topic

#1 floop

floop

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 24 May 2010 - 02:41 AM

i turned my comp on and im infected, guess one of my brothers decided to let me deal with this. i cant open mbam SAS and keep getting security alerts of things that cant be executed and of the couple of minutes ive been on IE keeps opening itself to random pages, first it was porno then some other adult site and then viagra plz help i dont know what to do and i have a lot of little shields with x"s at bottom of right screen. help

BC AdBot (Login to Remove)

 


#2 floop

floop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 24 May 2010 - 04:08 AM

i managed to run MBAM in safe mode and it found the infections but now i"m getting redirects in google, I got about 6 before I finally got into bleeping computer . Don"t know what to do and My CA anti virus is currently out of date any recommendations on an AV program I will try MBAM again and then SAS. any help will be appreciated .

Here is the MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

5/24/2010 2:47:38 AM
mbam-log-2010-05-24 (02-47-38).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 225407
Time elapsed: 35 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bqinkvfs (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bqinkvfs (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ekcvuemjg\aelwcgntssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Edited by floop, 24 May 2010 - 04:11 AM.


#3 floop

floop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 24 May 2010 - 04:24 PM

I ran SAS and nothing, i updated mbam and ran a full scan again in normal mode and it found something called tdss rootkit but im still getting redirects and a random tab in firefox will open to a random site.

all random pages seem to have the same little icon by address bar looks like a little blue loop in a white square, kinda looks like a number 2

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4136

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

5/24/2010 5:32:41 AM
mbam-log-2010-05-24 (05-32-41).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 231901
Time elapsed: 1 hour(s), 51 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\A4.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully

#4 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:16 PM

Posted 01 June 2010 - 06:53 AM

Anybody wanna help this guy? :thumbsup: :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users