Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defense Center Virus still causing problems


  • Please log in to reply
5 replies to this topic

#1 1laguy

1laguy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 14 July 2010 - 01:28 AM

32 bit vista

I started getting the Defense Center scam virus. Was able to run Malwarebytes and clean a lot of junk--but I'm still having problems. And even though I will have a clean scan..I will find and delete viruses using another scanner (windows defender, bit defender).

Here are my problems now:

1. I can't download anything. The http download automatically gets canceled. When I click retry, it sometimes look like it finished but is nowhere to be found. Other times, I actually did find it but it arrived and wasn't able to be run.

2. Many of my system privileges have been taken away. I can't run system restore (turned off by group policy). I can't run my Housecall Launcher (windows cannot access the specified device path or file. you may not have the appropriate privileges).

3. When I click a link from a Google search, I get redirected to another search result page; which never actually loads, but the URL always has viafind.com


Since I can't download, I haven't been able to get hijack this. This is my latest MBAM log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

7/13/2010 9:24:50 PM
mbam-log-2010-07-13 (21-24-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 274948
Time elapsed: 1 hour(s), 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Ryan\AppData\Local\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Edited by Blade Zephon, 14 July 2010 - 02:27 AM.
Move to AII. ~BZ


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:55 PM

Posted 14 July 2010 - 03:01 AM

Can you update Malwarebytes Anti-Malware?

#3 1laguy

1laguy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 14 July 2010 - 01:29 PM

Can you update Malwarebytes Anti-Malware?


I just did. It seems to be finding more infected files. Would that cure my problems? Or would I still need to tweek my windows settings on my own to get my privileges and google searches back? I am able to get around the viafind redirects by clicking on the cached version of the search result.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:55 PM

Posted 14 July 2010 - 01:30 PM

Once the scans are complete post the logs here. It may require advice from our Malware Removal Team. I am only here to advice.

#5 1laguy

1laguy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 14 July 2010 - 03:16 PM

here is the latest log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4313

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

7/14/2010 1:15:28 PM
mbam-log-2010-07-14 (13-15-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 286551
Time elapsed: 1 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMOptimizer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Administrator\ntl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\1275452.exe (Trojan.Wigon) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\1892453557.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\epsuo5pb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\jcanh7yknnv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\login.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\mdm.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\notepad.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\nvsvc32.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\spoolsv.exe (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scand.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ryan\ntl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scand.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\w1[1].rand=14881 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\w1[1].rand=14881 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scand.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scand.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by 1laguy, 14 July 2010 - 03:18 PM.


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:55 PM

Posted 14 July 2010 - 03:27 PM

With the information you have provided I will refer you to our MRL Team please follow the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users