Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Nimnul.A Virus


  • Please log in to reply
1 reply to this topic

#1 ezc19

ezc19

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 19 September 2010 - 09:24 AM

I've got a virus that won't go away. All my files and internet work, but Kaspersky still picks it up. I've got a Vaio laptop and Windows XP. I've run Malwarebytes Anti-Malware, but it always comes back. Any help would be greatly appreciated. Here's the log from yesterday:





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4648

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/18/2010 7:13:58 PM
mbam-log-2010-09-18 (19-13-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 338220
Time elapsed: 4 hour(s), 53 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT (Trojan.PornDialer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1c74b884-ccc0-82f3-d85b-c2df12f5b39c} (Spyware.Zbot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,c:\program files\intel\wireless\bin\s24evmonsrv.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Evan\Application Data\Hobuul\izyt.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\imiv.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\aqfoqy.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\yxtyo.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP857\A0223047.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP857\A0227857.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0228023.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0228039.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0228876.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0228991.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0228992.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0229244.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0229355.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0229356.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP858\A0229513.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Evan\Local Settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:24 PM

Posted 19 September 2010 - 09:38 PM

:Looks like it infected your userinit file.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users