Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus


  • Please log in to reply
2 replies to this topic

#1 fiefer1

fiefer1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 04 October 2010 - 11:23 PM

Hello,

I have encountered a possible virus on my Windows XP SP3, Home Edition.

My computer is a Dell Inspiron 6000.

Specifically, I receive prompts that my Windows 32 Subsystem & Print Spooler have encountered errors and need to close. This typically happens after 2 minutes following startup, but has recently occured immediately following startup.

As a result, I am unable to print items, and my Wireless connections become disabled.

In addition, I have noticed some Google Redirect-like activity, but this is inconsistent.

Importantly, I am unable to operate my versions of Malwarebytes and SuperAntiSpyware.

Furthermore, I am unable to access the Malwarebytes website. However, I went around this and downloaded a new copy of Malwarebytes via CNET. However, the newly installed version would not execute.

This is a tricky one that I am not able to diagnose myself, and especially difficult as my wireless access is now intermittent (likely due to the Windows 32 crashes).

Please let me know what information you need. Please note, however, that I am currently unable to operate Malwarebytes or access their website.

Thanks!

Edited by Budapest, 04 October 2010 - 11:53 PM.
Moved from XP ~BP


BC AdBot (Login to Remove)

 


#2 fiefer1

fiefer1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 04 October 2010 - 11:43 PM

Okay, through a little digging, I found that renaming the Malwarebytes EXE file allowed me to run the program. Thank the maker. Running a full scan and will post a log.

#3 fiefer1

fiefer1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 04 October 2010 - 11:56 PM

Looks like I've been graced with the Trojan.DNSChanger - here's the log. Now I have a sneaking suspicion that this won't go away even thought the Trojan has been quarantined and removed. Any tips? Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/4/2010 9:51:54 PM
mbam-log-2010-10-04 (21-51-54).txt

Scan type: Quick scan
Objects scanned: 127277
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.84,93.188.161.224 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1bb94fd4-ca74-4c39-8ae7-7f171f9bae91}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.84,93.188.161.224 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users