Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I'm Infected


  • Please log in to reply
2 replies to this topic

#1 jtphenom

jtphenom

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 17 November 2010 - 08:27 AM

Hi folks,

A few days ago, I started seeing random IE pages open to strange sites. Then it got to where I'd do a google search, click on a page, and it would re-direct me to another random page. At the same time I started receiving 2 different errors:

1. The NTVDM CPU has encountered an illegal instruction.
CS:091c IP:015c OP:63 68 65 22 3e

2. I forgot the exact wording of the other error (I wrote it down but lost the sheet.. DOH!), but it was the error about generic service hosts shutting down.

I'm running Windows XP on an Optiplex 760. I'm pretty sure I'm infected with something. Where should we start?

Thanks for your help!
J

BC AdBot (Login to Remove)

 


#2 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 17 November 2010 - 09:27 AM

Pre-emptively posting an MBAM log here:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5135

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

11/17/2010 9:19:23 AM
mbam-log-2010-11-17 (09-19-23).txt

Scan type: Quick scan
Objects scanned: 193588
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\JTenEyck\Application Data\sdtsh.bat (Malware.Trace) -> Quarantined and deleted successfully.


What next? :)

#3 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 17 November 2010 - 10:11 AM

I should note that, even though I removed those entries, ran another scan, and found nothing else, I am still being re-directed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users