Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Antivirus Action Virus/malware Infection

  • Please log in to reply
1 reply to this topic

#1 jwooten827


  • Members
  • 2 posts
  • Local time:05:16 AM

Posted 05 December 2010 - 06:26 AM

Hi, I'm running on windows xp, I've followed the guide posted on here to get rid of the malware, but so far it hasn't worked. It will go away after I run MBAM but once I reboot the computer after replacing the Hosts file, the malware returns. Any help would be greatly appreciated! I'll post the log of the most recent scan as soon as it is done

Edited by Budapest, 05 December 2010 - 04:33 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

BC AdBot (Login to Remove)


#2 jwooten827

  • Topic Starter

  • Members
  • 2 posts
  • Local time:05:16 AM

Posted 05 December 2010 - 07:06 AM

Malwarebytes' Anti-Malware 1.50

Database version: 5245

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/5/2010 5:00:00 AM
mbam-log-2010-12-05 (04-59-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 167849
Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Fraga\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Fraga\local settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.

Also, after I ran it again, it asked me to reboot which I did, the malware is still there, I had to run rkill again just to access the internet.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users