Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No...help me with antivirus scan!


  • Please log in to reply
17 replies to this topic

#1 YesImOtto

YesImOtto

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 02:33 PM

Hello....I am so grateful I can go on the internet.....Basically I donno why... I just opened computer and bang, theres virus...

It is called antivirus scan with "protecting every second" under it. It has green shield symbol. I tried running MBABM and super anti spyware, but they didnt detect anything!!....or maybe they are out of date?

Oh no....please help! I cannot open most things, such as mbam and updating it to the latest one.... ><"

:'(

Edited by sumosalad, 24 January 2011 - 02:38 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 24 January 2011 - 03:15 PM

Hello and welcome. Please tell us your Antivirus application and Operating System.

Please follow our Removal Guide here Remove Antivirus Scan .
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 03:19 PM

Hi,

Thank you for quick reply.

Yes I have tried that guide before, and my MBAM is not up to date, however as I am typing now I am checking for updates.

2 questions.

1. When the antivirus (like super anti spyware and mbam) are not up-to-date, it is possible they will fail to find viruses?

2. Is system restore good for virus removal?

#4 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 03:33 PM

Ok im going to run antivirus now, be back in 3-4 hours!

EDIT: Wait i see you are here :)

Edited by sumosalad, 24 January 2011 - 03:33 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 24 January 2011 - 03:38 PM

System restore may work to get you to the uninfected state. Whereas you can update and scan the PC and be sure it is still not lurking waiting to become active.

You can also Manually Download Updates: For MBAM.
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine..

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware


All that said. I usually like to to it this way when the update issues arrive if System Restore is unavailable.
The first 2 tools usually stop the Malware from retricting updating or running the Apps.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 07:37 PM

Hmmm...weird....I cannot find the logs...I have been using this for a longn time, this is the first time..

But , I am pretty positive that MBAM didnt find anything bad,

As for RKill, I have been here before, and other people have told me to use it, but I cannot do it because it always "stopped working". THey said it is fine, maybe just my computer (Vista)

So....what now mate? I just want to make sure everything is ok...

Maybe I should try that ESET online scanner?

#7 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 08:46 PM

Also mate, how does it work when people say viruses may steal ur password? Is the creator of the viruses always on standby if he can steal passwords?

Just curious Id like to know

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 24 January 2011 - 09:01 PM

Yes you should run ESET.
Whenever you run RKill you should down load a new copy as the base is updated.

These Rogue AV's (like what you had here) are only trying tp fool you into buying their removal tool.
Backdoor.IRC,infostealers and rookits trojans/Bots are the ones looking to steal your personal,banking,credit card information.


Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do





Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 24 January 2011 - 09:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 24 January 2011 - 09:23 PM

So, the ones I have (or hopefully had lol) , they are just rogue stuff, not password-stealing viruses....right?

Ok running ESET now

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 24 January 2011 - 09:30 PM

So far as the only one I know of (No logs )is Antivirus Scan.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 25 January 2011 - 02:11 AM

Here yu go!!


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-23 01:59:24
# local_time=2010-08-23 09:59:24 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 27838077 120044852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=207203
# found=32
# cleaned=32
# scan_time=4218
C:\Users\Budy\AppData\Local\dldxpake.dll a variant of Win32/Cimag.DF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\uyeneyaf.dll a variant of Win32/Cimag.DE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\lwmqyheev\serhey234m 2u4hy.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\1D26.tmp a variant of Win32/Olmarik.ACN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\89CD.tmp a variant of Win32/Olmarik.ACN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\8C1E.tmp a variant of Win32/Olmarik.ACN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\D434.tmp a variant of Win32/Olmarik.ACN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\lqrog.exe a variant of Win32/Kryptik.GET trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\mkcxhunr.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\unqo.exe a variant of Win32/Kryptik.GET trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\wtpvaae.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Temp\xjoqojgw.exe a variant of Win32/Cimag.DF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\Windows Server\hlp.dat Win32/Bamital.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\24089576-6287bf67 Java/TrojanDownloader.Agent.NBJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp a variant of Win32/Kryptik.GEC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\fssumbcmx\135rqh.exe a variant of Win32/Kryptik.GFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\Temp\0.9263620668107021.exe a variant of Win32/Kryptik.GFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\Temp\jar_cache2111056026134423009.tmp OSX/Exploit.Smid.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\Temp\jar_cache5014590339073041672.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\Temp\jar_cache6708189794110616482.tmp OSX/Exploit.Smid.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\Local\Temp\jar_cache7716012512873488706.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\654181e6-1b9a5dc1 OSX/Exploit.Smid.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7ab478c8-4a04cabb OSX/Exploit.Smid.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\3e80b20-17fb2dd0 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\3f3af9d7-740684bd multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\748dfd1-12b4f52d multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\ebirihehafileyoc.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\ggbrzx[1].htm Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\uhedyvt.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\DoctorWeb\Quarantine\uqsxhrptssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Karl\AppData\Local\Temp\jar_cache6884087530805145556.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Karl\AppData\Local\Temp\jar_cache8394336112103346310.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-25 01:35:24
# local_time=2010-08-25 09:35:24 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 28053032 120259807 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=173412
# found=2
# cleaned=0
# scan_time=3822
C:\Program Files (x86)\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application 00000000000000000000000000000000 I
C:\Users\Eddie\DoctorWeb\Quarantine\2c9ba28b-3d3fb47f multiple threats 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-15 06:05:19
# local_time=2010-11-15 02:05:19 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 35114184 127320959 0 0
# compatibility_mode=8192 67108863 100 0 6441599 6441599 0 0
# scanned=14060
# found=0
# cleaned=0
# scan_time=466
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-16 03:26:30
# local_time=2010-11-16 11:26:30 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 35187083 127393858 0 0
# compatibility_mode=8192 67108863 100 0 6514498 6514498 0 0
# scanned=202685
# found=6
# cleaned=6
# scan_time=4438
C:\Users\Andrew\AppData\Local\iqofawina.dll a variant of Win32/Cimag.EA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\Local\KBData0.dll a variant of Win32/Cimag.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5a859f3b-3552898f a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Budy\AppData\Local\ubojeruqa.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\529477a3-4397da3f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\618e9309-5c0779bd a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-24 08:42:29
# local_time=2011-01-25 04:42:29 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 41215275 133422050 0 0
# compatibility_mode=8192 67108863 100 0 12542690 12542690 0 0
# scanned=194
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=6a48aa3a6f78af4cb1809b60740471d6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-25 07:03:37
# local_time=2011-01-25 03:03:37 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 41247741 133454516 0 0
# compatibility_mode=8192 67108863 100 0 12575156 12575156 0 0
# scanned=219247
# found=9
# cleaned=9
# scan_time=4807
C:\Users\Budy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\22d4fcd5-49dd1f07 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\b154094-60554a2c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4b0aa3c4-6aeaf184 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-27fbe411 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4a4764bc-1213b8f5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\Documents\HAX\HAX2\Ecstatic Cheat Resurrection\EcstaticCheat.exe probably a variant of Win32/Spy.Small.LKEMYIR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\Documents\HAX\HAX2\PixelBot v1.4\PixelBot.exe probably a variant of Win32/Agent.BWYHWJE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\Downloads\Anti_SS + WallHack.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Eddie\Downloads\CS_Hacks.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 25 January 2011 - 03:03 PM

Hello, I see we are living dangerously. You have game cheats of sorts thsat are installing trojans over and over. This one also in particular is dangerous. Trojan:Win32/Bamital tries to contact a predefined remote server to report the infection. When it connects it will act as an IRC Backdoor infection..
I can only advise you of the downside of these practices. Eventually we will not be able to clean themas they will become to strong.
Our Global Mod quietman7 wrote this...

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!



What version of JAVA is running if any?
Go into Control Panel> Programs > Uninstall a Program.
Go down the list and tell me what Java applications are installed and their version.
Same with Adobe.


How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 25 January 2011 - 07:50 PM

Yep, Thank you, I have deleted them like you said.

My Java is "Java ™ 6 Update 16" and adobe is "adobe reader 9.3.3"

If you meant adobe flash then it is 10 active x and plugin

Right now my computer is fine, like before the virus.

So...what you said really makes me nervous... i have deleted them though, what now?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:40 PM

Posted 25 January 2011 - 08:16 PM

Hello again,
The latest version of Adobe reader is Adobe Reader X. It needs to be updated from the link below and the old removed. Follow my instructions to fix this. Do the JAV (below first as it's a similar process.
http://get.adobe.com/reader/

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 26 January 2011 - 12:23 AM

Hi,

So basically my computer is alright now, just need to update Adobe and Java?

I guess it should be ok, because if I install these things my brother will get angry :(

THank you though for your help mate

Thanks again boopme!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users