Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help infected with virus


  • Please log in to reply
12 replies to this topic

#1 kolman

kolman

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 31 January 2011 - 10:12 PM

please help my computer is infected with a virus

Edited by Budapest, 01 February 2011 - 12:10 AM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 01 February 2011 - 09:01 AM

In order to assist you effectively, we need more specific information. Please read:What OS (Windows 7, Vista, XP) are you using?
What issues/symptoms of infection do you have?
What actions (security tools, scans have you taken so far?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 February 2011 - 10:02 AM

i ran runkill to stop the virus ran a full scan with maleware nothing came up my adobe acrobat reader stopped working
i am using window xp
i am sure the the virus is still in the computer as its running very slow

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 01 February 2011 - 10:43 AM

Please post the results of your last MBAM scan for review (even if nothing was found).

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 February 2011 - 01:13 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4863

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/1/2011 12:01:36 AM
mbam-log-2011-02-01 (00-01-36).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 216413
Time elapsed: 1 hour(s), 38 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 01 February 2011 - 01:26 PM

Your Malwarebytes Anti-Malware log indicates you are using an older version (1.46) with with an outdated database. Please download and install the most current version (v1.50.1) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

The database shows 4863. Last I checked it was 5654.

Update the database through the program's interface <- preferable method.

After completing my previous instructions, perform a Quick Scan with Malwarebytes in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 February 2011 - 02:39 PM

Norman Malware Cleaner
Version 1.8.3
Copyright 1990 - 2010, Norman ASA. Built 2011/02/01 05:37:55

Norman Scanner Engine Version: 6.06.12
Nvcbin.def Version: 6.06.00, Date: 2011/02/01 05:37:55, Variants: 9761494

Scan started: 2011/02/01 13:36:20

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: RSN-185AAF23C67\Malky

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoResolveSearch = 0x00000001

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 125ms


Scanning running processes and process memory...

Number of processes/threads found: 4096
Number of processes/threads scanned: 4096
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 54s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\Malky\Desktop\TFC.exe (Infected with W32/SmallDrp.AZGM)
Deleted file


Running post-scan cleanup routine:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 01 February 2011 - 03:19 PM

Ok. Please continue.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 February 2011 - 11:13 PM

C:\Documents and Settings\Malky\Local Settings\temp\kvvjarbik\molrwcqsjmo.exe a variant of Win32/Kryptik.KEC trojan cleaned by deleting - quarantined

#10 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 02 February 2011 - 12:16 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5657

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/2/2011 12:14:12 AM
mbam-log-2011-02-02 (00-14-12).txt

Scan type: Quick scan
Objects scanned: 156573
Time elapsed: 19 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\pohweaha (Trojan.FakeAlert.Gen) -> Value: pohweaha -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 02 February 2011 - 10:19 AM

Your log indicates modifications were made to the Proxy Settings.

Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. Double-check/Reset Proxy Server Settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions for System Tool using Malwarebytes' Anti-Malware in this guide.

If using FireFox, refer to these instructions to check and configure Proxy Settings under the Connection Settings Dialog.

When done, let me know how your computer is running and if there are any more signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 kolman

kolman
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 18 March 2013 - 11:09 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.19.02
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
zvi and malke :: ZVIANDMALKE-HP [administrator]
 
3/18/2013 11:49:21 PM
mbam-log-2013-03-18 (23-49-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210802
Time elapsed: 6 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\zvi and malke\Desktop\1BOX_NTR2011.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
 
(end)


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:34 AM

Posted 19 March 2013 - 06:29 PM

You replied to your original topic which is over two years old now...what type of issues are you having now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users