Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Cornucopia on Office Computer


  • Please log in to reply
5 replies to this topic

#1 Christie23

Christie23

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charlotte, NC
  • Local time:03:05 AM

Posted 28 June 2011 - 09:04 AM

I had so much success with my personal computer with the help of some pretty amazing people here that I thought I would try to help my boss out as well. I work for a small construction company and our sole computer is and has been infected with a SLEW of things since I began in his employ. I'd like to clean it up for him, but I don't even know where to start. As this is a business computer, the files are clearly important and used daily... but it's in pretty bad shape. From dropping internet connections, to google rerouting, to recovery, to pop ups, you name it...

Thanks so much for taking the time to read this.

P.S. I have taken all the steps required per instructions, but will refrain from posting the DDS log until it's requested.

Edited by Christie23, 28 June 2011 - 09:38 AM.


BC AdBot (Login to Remove)

 


#2 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:05 AM

Posted 28 June 2011 - 10:27 AM

first of all you need to download malwarebytes antimalware which is found here
however if you cannot get to the site on your infected computer you will need a cd or flash drive and you will need to put the installer on the cd or the flash drive after thats done install malwarebytes antimalware and update it then do a quick scan with it then post the log it gives you here
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#3 Christie23

Christie23
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charlotte, NC
  • Local time:03:05 AM

Posted 28 June 2011 - 10:44 AM

Ok... scan results here. Should I remove these?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6967

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

6/28/2011 11:43:01 AM
mbam-log-2011-06-28 (11-42-44).txt

Scan type: Quick scan
Objects scanned: 163396
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Owner\AppData\Local\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\KBDapi.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xvudo (Trojan.Hiloti.Gen) -> Value: Xvudo -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysovupavidi (Trojan.Hiloti) -> Value: Ysovupavidi -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Value: agent.exe -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\PCenter\pc.exe) Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
c:\programdata\13856344 (Rogue.Multiple) -> No action taken.
c:\program files\anti-virus professional (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\logs (Rogue.AntiVirusProfessional) -> No action taken.

Files Infected:
c:\Users\Owner\AppData\Local\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\KBDapi.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\0.46113687947928017.bat (Trojan.DroopTroop) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\odn.exe (Trojan.Agent) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\ooo.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\dml3h-update2 .exe (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\dwv.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\fqaogcefhj.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\cocuweblrd.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\xhvqgonvsc.exe (Rogue.SecurityTool) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\jxshvtoeoi.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Users\Owner\local settings\application data\KBDapi.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\local settings\application data\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\Desktop\PCenter.lnk (Rogue.PrivacyCenter) -> No action taken.
c:\programdata\13856344\pc13856344ins (Rogue.Multiple) -> No action taken.
c:\program files\anti-virus professional\anti-virus professional.exe (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\noadware4_021709.na (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\nutilities.dll (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\unins000.dat (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\unins000.exe (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\uninstldll.dll (Rogue.AntiVirusProfessional) -> No action taken.

#4 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:05 AM

Posted 28 June 2011 - 11:24 AM

remove them then reboot
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#5 Christie23

Christie23
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charlotte, NC
  • Local time:03:05 AM

Posted 28 June 2011 - 12:01 PM

Done and ready for the next step.

Thanks for your help.

Edited by Christie23, 28 June 2011 - 12:01 PM.


#6 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:05 AM

Posted 28 June 2011 - 12:20 PM

install firefox its way more safer then ie and also the rogue may have changed your settings on the internet so that it connects to a proxy that does not exist if so then you need to change it to no proxy or system settings proxy

edit:my proxy settings are use system proxy settings on firefox

Edited by firemaster1337, 28 June 2011 - 12:23 PM.

Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users