Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to the internet after AVAST scan


  • This topic is locked This topic is locked
3 replies to this topic

#1 mudcat24

mudcat24

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 23 July 2011 - 02:55 PM

Hey guys :)

I've been having some Google redirect problems and can't seem to get rid of it. Not sure if Malwarebytes or SUPERAntispyware can't help fix it, but tried them and nothing. In fact my computer doesn't let me update Malwarebytes. I get PROGRAM_ERROR_UPDATING. I had to download the mbam-rules.exe to update it.
Also I tried ESET Online Scan and I get an error as well when it tries to download the virus components before it runs the virus check.

Anyway I tried downloading AVAST! free antivirus. It found over 20 infected files. Not knowing what to do with them I had them all sent to the Virus Chest. Then it asked me to restart and perform AVAST boot scan. It found over 20 infected files again and were all sent to the Virus Chest. Now I am unable to connect to the internet.

SYSTEM SPECS
Microsoft XP Service Pack 2
Professional
Version 2002

Intel Celeron 2.4ghz
480mb of RAM
========================================

Below this picture are the reports of two AVAST Scan boot scans that were performed. I couldn't find the log for the quick scan performed so I took a screenshot of it.

Posted Image

07/22/2011 22:04
Scan of all local drives

File C:\Documents and Settings\Anna\Application Data\Sun\Java\Deployment\cache\6.0\0\36e33700-7c2dfd1e|>rotor\zalux$vrkr.class is infected by Java:Agent-KU [Expl], Moved to chest
File C:\Documents and Settings\Anna\Application Data\Sun\Java\Deployment\cache\6.0\0\36e33700-7c2dfd1e|>rotor\zalux.class is infected by Java:Agent-KT [Expl], Moved to chest
File C:\Documents and Settings\Anna\Application Data\Sun\Java\Deployment\cache\6.0\0\36e33700-7c2dfd1e|>rotor\Zo666.class is infected by Java:Agent-KV [Expl], Moved to chest
File C:\Documents and Settings\Anna\Application Data\Sun\Java\Deployment\cache\6.0\38\7b69c3a6-4a9ef857 is infected by Win32:Kryptik-BKQ [Trj], Moved to chest
File C:\Documents and Settings\Anna\My Documents\HTC-8900 My Documents\ATT-Navigator-tilt.cab.pdl|>0telenav.001 Error 42127 {CAB archive is corrupted.}
File C:\Program Files\CanonBJ\IJPrinter\Canon MP160\Prn2KXP\mh83jp.ch_|>mh83jp.chm|>images\me.gif Error 42136 {CHM archive is corrupted.}
File C:\Program Files\CanonBJ\IJPrinter\Canon MP160\Prn2KXP\mh83jp.ch_|>mh83jp.chm Error 42127 {CAB archive is corrupted.}
File C:\Program Files\CanonBJ\IJPrinter\Canon MP160\Prn2KXP\mh83jp.ch_ Error 0xC000009C {STATUS_DEVICE_DATA_ERROR}
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1279\A0174714.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1279\A0175715.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1280\A0175727.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175741.EXE is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175742.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175743.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175744.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175745.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175746.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175747.exe is infected by Win32:Dropper-BSN [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175748.EXE is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175749.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini is infected by Win32:Malware-gen, Moved to chest
File C:\WINDOWS\system32\drivers\netbt.sys is infected by Win32:Sirefef-E [Rtk], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp118013647.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp120808448.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp124934900.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp203945379.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp204226324.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp204688800.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\WINDOWS\Temp\_avast_\unp204764794.tmp is infected by Win32:Patched-WQ [Trj], Moved to chest
Number of searched folders: 6399
Number of tested files: 686136
Number of infected files: 25

----------------------------------------
07/23/2011 07:24
Scan of all local drives

File C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\arpot\8a5de-534-0.dat is infected by Win32:Sirefef-E [Rtk], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Documents and Settings\Anna\Application Data\Sun\Java\Deployment\cache\6.0\38\7b69c3a6-4a9ef857 is infected by Win32:Kryptik-BKQ [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Documents and Settings\Anna\Favorites\The Blaze.url is infected by JS:ScriptDC-inf [Trj], Deleted
File C:\Program Files\CanonBJ\IJPrinter\Canon MP160\Prn2KXP\mh83jp.ch_ Error 0xC000009C {STATUS_DEVICE_DATA_ERROR}
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175751.ini is infected by Win32:Malware-gen, Deleted
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175756.sys is infected by Win32:Sirefef-E [Rtk], Deleted
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175767.sys is infected by Win32:Sirefef-E [Rtk], Deleted
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175781.exe is infected by Win32:Patched-WQ [Trj], Deleted
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175817.sys is infected by Win32:Sirefef-E [Rtk], Deleted
File C:\System Volume Information\_restore{5E1DE58F-4461-4B66-8D2E-2CB6E3E1AC04}\RP1281\A0175824.sys is infected by Win32:Sirefef-E [Rtk], Deleted
File C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini is infected by Win32:Malware-gen, Deleted
File C:\WINDOWS\system32\CTSVCCDA.EXE is infected by Win32:Patched-WQ [Trj], Deleted
File C:\WINDOWS\system32\drivers\rdpdr.sys is infected by Win32:Sirefef-E [Rtk], Deleted
Number of searched folders: 6374
Number of tested files: 58368
Number of infected files: 12

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:02 PM

Posted 23 July 2011 - 02:57 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#3 mudcat24

mudcat24
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 23 July 2011 - 03:33 PM

http://www.bleepingcomputer.com/forums/topic410884.html#entry2345068

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:02 PM

Posted 23 July 2011 - 03:40 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users