Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Enhanced Protection Mode Virus Norton and Mcafee and MS Security Essentials


  • Please log in to reply
4 replies to this topic

#1 bcti

bcti

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 31 July 2011 - 12:58 PM

I am infected with multiple virus. I tried to remove them by running hitman pro, malwarebytes and superantispyware which went well BUT when I rebooted the computer would not restart. I then had to roll back with system restore to get the computer to work again but then I was still infected. Anyone willing to help me get rid of these bugs? Oh by the way I am running windows 7 x64. Oh and if I try to type in tdsskiller my computer restarted immediately.

BC AdBot (Login to Remove)

 


#2 bcti

bcti
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 31 July 2011 - 01:25 PM

Here is a copy of the malwarebytes scan log I just ran:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7339

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/31/2011 12:22:16 PM
mbam-log-2011-07-31 (12-21-53).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 367008
Time elapsed: 49 minute(s), 6 second(s)

Memory Processes Infected: 8
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 15
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 36

Memory Processes Infected:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2272 -> No action taken.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> 3124 -> No action taken.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> 3148 -> No action taken.
c:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> 3164 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3212 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 3224 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2000 -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> 3236 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9269981.exe (Trojan.Agent) -> Value: 9269981.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3779277.exe (Trojan.Downloader.Gen) -> Value: 3779277.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\97633586-loader2.exe (Trojan.Agent) -> Value: 97633586-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\519411.exe (Trojan.Downloader.Gen) -> Value: 519411.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Files Infected:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-9-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-10-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Users\Debra\AppData\Local\Temp\9269981.exe (Trojan.Agent) -> No action taken.
c:\Users\Debra\AppData\Local\Temp\985010.exe (Trojan.Agent) -> No action taken.
c:\Users\Debra\downloads\flash-player(1).exe (Trojan.Dropper) -> No action taken.
c:\Users\Debra\downloads\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-10-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-14-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Debra\AppData\Local\Temp\3904351.exe (Trojan.Agent) -> No action taken.
c:\Users\Debra\AppData\Local\Temp\5309715.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\update.3\svchost.exe (Trojan.Agent) -> No action taken.
c:\Users\Debra\AppData\Local\Temp\519411.exe (Trojan.Downloader.Gen) -> No action taken.

#3 bcti

bcti
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 31 July 2011 - 01:29 PM

Here is the Superantispyware log that I just ran:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 12:20 PM

Application Version : 4.56.1000

Core Rules Database Version : 7493
Trace Rules Database Version: 5305

Scan type : Complete Scan
Total Scan Time : 01:00:51

Memory items scanned : 632
Memory threats detected : 8
Registry items scanned : 12865
Registry threats detected : 13
File items scanned : 34917
File threats detected : 36

Trojan.Downloader-SVCHost/Fake
C:\WINDOWS\UPDATE.5.0\SVCHOST.EXE
C:\WINDOWS\UPDATE.5.0\SVCHOST.EXE
C:\WINDOWS\UPDATE.1\SVCHOST.EXE
C:\WINDOWS\UPDATE.1\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-14-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-14-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-9-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-9-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-10-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-10-0\SVCHOST.EXE
C:\WINDOWS\UPDATE.3\SVCHOST.EXE
C:\WINDOWS\UPDATE.3\SVCHOST.EXE
(x86) [tray_ico0] C:\WINDOWS\UPDATE.TRAY-14-0\SVCHOST.EXE
(x86) [tray_ico1] C:\WINDOWS\UPDATE.TRAY-9-0\SVCHOST.EXE
(x86) [tray_ico2] C:\WINDOWS\UPDATE.TRAY-10-0\SVCHOST.EXE
(x86) [w_distrib.exe] C:\WINDOWS\UPDATE.3\SVCHOST.EXE
C:\WINDOWS\UPDATE.TRAY-9-0-LNK\SVCHOST.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE SECURITY SCAN PLUS\MCAFEE.LNK
C:\WINDOWS\UPDATE.TRAY-14-0-LNK\SVCHOST.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MICROSOFT SECURITY ESSENTIALS.LNK
C:\WINDOWS\UPDATE.TRAY-10-0-LNK\SVCHOST.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NORTON SECURITY SCAN\NORTON ANTIVIRUS.LNK
C:\USERS\PUBLIC\DESKTOP\MCAFEE SECURITY SCAN PLUS.LNK
C:\USERS\PUBLIC\DESKTOP\NORTON INSTALLATION FILES.LNK
C:\WINDOWS\UPDATE.2\SVCHOST.EXE

Trojan.Dropper/Win-NV
C:\WINDOWS\L1REZERV.EXE
C:\WINDOWS\L1REZERV.EXE
(x86) [sysdriver32.exe] C:\WINDOWS\SYSDRIVER32.EXE
C:\WINDOWS\SYSDRIVER32.EXE
(x86) [sysdriver32_.exe] C:\WINDOWS\SYSDRIVER32_.EXE
C:\WINDOWS\SYSDRIVER32_.EXE
(x86) [l1rezerv.exe] C:\WINDOWS\L1REZERV.EXE

Trojan.Agent/Gen
C:\WINDOWS\SYSTEMUP.EXE
C:\WINDOWS\SYSTEMUP.EXE
(x86) [systemup] C:\WINDOWS\SYSTEMUP.EXE
(x86) [9269981.exe] C:\USERS\DEBRA\APPDATA\LOCAL\TEMP\9269981.EXE
C:\USERS\DEBRA\APPDATA\LOCAL\TEMP\9269981.EXE

Trojan.Services32
(x86) [wxpdrv] C:\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SERVICES32.EXE

Disabled.SecurityCenterOption
(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
(x86) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@ads.networldmedia[3].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@adnet.videobash[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@ads.networldmedia[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@associatedcontent.112.2o7[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@apmebf[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@atdmt[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@networldmedia[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@mediaplex[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@myroitracking[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@07.usclickmaster[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@ad.wsod[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@ad.yieldmanager[1].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@ads.lzjl[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@clicksor[2].txt
C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Cookies\debra@doubleclick[2].txt

#4 bcti

bcti
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 31 July 2011 - 03:18 PM

Ended up just removing everything that was detected and this time I think it worked. I don't know why it wouldn't reboot last time.

#5 bcti

bcti
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 August 2011 - 05:58 PM

One last note even though everything cleaned ok firefox was still being redirected. I ended up having to disable some proxy settings in firefox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users