Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chrome and ie Application error


  • Please log in to reply
2 replies to this topic

#1 moblastin

moblastin

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 09 October 2011 - 02:07 PM

hello thanks for reading. my moms computer which she uses for business has a problem. when i start the computer i get a error message that says. "the instruction at "0x77f8c4d1" referenced memory at "0x00ab850f". the memory could not be "read". click ok to terminate click cancel to debug.

this comes up every time i try and open chrome or ie.

she has been attacked by viruses and malware multiple times. recently ive removed some that may have caused this problem using malwarebytes anti scanner. since then ive quarantined the viruses and updated to service pack 3 here is a log of the last scan

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7121

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/13/2011 9:04:14 PM
mbam-log-2011-07-13 (21-04-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 229897
Time elapsed: 1 hour(s), 3 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\*****\local settings\application data\wds.exe (Trojan.FakeAlert) -> 3216 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_MS-JAVA (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ms-java (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\inob\Local Settings\Application Data\wds.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\*****\Local Settings\Application Data\wds.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\******\local settings\application data\wds.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\documents and settings\******\local settings\Temp\jar_cache36952.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\driver cache\i386\ms-java.exe (Backdoor.IRCBot) -> Delete on reboot.

Edited by hamluis, 09 October 2011 - 02:31 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 moblastin

moblastin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 09 October 2011 - 06:40 PM

nvm i googled one of the "0x00" things and found someone had the same problem. followed the instructions and removed the rootkit virus. now it runs fine now. thanks for everything

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 PM

Posted 09 October 2011 - 09:06 PM

hello, glad to gear it wotked out.. I did notice that your MBAM log is a little old
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7121 ??? Now at 7911
Should update and rerun it.


These rootkits usually have companions.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users