Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

more viruses


  • Please log in to reply
5 replies to this topic

#1 butterflysheila

butterflysheila

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 02:08 PM

ok im going to shoot myself...while waiting for help on my main computer i started using another computer to get online and get help...NOW this computer is infected as well...i have the security defender ping.exe and who knows what else again...i cant open any file someone please help before this computer stops connecting to the internet and im screwed

BC AdBot (Login to Remove)

 


#2 butterflysheila

butterflysheila
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 03:02 PM

im going to post some logs now incase after i restart my computer i no longer have internet like my other computer

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2011 1:57:35 PM
mbam-log-2011-12-13 (13-57-35).txt

Scan type: Quick scan
Objects scanned: 174348
Time elapsed: 27 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Trojan.Dropper) -> Value: MozillaAgent -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\D46164A4-E294-3FB8-F9B3-5F6D64E98A84 (Trojan.FakeAlert) -> Value: D46164A4-E294-3FB8-F9B3-5F6D64E98A84 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Pat\Local Settings\Application Data\btx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Pat\Local Settings\Application Data\btx.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Pat\Local Settings\Application Data\btx.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\networkservice\application data\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
c:\program files\security defender (Rogue.SecurityDefender) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\networkservice\application data\security defender\{2ac57295-2c3d-42af-0f8e-4e0e40aafc02}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\security defender\{ae930aa0-7697-4928-6d86-a6ef2cc3bb6f}.pst (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
c:\documents and settings\Pat\local settings\Temp\0.43628840361397303.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\Desktop\security defender.lnk (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
c:\program files\security defender\security defender.ico (Rogue.SecurityDefender) -> Quarantined and deleted successfully.
c:\program files\security defender\security defender.dll (Rogue.SecurityDefender) -> Quarantined and deleted successfully.

#3 butterflysheila

butterflysheila
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 03:34 PM

ok seems as tho the fake anti virus stuff is gone but looks like ping.exe is still back....running malwarebytes again with full scan...what else should i run to get rid of ping.exe

#4 butterflysheila

butterflysheila
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 04:42 PM

full scan all clean but still have ping.exe showing up???

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2011 3:39:09 PM
mbam-log-2011-12-13 (15-39-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 225675
Time elapsed: 1 hour(s), 17 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 butterflysheila

butterflysheila
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 04:47 PM

i typed in search and found this is this bad

PING.EXE-30F9CA9D.pf

#6 butterflysheila

butterflysheila
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 December 2011 - 11:04 PM

something else now...malwarebytes keeps popping up that it blocked websites with numbers like 83.133.134.250 type outgoing or incoming




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users