Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


System fix virus

  • Please log in to reply
1 reply to this topic

#1 daslobo


  • Members
  • 17 posts
  • Local time:03:37 PM

Posted 27 December 2011 - 05:08 PM

Hello All,

What started out with System fix, then went on to include google redirect and now when I run Mbam, it automatically reboots my machine and the only restore point is to before any fixes that temporarily worked. I could really use a hand on this one.

Dell Latitude E4310
Windows 7 SP1
Symantec Endpoint Protection
Malwarebytes' Anti-Malware

Please advise as to the next steps you think I should take.

Edit: The last restore allowed me to run MBAM, Rkill, and tddskill and all came back with no issues on the logs. I have enabled Symantec Endpoint protection and MBAM is running in protect mode. No random restart so far. The only difference is that I have wireless network turned off manually.

Here is the quarantine list from Symantec Endpoint Protection:
Risk,Filename,Original Location,Status,Date
Trojan.Gen.2,kwrd.dll,C:\Windows\assembly\temp\,Infected,12/27/2011 2:13 PM
Backdoor.Trojan,consrv.dll,C:\Windows\System32\,Infected,12/27/2011 2:26 PM
Trojan.Gen.2,DWHED3B.tmp,C:\Users\gbleers\AppData\Local\Temp\,Infected,12/27/2011 2:26 PM
Trojan.Gen.2,DWH30D0.tmp,C:\Users\gbleers\AppData\Local\Temp\,Infected,12/27/2011 2:27 PM
Trojan.Gen.2,DWH5429.tmp,C:\Users\gbleers\AppData\Local\Temp\,Infected,12/27/2011 2:28 PM
Trojan.Gen.2,DWH6FE5.tmp,C:\Users\gbleers\AppData\Local\Temp\,Infected,12/27/2011 2:28 PM
Backdoor.Trojan,Desktop.ini,C:\Windows\assembly\GAC_32\,Cleaned,12/27/2011 2:30 PM
Backdoor.Trojan,Desktop.ini,C:\Windows\assembly\GAC_32\,Cleaned,12/27/2011 2:31 PM
Trojan.Gen.2,80000004.@,C:\Windows\assembly\temp\U\,Infected,12/27/2011 2:32 PM
Trojan.Gen.2,80000004.$,C:\Windows\assembly\temp\U\,Infected,12/27/2011 2:32 PM
Trojan.Gen.2,80000004.$,C:\Windows\assembly\temp\U\,Infected,12/27/2011 2:33 PM
Trojan.Gen.2,80000004.$,C:\Windows\assembly\temp\U\,Infected,12/27/2011 2:33 PM
Trojan.Gen.2,80000004.@,C:\Windows\assembly\temp\U\,Infected,12/27/2011 1:11 PM
Trojan.Gen.2,80000004.$,C:\Windows\assembly\temp\U\,Infected,12/27/2011 1:11 PM
Trojan.Gen.2,80000004.$,C:\Windows\assembly\temp\U\,Infected,12/27/2011 1:11 PM
Trojan.Gen.2,kwrd.dll,C:\Windows\assembly\temp\,Infected,12/27/2011 3:49 PM
Backdoor.Trojan,consrv.dll,C:\Windows\System32\,Infected,12/27/2011 4:02 PM
Backdoor.Trojan,Desktop.ini,C:\Windows\assembly\GAC_64\,Cleaned,12/27/2011 4:03 PM
Backdoor.Trojan,Desktop.ini,C:\Windows\assembly\GAC_32\,Cleaned,12/27/2011 4:04 PM
Trojan.Gen.2,80000004.@,C:\Windows\assembly\temp\U\,Infected,12/27/2011 4:05 PM
Backdoor.Trojan,Desktop.ini,C:\Windows\assembly\GAC_32\,Cleaned,12/27/2011 4:05 PM
Trojan.Gen,$RGHJW5L.exe,C:\$Recycle.Bin\S-1-5-21-3883457885-2643005070-444145196-10289\,Infected,12/27/2011 4:16 PM

MBAM Quarantine list:
Exploit.Drop.7 c:\Windows\Temp\oiu0.4054002406514262.exe
Exploit.Drop.7 c:\Windows\Temp\fsdfdsf0.9329044644231181.exe
Exploit.Drop.7 c:\Windows\Temp\fsdfdsf0.49792554733911354.exe
Exploit.Drop.7 c:\Windows\Temp\kna0.7096820159217183.exe
Exploit.Drop.7 c:\Windows\Temp\oiu0.07832498851868164.exe
Exploit.Drop.7 c:\Windows\Temp\kna0.5387600357926935.exe
Exploit.Drop.7 c:\Windows\Temp\fsdfdsf0.40948166484516435.exe

Edited by daslobo, 27 December 2011 - 05:40 PM.

BC AdBot (Login to Remove)


#2 narenxp


  • BC Advisor
  • 16,371 posts
  • Gender:Male
  • Location:India
  • Local time:03:37 PM

Posted 27 December 2011 - 06:07 PM



You are infected by 64 bit zero access rootkit.TDSSkiller will not help you

Go through this


and create a thread here


Good luck

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users