Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't find this virus


  • Please log in to reply
12 replies to this topic

#1 apec

apec

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 24 April 2012 - 07:05 AM

Ok, I Have trend micro and malwarebytes installed on my windows 7 based laptop. I tried to boot into safe mode, to clear any unnecessary malware that is causing harm to my computer. Malwarebytes picked up a problem with the registry and cleared everything(at least I thought). Now when my computer starts up it goes past my log in screen and freezes. I also used to hear sounds like my computer was speeding up. What should i do?

Edited by hamluis, 24 April 2012 - 10:50 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 24 April 2012 - 08:29 AM

Could you please post the Malwarebytes log file. The bottom one in the list is the most recent. Log files are accessible via the GUI (5th tab from the left after launching Malwarebytes).

#3 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 24 April 2012 - 09:32 AM

It freezes, even in safe mode. So i am unsure if that i even a possibilty. Also firefox kept telling me there was a script problem before it stopped working.

#4 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 24 April 2012 - 05:36 PM

Here you go:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8097



11/6/2011 1:20:14 PM
mbam-log-2011-11-06 (13-20-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 276684
Time elapsed: 41 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkIIBBrzO8234A (Trojan.FakeAlert.CLGen) -> Value: qkIIBBrzO8234A -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> Quarantined and deleted successfully.
c:\Users\Owner\Desktop\system security 2012.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\firefox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\i22oobff3pm5aj6\cwwkk8frrlhtxjc.exe (Trojan.FakeAlert.CLGen) -> Quarantined and deleted successfully.

#5 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 25 April 2012 - 03:09 AM

Malware can corrupt system files which leads to the type of problem you're experiencing now.

In the first instance, you should run System File Checker to check for and recover missing or corrupted system files. Here are instructions.

  • Click Start and in the Search field, type CMD.
  • Right click the CMD link which appears and choose "Run As Administrator".
  • At the prompt, type: SFC /SCANNOW and hit Enter.
  • If SFC finds missing or corrupted files, it will ask you to insert the Windows 7 DVD, so have it ready.
If a Windows 7 DVD wasn't supplied with your laptop, then there should be a Recovery Partition you can use to restore the system. You need to look at the documentation for the machine which will tell you which key to press to access it. It's usually F4 or F11. If you can't find the documentation, Google your make and model and then look for "Support" on their site. There should be a link to "Manuals" which will contain that info.

Some laptops like the Sony Vaio don't have a Recovery Partition and instead, the user needs to create a set of recovery DVD-R discs which can be used to recover the system.

If you created a Windows System Image, you can use that to restore the system to the date and time it was created. If you did create one - and I would emphasise that all users should take that precaution - then insert the DVD-R and then follow the prompt to access the system image on your external media. It's a folder called "WindowsDiscImage" by default. A system image will restore everything you had on the machine on the date you created it, including your personal data and programs.

Edited by Xircal, 25 April 2012 - 03:10 AM.


#6 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 02 May 2012 - 10:30 PM

The scan said there was no problems with the system integrity.

#7 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 03 May 2012 - 03:24 AM

I've just noticed you appear to have posted an old Malwarebytes log file, namely: 11/6/2011 1:20:14 PM
The Malwarebytes version is also out of date since it was updated to 1.60.1.1000 on 31 January this year.

If you haven't updated it since you posted that last log file, you should do that first and then run a full system scan. The freebie version of Malwarebytes has to be updated manually every day.

#8 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 04 May 2012 - 04:33 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.08


Internet Explorer 8.0.7601.17514
Owner :: OWNER-PC [limited]

Protection: Enabled

5/3/2012 10:21:27 PM
mbam-log-2012-05-03 (22-21-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329933
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:00 PM

Posted 04 May 2012 - 08:16 PM

Hello,I would also like you to run these.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 May 2012 - 02:17 PM

Hello,I would also like you to run these.

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Used both but TDSkiller did not come up with any rootkits. Who's ever hacking my computer, must be intelligent.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:00 PM

Posted 28 May 2012 - 10:16 PM

Appears if they are we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 apec

apec
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 05 June 2012 - 03:01 PM

how do i tell if i have a 64bit or 32 bit? What do i use instead of GMER. Also i'm sure I don't want to put up a log of the processes that i am running because it would help hackers enumerate my system.

Edited by apec, 05 June 2012 - 03:01 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:00 PM

Posted 05 June 2012 - 06:13 PM

Click Start button , click Control Panel, click System and Maintenance, and then click System.

Under System, you can view the system type.

If you cany do GMer no problem.. We will work with another in the new topic.

Edited by boopme, 05 June 2012 - 06:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users