Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bytes found virus want to make sure its gone for good!


  • Please log in to reply
5 replies to this topic

#1 babyruth

babyruth

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:12:34 AM

Posted 21 July 2012 - 03:19 PM

Please help me fix my computer. I would also like to be able to make sure its gone for good, and still have my keyboard working.
My brother had this same virus, he was able to get rid of it, but now his keyboard won't work. So please help!

P.S. You will most likely have to give me easy step by step instructions, because I have a reading comprehension disability.
If you can't I can ask my brother to help me, I guess.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: BABYRUTH [administrator]

7/21/2012 10:05:50 AM
mbam-log-2012-07-21 (10-05-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334275
Time elapsed: 4 hour(s), 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Owner\AppData\Local\{365ff89e-5893-3417-579b-b6f1e1c322ef}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\AppData\Local\Temp\0.6266533420246831 (Trojan.BHO) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 AM

Posted 21 July 2012 - 10:59 PM

Hello, the surest way to be sure that rootkit is gone is to post a DDS log.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 babyruth

babyruth
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:12:34 AM

Posted 22 July 2012 - 12:22 AM

I can't do step 6 I keep getting this error message,

C:/Users/Owner/Desktop/Defogger.exe
A device attached to the system is not functioning.

Can you help with this to please?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 AM

Posted 23 July 2012 - 12:51 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 babyruth

babyruth
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:12:34 AM

Posted 25 July 2012 - 10:23 PM

Hello, I am babyruth's older brother. :busy:

OTL won't work either,
I get the same error message when I try to run it

C:\Users\Jeremy\Desktop\OTL.exe

A device attatched to the system is not functioning.

Edited by babyruth, 25 July 2012 - 10:25 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 AM

Posted 26 July 2012 - 12:23 PM

Ok go to post 2. Start a new topic in the other forum named probable Rootkit.

Mention you cannot run any tools.

Include this link back here,.,

http://www.bleepingcomputer.com/forums/topic461796.html/page__pid__2780167#entry2780167

We'll take it from there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users