Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

315Load32.exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 NexuxKitty

NexuxKitty

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 March 2014 - 03:52 AM

I'm sorry to bother, but I've gotten this virus. As stated in the title it seems to be called "315Load32.exe". 

After doing a quick Google search, I found out that this thing could actually mess with the security settings of other applications. I don't think that the virus has spread to other applications other than my game and my bit-torrent. I've deleted both of those in an attempt to 

hinder the virus' spread. 

 

I don't know what information to provide other than this statement, but whenever I tried deleting the "Load32.exe" file it seems to come back along with another file of the similar name. 

 

I'll provide as much information as required, but I required instructions to do so. I apologize for this. I am not the best with computers.

 

Please help and thank you for taking your time to read my plea for help.



BC AdBot (Login to Remove)

 


#2 ProfessorCPU

ProfessorCPU

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 02 March 2014 - 05:07 AM

Yes this is a virus and it will download other viruses to your computer.

 

I would boot into safe mode.  Run Junkware Removal Tool, ADWCleaner and Malwarebytes Anti-Malware.



#3 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 March 2014 - 05:29 PM

I've done as you stated ProfesserCPU, but I was unable to open either JRT or Malwarebytes. Upon further research, I concluded that it's because the "load32.exe" file is preventing me from opening either one. I managed to open and launch ADWCleaner though and had it clean my computer, but the "load32.exe" file was still in my system.
 
How do I get rid of this thing?
 
Here's the ADWCleaner Report (Hopefully this will help):

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 12:13:50
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lyndon - LYNDON-PC
# Running from : C:\Users\Lyndon\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\yourfiledownloader
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Lyndon\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Lyndon\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Lyndon\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lyndon\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\iWin
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Lyndon\AppData\Roaming\yourfiledownloader
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\f28ddde234bf45
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent-64-bit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent-64-bit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\b1.org
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [7806 octets] - [02/03/2014 12:03:18]
AdwCleaner[S0].txt - [6819 octets] - [02/03/2014 12:13:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6879 octets] ##########
 


#4 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 March 2014 - 06:00 PM

I've just tried booting my computer in Safemode to try to remove the virus manually with autoruns, but "load32.exe" was there too. Not wanting to go any further I backed out and booted normally. 



#5 ProfessorCPU

ProfessorCPU

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 02 March 2014 - 08:38 PM

http://www.emptyloop.com/unlocker/#download

I wonder if unlocker might help?

You can then browse to the virus files and try to rename them so they do not load at boot up.

Edited by ProfessorCPU, 02 March 2014 - 08:41 PM.


#6 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 March 2014 - 10:27 PM

I tried to download your unlocker, but it says that the virus scan has failed and that I have failed to download it. Sorry. 



#7 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 02 March 2014 - 11:53 PM

Now the virus is slowly spreading. It has now gotten to a small fighting game that I frequent and my security program (Windows Essensials since I am kinda poor). 
I understand that I'm not providing much information, but please help me. I'll try my best to provide the information needed to stop this. 

Thank you in advance.



#8 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 04 March 2014 - 02:33 AM

Update: The virus is still spreading and has now gotten to Microsoft Word. I fear the worst, but hopefully someone can help me.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 AM

Posted 04 March 2014 - 11:05 AM

Did you run Malwarebytes and Junkware yet and post those logs.?

Also run

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 04 March 2014 - 07:50 PM

When I tried downloading TDSSkiller I got this prompt:
jxqh.png

 

 

And when I tried to open MalwareBytes or Junktool this prompt appears:

 

http://imageshack.com/a/img23/7610/xc26.png

 

 

 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 AM

Posted 04 March 2014 - 08:01 PM

Lets try running RKill first and then TDSS, then the rest.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

Edited by boopme, 04 March 2014 - 08:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 04 March 2014 - 08:14 PM

It seems like I can't download anything on this computer. I'm currently using a tablet for my needs. Is there a way to download this without fear of transferring the virus on the tablet?

 

1u15.png



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 AM

Posted 04 March 2014 - 08:22 PM

Have you tried booting to Safe Mode with Networking?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 AM

Posted 04 March 2014 - 09:17 PM

If nothing will work you most likely have a ZeroAccess rootkit. In that case you need to start a new topic here with that title.

 

New topic link..... http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

In the body just state you cannot run any tools you were asked to un and they will take it from there.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 04 March 2014 - 09:54 PM

Thank you very much for your help. I hope you have a wonderful day.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users