Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my system infected with some virus


  • Please log in to reply
7 replies to this topic

#1 Mohinder.rawat86

Mohinder.rawat86

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 23 April 2014 - 06:38 AM

My system is infected with some virus, and it have removed my AV. I have also tried Combofix but it removed it as well before running...

Kindly Guide me. how to short it out



BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:49 AM

Posted 23 April 2014 - 09:02 AM

Hello Mohinder.rawat86 and welcome to BleepingComputer! :)
 
Please don't use Combofix here since its too powerful.
 
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
    • Open Malwarebytes Anti-Malware.
    • Click the Scan Tab at the top.
    • Click the View detailed log link on the right.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
    -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
    -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

     
    What we need in your next reply:
    • MBAM log
    • How's your computer's running now?
    Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Mohinder.rawat86

Mohinder.rawat86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 26 April 2014 - 08:49 AM

Hi Sirawit  thanks for your prompt respond... but unfortunatly this file could not Got Downloaded... every time it stops at 99.9%.... I think i have to reinstall window on my system....



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:49 AM

Posted 26 April 2014 - 09:29 AM

Which file could not downloaded? All of them?

Did you use any download accelerator?

Did you have other machines to download them?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Mohinder.rawat86

Mohinder.rawat86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 28 April 2014 - 01:49 AM

Sir  Malwarebytes Anti-Malware

not got downloaded   Iam using IDM 5.18



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:49 AM

Posted 28 April 2014 - 04:30 AM

Try disabled IDM before download. Also try press alt button + click download link so IDM will not work for that file.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 Mohinder.rawat86

Mohinder.rawat86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 01 May 2014 - 05:30 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 3:42:01 PM
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.05.01.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: FAT32
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 219650
Time Elapsed: 1 hr, 41 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_AMSINT32, Quarantined, [c7736ede1e5d90a6bf074bd250b3c33d],
Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\amsint32, Quarantined, [8eac7ad2daa19c9a40f41c037d86d12f],
Malware.Trace, HKU\S-1-5-21-73586283-813497703-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Aasppapmmxkvs, Quarantined, [55e5143804777db9b5976ae19b68b34d],

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[fa404606e79475c15c99b080cb3929d7]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[3406a5a74f2cfe38cf273df3a55f926e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[8ab0d577b2c953e338bf042c12f259a7]
PUM.Hijack.Regedit, HKU\S-1-5-21-73586283-813497703-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[79c196b62a5189adf19048e925df9a66]
PUM.Hijack.TaskManager, HKU\S-1-5-21-73586283-813497703-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[a793bf8d5a218da92ab9ad85fb0951af]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Banker, C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_temp\~temp~clear~87764.exe, Quarantined, [2e0c28247b00ce68f59e455805fb3fc1],

Physical Sectors: 0
(No malicious items detected)


(end)



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:49 AM

Posted 01 May 2014 - 07:45 AM

[b]I'd like us to scan your machine with ESET OnlineScan[/b]

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and uncheck "Remove found threats"  <--- Important!!!
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users