Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Agent/Gen-Nullo & Trojan.Agent/Gen-Autorun Viruses Detected Need Help!


  • Please log in to reply
3 replies to this topic

#1 Scotified

Scotified

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 18 September 2014 - 11:58 PM

When I restarted my Vista 64bit Gateway Desktop PC 5 days ago, I recieved a BSOD stating Driver Power State Failure 0x0000009F. Ever since I have rebooted, I am getting constant freeze ups and extremely slow start ups rendering the function of most programs useless. I have tried running normal Avast scans in regular mode without success, but in safe mode, I was able to run a complete Avast scan in safe mode which no major results, and after running Superantispyware free edition scan it located and quarantined:

 

Rogue.Agent/Gen-Nullo [dll]

Trojan.Agent/Gen-Autorun

Heur.Agent/Gen-whitebox

 

I then proceeded to run a Malwarebytes Full Scan but the scan always gets stuck on: File C:\windows\syswow64\sql..... srv32.rll,  wid.dll, woa.dll 

I have run these scans for over 12 hours but most of the time it freezes up at 6hrs 53 mins... There are 37 infected files detected, but I cannot fix them since the scan never finishes. 

 

I also had a 'not a genuine windows' issue pop up in the bottom right corner which cant be correct because this desktop has not been modified in anyway and it came with a certified Vista 64bit OS pre-installed by Gateway. I seemed to have remedied the pop up from appearing, but I suspect this has something to do with the other issues I am having. 

 

I have tried using an earlier system restore point, but it did not remedy the problem

 

.I've also recieved a pop-up in the middle of the screen a few times now that states:

            "Host process for windows services stopped working and was closed."

 

Safe mode works, but scans still don't complete, and program features like print and so on are not functional, but I can access the internet through safe mode still.

 

Please see the attached Rkill.txt log that I attached, there seems to be a number of possibly patched files, windows service integrity issues, and a whole bunch of files missing their digital signatures.

 

I successfully ran the Rkill program hoping it would this time allow me to then run a COMPLETE Malwarebytes Threat Scan after, but once again, it stopped near the end of the scan with 37 items detected on a C:windows\syswow64\sql file.

 

Please help, my drawings and software for a garage that I am building for my father in law are on this computer and I cant access them.

 

Many thanks in advance

 

Scott.

Attached Files


Edited by hamluis, 19 September 2014 - 04:40 AM.
No logs, moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 19 September 2014 - 04:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Scotified

Scotified
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 19 September 2014 - 02:15 PM

Marius,

   

        Thank you for helping me with this issue.

 

I downloaded FRST 64bit in safe mode, but when I restarted back into normal mode I was unable to open the program file. The cursor would just keep circle loading and then the computer became unresponsive. This is typical of most operations currently performed in normal mode.

 

Can I run FRST in safe mode instead? Should I attempt to run aswMBR now even though I havent run FRST yet? Please let me know what you would like me to do. 

 

Thanks again, Scott



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 22 September 2014 - 03:46 AM

Skip it.

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users