Please someone help, My first laptop crashed 3 days ago, and then my desktop & now my fathers is infected . I dont know what to do. I have ESET NOD32 & Malware installed on this computer but they wont go away. Internet is taking forever and a bunch of funny stuff going on
I am reinstalling XP on other computers , But want to avoid that here.
& I cant seem to get HIjack this installed , it keeps on malfunctioning on install . ??

I AM ATTCHING MALWARE lOGS FROM TODAY

Malwarebytes' Anti-Malware 1.41 fREE DOWNLOAD VERSION

THANKS FOR ANYONE WHO CAN HELP

Hello ghengisk1 and Welcome to Geeks To Go!

I'm Tweene and i'll try to help you.

I'm currently looking over your logs.
I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. So please bear with me.

• Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• Please reply to this thread. Do not start a new topic.
• As we will likely be using Notepad please check that word wrap is turned off before you start. To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and may prevent fixes using Notepad from working.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and we will go through it together.
• Refrain from running self fixes as this will hinder the malware removal process.
• Make sure you reply to this thread using the Add Reply button

Please read this post completely, it may make it easier if you copy and paste my posts to a new text document or print it for reference later. This will especially help you when your computer is off line. You may want to do this following each post for each set of instructions.


Can you please visit the Malware and Spyware Cleaning Guide (click here), and then post the required logs (if you get stuck please move on to the next step) if you are still having problems and I will look over the logs for you.

1. Malwarebytes' Anti-Malware log
2. OTL.txt and Extras.txt
3. RootRepeal.txt

Please do not attach the logs, as it makes them much harder to read. Feel free to copy and paste the contents of them in a reply instead. These logs may or may not fit into one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

I read over all the information you have, and downloaded all theprograms and what not, Vundo Remover, TFC , etc. and not one of them would install correctly, they kept saying error, cannot continue.
I dont know if that has to do with all of the virus or what .


But here is the Malware log :

Malwarebytes' Anti-Malware 1.41
Database version: 2792
Windows 5.1.2600 Service Pack 2

9/14/2009 12:49:56 PM
mbam-log-2009-09-14 (12-49-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 256678
Time elapsed: 1 hour(s), 29 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 17
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 39

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\sofatnet.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\SYSTEM32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetLogin (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mndisk (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\evdoserver.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\svchust.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\sv1.exe (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\sv3.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\4C3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mndisk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\iwwkikpfte.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temp\extension32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\AWJR3GY4\svc[2].php (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\svc[2].php (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\svc[1].php (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\svc[3].php (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\cb15[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\1U2S5689\svc[1].php (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\1U2S5689\svc[2].php (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\SIJGKXGY\svc[1].php (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP138\A0006921.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007309.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007312.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007317.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007330.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007333.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP140\A0007336.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\6to4ex.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\Iasex.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sofatnet.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Thanks -
I am wondering if I should just re install XP and start from scratch ?
Please let me know and thanks for the help
Newman

Here is the latest Malware from 5 min ago - it is getting worse

Malwarebytes' Anti-Malware 1.41
Database version: 2792
Windows 5.1.2600 Service Pack 2

9/16/2009 3:24:35 PM
mbam-log-2009-09-16 (15-24-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 259236
Time elapsed: 1 hour(s), 1 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\pufokoba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wulubuvo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pajohebu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\SYSTEM32\defarewo.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{299abe86-55c3-455e-8fef-332c5a6d584d} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toduyawiw (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{299abe86-55c3-455e-8fef-332c5a6d584d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nopedanar (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pufokoba.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pufokoba.dll -> No action taken.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken.

Files Infected:
c:\WINDOWS\SYSTEM32\pufokoba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wulubuvo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\pajohebu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\SYSTEM32\defarewo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\454E.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\C.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\14E.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\dutememo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\35F.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\svc[2].php (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\4DP6J4K1\svc[1].php (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\1U2S5689\svc[1].php (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009251.EXE (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009252.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009268.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009271.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009272.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP142\A0009273.exe (Rootkit.TDSS) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP143\A0009372.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP145\A0009395.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP145\A0009396.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\SYSTEM32\9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\certstore.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> No action taken.

Hello


It's possible.

It's up to you to choose, let me know your decision (reformat or try to desinfect your computer).

For the time being, if your computers are networked you will need to keep them isolated until they are all clean.

WHat do you think ?
If we try & clean it, Is it an unbearable process , like working on this computer is now, & what are the chances that we dont remove everything and something pops back up in the near future ?

I dont mean to seem ungrateful for your help , i am , jsut wondering what the best , easiest way of handling this would be. The computer is getting by right now, enough for me to save my work and re-install it after a virus sweep .
The only thing is , that my friend built this computer so i dont know how well it will re - format and find drivers if i re install XP and what not, but then again , if that is the only way to get rid of these virus and what not.
If i choose to re install Xp , would you recomend REpair or clean install with deleting partition and re formatting disk to start new ?

Thanks
Newman

I just restarted my computer and all ready , i am back to crashing


Malwarebytes' Anti-Malware 1.41
Database version: 2792
Windows 5.1.2600 Service Pack 2

9/16/2009 4:25:03 PM
mbam-log-2009-09-16 (16-25-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247374
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\pufokoba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wulubuvo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pajohebu.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{299abe86-55c3-455e-8fef-332c5a6d584d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toduyawiw (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{299abe86-55c3-455e-8fef-332c5a6d584d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nopedanar (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pufokoba.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pufokoba.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
c:\WINDOWS\SYSTEM32\pufokoba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wulubuvo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\pajohebu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\EPYOL74X\svc[1].php (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.DELL\Local Settings\Temporary Internet Files\Content.IE5\HER36D1I\us[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09647951-FFBC-45BC-945C-A3FEA3629B82}\RP147\A0009956.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Well, we can't be sure that a system is really clean.

I think that we can't solve your issues with a quick fix, there will be several steps. But according to me, if you choose to reinstall XP, you will have to reformat (not repair).

Let me know your decision.



I'll add this, it can be important for you :

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Do you mean , Re install everything , right ? i can really use system restore ? The virus are embedded into the Hard drive ?

Hello


The easiest way for now is to try to get a decent log in order to determine what infections you have.


To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
    
  • File - Purity Scan
    
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.