Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/virut infection [CLOSED]

Started by fonsy , May 21 2008 08:03 AM

  • This topic is locked This topic is locked

#1
fonsy
Posted 21 May 2008 - 08:03 AM

fonsy

    Member

  • Member
  • PipPip
  • 21 posts
hi,

I get some infection on my computer, can somebody help with this?

this is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:17 AM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\zfhzyvdbg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [MDM Rock 4] C:\WINDOWS\system32\zfhzyvdbg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Clrp] "C:\DOCUME~1\mmd\MYDOCU~1\ASKS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Qkduxw] "C:\Program Files\Common Files\??mbols\?hkdsk.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2652 bytes




Also I tied combofix and this the report


ComboFix 08-05-20.5 - mmd 2008-05-21 9:12:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT -4:00]
Running from: C:\Documents and Settings\mmd\My Documents\Downloads\securitytools\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\mmd\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\mmd\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\mmd\My Documents\ASKS~1
C:\Documents and Settings\mmd\My Documents\ASKS~1\?asks\
C:\Documents and Settings\mmd\My Documents\ASKS~1\nslookup.exe
C:\Documents and Settings\mmd\My Documents\FNTS~1
C:\Documents and Settings\mmd\Start Menu\Programs\Outerinfo
C:\Documents and Settings\mmd\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\mmd\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\mbols~1
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\appatc~1
C:\Program Files\Common Files\mbols~1\?hkdsk.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-21 09:14 . 2007-06-13 06:23 90,624 ---h----- C:\cazjjfxlv.exe
2008-05-21 09:13 . 2008-05-21 09:15 135 --ah----- C:\AUTORUN.INF
2008-05-21 08:48 . 2008-05-21 08:48 <DIR> d-------- C:\VundoFix Backups
2008-05-21 08:46 . 2008-05-21 08:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-21 08:03 . 2008-05-21 08:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(6)
2008-05-21 08:02 . 2008-05-21 08:37 <DIR> d-------- C:\Program Files\AVG(6)
2008-05-21 08:02 . 2008-05-21 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(6)
2008-05-20 14:48 . 2008-05-20 14:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-20 14:43 . 2008-05-20 14:56 <DIR> d-------- C:\SDFix
2008-05-20 14:19 . 2008-05-20 14:18 519,168 --a------ C:\rmvirut.exe
2008-05-20 14:19 . 2008-05-20 14:18 495,104 --a------ C:\rmvirut.nt
2008-05-20 13:33 . 2008-05-21 08:38 <DIR> d-------- C:\Documents and Settings\Administrator.SALES2.003
2008-05-20 13:28 . 2008-05-20 13:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-20 13:28 . 2008-05-20 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 13:27 . 2008-05-20 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 12:40 . 2008-05-20 12:48 <DIR> d---s---- C:\Documents and Settings\Administrator.SALES2.002
2008-05-20 12:38 . 2008-05-20 12:48 <DIR> d-------- C:\Virut Virus
2008-05-20 12:35 . 2008-05-20 12:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(5)
2008-05-20 12:34 . 2008-05-20 12:48 <DIR> d-------- C:\Program Files\AVG(5)
2008-05-20 12:34 . 2008-05-20 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(5)
2008-05-20 12:19 . 2008-05-20 12:19 244 --ah----- C:\sqmnoopt19.sqm
2008-05-20 12:19 . 2008-05-20 12:19 232 --ah----- C:\sqmdata19.sqm
2008-05-20 12:17 . 2008-05-20 12:17 244 --ah----- C:\sqmnoopt18.sqm
2008-05-20 12:17 . 2008-05-20 12:17 232 --ah----- C:\sqmdata18.sqm
2008-05-20 12:12 . 2008-05-20 12:12 244 --ah----- C:\sqmnoopt17.sqm
2008-05-20 12:12 . 2008-05-20 12:12 232 --ah----- C:\sqmdata17.sqm
2008-05-20 11:52 . 2008-05-20 11:54 <DIR> d---s---- C:\Documents and Settings\Administrator.SALES2.001
2008-05-20 11:50 . 2008-05-20 11:50 244 --ah----- C:\sqmnoopt16.sqm
2008-05-20 11:50 . 2008-05-20 11:50 232 --ah----- C:\sqmdata16.sqm
2008-05-20 11:45 . 2008-05-20 11:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(4)
2008-05-20 11:45 . 2008-05-20 11:54 <DIR> d-------- C:\Program Files\AVG(4)
2008-05-20 11:45 . 2008-05-20 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(4)
2008-05-20 11:40 . 2008-05-20 11:40 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 11:40 . 2008-05-20 11:40 232 --ah----- C:\sqmdata15.sqm
2008-05-20 11:26 . 2008-05-21 09:13 244 --ah----- C:\sqmnoopt14.sqm
2008-05-20 11:26 . 2008-05-21 09:13 232 --ah----- C:\sqmdata14.sqm
2008-05-20 11:07 . 2008-05-21 08:06 244 --ah----- C:\sqmnoopt13.sqm
2008-05-20 11:07 . 2008-05-21 08:06 232 --ah----- C:\sqmdata13.sqm
2008-05-20 10:47 . 2008-05-20 15:13 244 --ah----- C:\sqmnoopt12.sqm
2008-05-20 10:47 . 2008-05-20 15:13 232 --ah----- C:\sqmdata12.sqm
2008-05-20 10:41 . 2008-05-20 11:58 <DIR> d-------- C:\c4e6baa4a92ed8b939ddece865
2008-05-20 10:40 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-20 10:22 . 2008-05-20 10:22 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-20 10:22 . 2008-05-20 10:22 <DIR> d-------- C:\ASTMP
2008-05-20 10:19 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-20 10:17 . 2008-05-20 10:20 <DIR> d---s---- C:\Documents and Settings\Administrator.SALES2.000
2008-05-19 14:39 . 2008-05-20 10:20 <DIR> d---s---- C:\Documents and Settings\Administrator.SALES2
2008-05-19 14:29 . 2008-05-19 14:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(3)
2008-05-19 14:29 . 2008-05-19 14:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx(2)(2).dll
2008-05-19 14:28 . 2008-05-20 10:20 <DIR> d-------- C:\Program Files\AVG(3)
2008-05-19 14:28 . 2008-05-20 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(3)
2008-05-19 14:04 . 2008-05-20 10:29 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-19 14:03 . 2008-05-20 15:03 244 --ah----- C:\sqmnoopt11.sqm
2008-05-19 14:03 . 2008-05-20 15:03 232 --ah----- C:\sqmdata11.sqm
2008-05-19 13:58 . 2008-05-19 13:58 <DIR> d-------- C:\$AVG8.VAULT$
2008-05-19 13:56 . 2008-05-19 13:58 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-05-19 13:55 . 2008-05-20 10:29 <DIR> d-------- C:\Program Files\AVG(2)
2008-05-19 13:55 . 2008-05-20 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-05-16 16:21 . 2008-05-20 14:58 244 --ah----- C:\sqmnoopt10.sqm
2008-05-16 16:21 . 2008-05-20 14:58 232 --ah----- C:\sqmdata10.sqm
2008-05-16 03:00 . 2008-05-20 10:31 <DIR> d-------- C:\bc52783d369db76f5422faf70b
2008-05-15 09:58 . 2008-05-20 14:45 244 --ah----- C:\sqmnoopt09.sqm
2008-05-15 09:58 . 2008-05-20 14:45 232 --ah----- C:\sqmdata09.sqm
2008-05-15 09:02 . 2008-05-20 14:34 244 --ah----- C:\sqmnoopt08.sqm
2008-05-15 09:02 . 2008-05-20 14:34 232 --ah----- C:\sqmdata08.sqm
2008-05-15 08:49 . 2008-05-20 14:31 244 --ah----- C:\sqmnoopt07.sqm
2008-05-15 08:49 . 2008-05-20 14:31 232 --ah----- C:\sqmdata07.sqm
2008-05-15 08:41 . 2008-05-20 14:19 244 --ah----- C:\sqmnoopt06.sqm
2008-05-15 08:41 . 2008-05-20 14:19 232 --ah----- C:\sqmdata06.sqm
2008-05-15 08:33 . 2008-05-20 13:58 244 --ah----- C:\sqmnoopt05.sqm
2008-05-15 08:33 . 2008-05-20 13:58 232 --ah----- C:\sqmdata05.sqm
2008-05-15 08:30 . 2008-05-15 08:30 8,761 --a------ C:\links.html
2008-05-14 18:46 . 2008-05-14 18:47 <DIR> d-------- C:\WINDOWS\qzuf
2008-05-14 18:46 . 2008-05-20 10:34 <DIR> d-------- C:\Program Files\Common Files\qzuf
2008-05-13 16:30 . 2008-05-20 13:55 244 --ah----- C:\sqmnoopt04.sqm
2008-05-13 16:30 . 2008-05-20 13:55 232 --ah----- C:\sqmdata04.sqm
2008-05-12 08:06 . 2008-05-20 13:31 244 --ah----- C:\sqmnoopt03.sqm
2008-05-12 08:06 . 2008-05-20 13:31 232 --ah----- C:\sqmdata03.sqm
2008-05-07 11:41 . 2008-05-07 11:41 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-06 12:52 . 2008-05-20 12:39 244 --ah----- C:\sqmnoopt02.sqm
2008-05-06 12:52 . 2008-05-20 12:39 232 --ah----- C:\sqmdata02.sqm
2008-05-06 12:43 . 2008-05-20 10:27 <DIR> d-------- C:\wksca2004
2008-05-06 12:43 . 2008-05-06 12:43 <DIR> d-------- C:\Program Files\Borland
2008-05-06 12:43 . 1999-11-12 06:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-05-06 12:42 . 2008-05-20 10:29 <DIR> d-------- C:\TMPOS
2008-05-06 12:42 . 2004-01-06 00:04 552,960 --a------ C:\WINDOWS\system32\dbodbc8.dll
2008-05-06 12:42 . 2005-03-21 15:08 135,690 --a------ C:\WINDOWS\qdstmuninstall.exe
2008-05-06 11:54 . 2008-05-20 12:25 244 --ah----- C:\sqmnoopt01.sqm
2008-05-06 11:54 . 2008-05-20 12:25 232 --ah----- C:\sqmdata01.sqm
2008-05-06 11:46 . 2008-05-20 12:21 244 --ah----- C:\sqmnoopt00.sqm
2008-05-06 11:46 . 2008-05-20 12:21 232 --ah----- C:\sqmdata00.sqm
2008-05-06 11:45 . 2008-05-20 10:22 <DIR> d---s---- C:\Documents and Settings\mmd\UserData
2008-05-06 11:42 . 2008-05-20 10:27 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-06 11:30 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-06 11:30 . 2008-05-06 11:30 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-06 11:29 . 2008-05-06 11:29 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-06 11:29 . 2008-05-06 11:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-06 11:29 . 2008-05-06 11:29 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-06 11:28 . 2008-05-06 11:29 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-06 11:25 . 2008-05-06 11:25 <DIR> dr-h----- C:\MSOCache
2008-05-06 11:08 . 2005-03-16 02:23 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys
2008-05-06 10:55 . 2008-05-06 10:55 <DIR> d-------- C:\Documents and Settings\mmd\Application Data\WinBatch
2008-05-06 10:53 . 2008-05-06 10:53 <DIR> d-------- C:\Program Files\CONEXANT
2008-05-06 10:52 . 2008-05-06 10:57 <DIR> d-------- C:\WINDOWS\nview
2008-05-06 10:52 . 2006-05-09 22:50 192,512 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-06 10:52 . 2008-05-21 09:14 43,531 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-06 10:52 . 2006-05-09 22:50 16,356 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-06 10:47 . 2006-01-24 19:23 192,512 --a------ C:\WINDOWS\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:51 269 ----a-w C:\Program Files\Common Files\saguv
2008-05-15 13:55 269 ----a-w C:\Program Files\Common Files\saguv223
2008-05-06 13:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 10:36 142 ----a-w C:\Program Files\Common Files\wuopryk.html
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-06-13 10:23 90,624 --sh--r C:\WINDOWS\system32\jjqhizzcj.exe
2007-06-13 10:23 90,624 --sh--r C:\WINDOWS\system32\shibgqbtd.exe
2007-06-13 10:23 90,624 --sh--r C:\WINDOWS\system32\zfhzyvdbg.exe
.

------- Sigcheck -------

2007-06-13 06:23 1042944 16f23050cfae9658ae98c6d8c34fdff6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1042944 585c6479a3a617aae6aa0b195cda2524 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 20:56 1041920 50a0c7c27fc49470cfcf108efea2839d C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 1042944 d740c4270afe40effae5b04fbbf0f5a2 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 20:56 25088 93f8661494627662c215176298226429 C:\WINDOWS\system32\ctfmon.exe
2004-08-03 20:56 25088 d10a1724d3805f1f05bf0ab3da44072a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 25088]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Clrp"="C:\DOCUME~1\mmd\MYDOCU~1\ASKS~1\nslookup.exe" [ ]
"Qkduxw"="C:\Program Files\Common Files\??mbols\?hkdsk.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MDM Rock 4"="C:\WINDOWS\system32\zfhzyvdbg.exe" [2007-06-13 06:23 90624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 22:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 22:50 1531904 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 22:50 86016]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-05-21 09:15 37376]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\jjqhizzcj.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\shibgqbtd.exe"=
"C:\\WINDOWS\\system32\\zfhzyvdbg.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\sjvkrfqsj.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sjvkrfqsj.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 09:14:54
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\DIL4.tmp
C:\WINDOWS\mrofinu1001186.exexe
.
**************************************************************************
.
Completion time: 2008-05-21 9:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 13:16:23

Pre-Run: 35,265,249,280 bytes free
Post-Run: 35,595,501,568 bytes free

210 --- E O F --- 2008-05-06 15:37:35


thanks in adventage

Edited by fonsy, 21 May 2008 - 08:05 AM.

  • 0

Advertisements

#2
sarahw
Posted 23 May 2008 - 03:36 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw
Posted 23 May 2008 - 03:48 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,

1.
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.

2.
Click HERE and run an online scan with Kaspersky WebScanner
  • Click on Kaspersky Online Scanner
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information into your next post.
[/list]
  • 0

#4
sarahw
Posted 28 May 2008 - 10:46 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP