Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus, Popups, NT Authority System error Please Help

Started by jmarten , Jan 26 2010 09:35 AM

  • Please log in to reply

#1
jmarten
Posted 26 January 2010 - 09:35 AM

jmarten

    Member

  • Member
  • PipPip
  • 15 posts
Hello, I all of a sudden started receiving a lot of pop ups and when I click a link on the internet from google it doesn’t go to that it goes to something different all together. Also this error started comning up “your system has to shut down because of nt authority and then says something about the dcom service “ and it would restart my computer. When I did a hijack this scan I noticed something strange windows/system32 file. I am not able to post an OTL LOG because it stops responding during the scan and in the bottom right (where it says what its scanning) it stalls at hkmsvc. I thought that was the health key service which I had disabled so I enabled it and it still stalled…I ran a malwarebytes scan yesterday and I had the fullscan picked instead of the quick scan so I am going to have to post that because it had found things and when I followed your guide today and did the quickscan like your guide said and it didn’t find anything. So I did everything on the guide that it said to do. Here are the logs that said to post in the malware and spyware guide. I don’t know what else to do now….. Please help…


Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/25/2010 12:15:32 AM
mbam-log-2010-01-25 (00-15-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175686
Time elapsed: 31 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mprvdex3.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\MPRVDex3.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\loader\Misc\Suuji.exe (Malware.pacler) -> Quarantined and deleted successfully.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-26 01:08:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JILLMA~1\LOCALS~1\Temp\kgryyuod.sys


---- System - GMER 1.0.15 ----

SSDT B22BA59E ZwCreateKey
SSDT B22BA594 ZwCreateThread
SSDT B22BA5A3 ZwDeleteKey
SSDT B22BA5AD ZwDeleteValueKey
SSDT B22BA5B2 ZwLoadKey
SSDT B22BA580 ZwOpenProcess
SSDT B22BA585 ZwOpenThread
SSDT B22BA5BC ZwReplaceKey
SSDT B22BA5B7 ZwRestoreKey
SSDT B22BA5A8 ZwSetValueKey
SSDT B22BA58F ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
RKinner
Posted 28 January 2010 - 02:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

PS Post your Hijackthis log if you have it.

Edited by RKinner, 28 January 2010 - 02:15 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP