Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infected


  • Please log in to reply

#1
vally

vally

    Member

  • Member
  • PipPipPip
  • 590 posts
My computer in infected with viruses and they were found and deleted such as herss but the computer is running correctly. and I can not see the hidden folderes even when I changed the registry settings.
I ran My anti virus symantec ver 10 and it is up to date. it found and cleand 6 viruses. Ran Mallware bytes at the beginning found nothing but then I ran a virus check in safe mode and it got shut down near the beginning.
I ran a virus scan while connecting it an an external hard drive and viruses were found I think it is because there is no access to hidden files.
after this I ran sfc scannow. Then I went through the stages that were in the post of cleanning the computer.
in all was ok mallware bytes found 6 itemes but when I ran OTL it got stuck and was not responding. it was stuck on hkmsv on the bottom for over half an hour. Now it says not responding.

i added my mabam log and the ark.text files

Here is my mabam log

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

31/01/2010 23:13:39
mbam-log-2010-01-31 (23-13-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247057
Time elapsed: 47 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.



ark.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 22:17:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwlcrpow.sys


---- System - GMER 1.0.15 ----

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE91116D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) EE910FC2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP