Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

gff6.exe,x.exe,60.exe - Removal Help

Started by _-Rs-_ , Sep 23 2010 06:01 AM

  • This topic is locked This topic is locked

#16
_-Rs-_
Posted 01 October 2010 - 09:45 AM

_-Rs-_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Well, When i start windows my avast pop-ups up some time's saying virus in system32

With names like x.exe ect.. i delete them But meanwhile Svchost.exe starts Command Prompt

And uses it to open FTP and connects to a malware Site/IP and then svchost crashes

I have blocked the site but i believe some virus is still running

I did block the site but it still tries to connect to the site so there must

Be something still running and because even if i disconnect the internet some thing extracts virus in

System32 so i am sure some virus is still running in my system
-----------------------------------------------------------------------------
And in AVZ there's a folder with copy's of Infected files

Posted Image

You want me to delete them :D

Edited by _-Rs-_, 01 October 2010 - 10:01 AM.

  • 0

Advertisements

#17
maliprog
Posted 01 October 2010 - 10:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi _-Rs-_,

I understand. There is no need to remove AVZ quarantine files now. We will remove it in the and of this fix. Don't worry for them now.

Do you use any Sandbox programs? If you do, did you sandboxed any of this tools we are working with?

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

  • 0

#18
_-Rs-_
Posted 01 October 2010 - 11:15 AM

_-Rs-_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Nop bro, I Didn't use Sandbox with any of the tools we used, I only use it when, I Don't trust any file i Download - Or if i don't trust someone!

I Completely trust you so no worry's :D

MBRCheck Log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows XP Professional
Windows Information:        Service Pack 3 (build 2600)
Logical Drives Mask:        0x0000003c

Kernel Drivers (total 127):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806FF000 \WINDOWS\system32\hal.dll
  0xF7B16000 \WINDOWS\system32\KDCOM.DLL
  0xF7A26000 \WINDOWS\system32\BOOTVID.dll
  0xF75C7000 ACPI.sys
  0xF7B18000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF75B6000 pci.sys
  0xF7616000 isapnp.sys
  0xF7BDE000 pciide.sys
  0xF7896000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7626000 MountMgr.sys
  0xF7597000 ftdisk.sys
  0xF7B1A000 dmload.sys
  0xF7571000 dmio.sys
  0xF789E000 PartMgr.sys
  0xF7636000 VolSnap.sys
  0xF7559000 atapi.sys
  0xF7646000 disk.sys
  0xF7656000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7539000 fltMgr.sys
  0xF7527000 sr.sys
  0xF7666000 PxHelp20.sys
  0xF7510000 KSecDD.sys
  0xF7483000 Ntfs.sys
  0xF7456000 NDIS.sys
  0xF743C000 Mup.sys
  0xF7A2A000 BtHidBus.sys
  0xF7716000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF6E5E000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xF6E4A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF6E22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF796E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF6DFE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7976000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF6DA1000 \SystemRoot\system32\drivers\cmaudio.sys
  0xF6D7D000 \SystemRoot\system32\drivers\portcls.sys
  0xF7726000 \SystemRoot\system32\drivers\drmk.sys
  0xF6D5A000 \SystemRoot\system32\drivers\ks.sys
  0xF6D46000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0xF7736000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF797E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7986000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7746000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF7AFE000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF7756000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7766000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7776000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF798E000 \SystemRoot\system32\DRIVERS\afw.sys
  0xF6D08000 \SystemRoot\system32\drivers\afwcore.sys
  0xF7996000 \SystemRoot\system32\drivers\TDI.SYS
  0xF69AB000 \SystemRoot\system32\DRIVERS\btkrnl.sys
  0xF7CA7000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7796000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7B12000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF62D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF77A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF77B6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF6223000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF77C6000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF799E000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF79A6000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF61F3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF77D6000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7B3A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF616D000 \SystemRoot\system32\DRIVERS\update.sys
  0xF740C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF77E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7806000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7B40000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7AB6000 \SystemRoot\system32\DRIVERS\gameenum.sys
  0xF7B42000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7D12000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7B44000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF79C6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF79CE000 \SystemRoot\System32\drivers\vga.sys
  0xF7B46000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7B48000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF79D6000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF79DE000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7AC6000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xAA412000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAA3B9000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF7816000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0xAA36B000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF7826000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xAA35A000 \SystemRoot\system32\drivers\ts_lb.sys
  0xAA332000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xAA310000 \SystemRoot\System32\drivers\afd.sys
  0xF7836000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF7AE6000 \??\C:\WINDOWS\system32\Drivers\TSKNF900.SYS
  0xF7846000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0xAA29E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF79F6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xAA1F1000 \??\C:\WINDOWS\system32\drivers\SandBox.sys
  0xF7856000 \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
  0xAA126000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xAA0B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7866000 \SystemRoot\System32\Drivers\Fips.SYS
  0xAA095000 \SystemRoot\System32\Drivers\aswSP.SYS
  0xF78E6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
  0xF76B6000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAA055000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7B5E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xAA2F0000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF7906000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7D2E000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
  0xA9F89000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xF792E000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xA9F1D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9D97000 \SystemRoot\System32\Drivers\aswMon2.SYS
  0xA9B02000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9FDD000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA9827000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF79BE000 \SystemRoot\System32\drivers\aspi32.sys
  0xA9888000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
  0xA958B000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA94F5000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
  0xA91BC000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA9339000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
       0 System Idle Process
       4 System
     760 C:\WINDOWS\system32\smss.exe
     832 csrss.exe
     860 C:\WINDOWS\system32\winlogon.exe
     908 C:\WINDOWS\system32\services.exe
     920 C:\WINDOWS\system32\lsass.exe
    1104 C:\WINDOWS\system32\svchost.exe
    1152 svchost.exe
    1244 D:\Program Files\Windows Defender\MsMpEng.exe
    1392 svchost.exe
    1468 svchost.exe
    1572 D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    1624 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
    1684 D:\Program Files\Alwil Software\Avast4\ashServ.exe
    1904 C:\WINDOWS\explorer.exe
     360 C:\WINDOWS\system32\spoolsv.exe
     712 C:\WINDOWS\mixer.exe
     112 D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
     728 C:\WINDOWS\FixCamera.exe
     792 op_mon.exe
     820 C:\WINDOWS\system32\hkcmd.exe
    1332 acs.exe
    1504 D:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
    1780 svchost.exe
    1812 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    1892 C:\Program Files\Java\jre6\bin\jqs.exe
    2060 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    2148 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    2176 C:\Program Files\Sandboxie\SbieSvc.exe
    2248 C:\WINDOWS\system32\svchost.exe
    2696 D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    2808 D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    2856 C:\WINDOWS\system32\wscntfy.exe
    3192 alg.exe
    2880 D:\Program Files\Mozilla Firefox\firefox.exe
    1800 C:\WINDOWS\system32\svchost.exe
    2896 D:\Program Files\Mozilla Firefox\plugin-container.exe
    3208 C:\WINDOWS\system32\osk.exe
    2504 C:\WINDOWS\system32\msswchx.exe
    3624 C:\WINDOWS\system32\notepad.exe
    1200 C:\Documents and Settings\_-Rs-_\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00003a00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`5a7f0e00  (NTFS)

PhysicalDrive0 Model Number: ST3160215AS, Rev: 4.AAB   

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Edited by _-Rs-_, 01 October 2010 - 11:27 AM.

  • 0

#19
maliprog
Posted 02 October 2010 - 11:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi _-Rs-_,

You have some files on your PC that we need to remove. They can be also source of infection. Please do this step to remove them.

  • Double click on AVZ.exe to run it
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\Documents and Settings\Bunty\My Documents\Downloads\Windows Xp Key changer.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise\surprise.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise\surprise(NEW).exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\New Folder\Craking\MultiLeech.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\New Folder\Craking\MultiLeech\MultiLeech\MultiLeech.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\TCPZ_20090108.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\CrackingSetv1.0.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop 2\X-R.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop 2\FBI.Internet.Tools.Pack.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\[P-P] Availability Checker.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Yahghost_s SSL Login Booter Beta Version.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\sniffpass.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\One Bot booter.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\keylogger.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\Hide.IP.Platinum.v3.4.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\aflinternetowlspaflatoonscw.info.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\kings.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\YLC_Killer.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\Multi List Tool - By Chris.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Love.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Love\Love.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Bunty.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\GoolagScanner-1.0.41.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Conf Joiner.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\assorted vb source.zip','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Amaras Anti-Virus Tester.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\1_bot_booter.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\11_FBI_Tools.rar','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\CrackingSetv1.0\Quick OCX Register.exe','');
    QuarantineFile('C:\Documents and Settings\Bunty\Desktop\CrackingSetv1.0\exploit.rar','');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\CrackingSetv1.0\exploit.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\CrackingSetv1.0\Quick OCX Register.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\11_FBI_Tools.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\1_bot_booter.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Amaras Anti-Virus Tester.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\assorted vb source.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Conf Joiner.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\GoolagScanner-1.0.41.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Bunty.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Love\Love.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\b\ProRat_v1.9\Love.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\Multi List Tool - By Chris.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Jest Some Stuff\YLC_Killer.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\kings.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\aflinternetowlspaflatoonscw.info.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\Hide.IP.Platinum.v3.4.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\New Folder\keylogger.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\One Bot booter.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\sniffpass.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\Yahghost_s SSL Login Booter Beta Version.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop\[P-P] Availability Checker.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop 2\FBI.Internet.Tools.Pack.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\All In Here\Desktop 2\X-R.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\CrackingSetv1.0.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Downloads\TCPZ_20090108.zip');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\New Folder\Craking\MultiLeech\MultiLeech\MultiLeech.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\New Folder\Craking\MultiLeech.rar');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise\surprise(NEW).exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise\surprise.exe');
    DeleteFile('C:\Documents and Settings\Bunty\Desktop\Y-Socks\surprise.rar');
    DeleteFile('C:\Documents and Settings\Bunty\My Documents\Downloads\Windows Xp Key changer.exe');
    RebootWindows(true);
    end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.

  • 0

#20
_-Rs-_
Posted 02 October 2010 - 11:58 AM

_-Rs-_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OK i did that, Guess what bro avast didn't pop-up. But i knew that doesn't mean my system is clean yet

So i did a side scan here's what i found

Detected spyware "BiFrost" (Backdoor) in HKEY_USERS\S-1-5-21-1547161642-2146918053-299502267-1005\software\Wget
Detected spyware "BZub" (Trojan) in HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Control Panel\load

And

Trojan's in
C:\Documents and Settings\All Users\Application Data\SecTaskMan\CFDRIVE32.EXE.Q.2CFC01_Q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\CFDRIVE32.EXE.Q.2CFC01_Q.OLD

Trojan/FaveAV in
C:\Documents and Settings\All Users\Application Data\SecTaskMan\MSVMIODE.EXE.Q_8044802_Q

  • 0

#21
maliprog
Posted 04 October 2010 - 04:52 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi _-Rs-_,

Good job! How is your system now?
  • 0

#22
maliprog
Posted 26 November 2010 - 02:36 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP