[mpascal]

Are you still having problems at all?

[Advertisements]

Hi mpascal,

The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says

918-Front USB Not Connected

Then it gives me a options to hit

Ctrl-S for configuration Menu
F1 to Boot

I just hit F1 and boots normally.

Other than that it seems OK.
I am able to connect to the internet now. (I am finally using my computer to reply to you) As soon as i connected, Windows began its updates and will install after i shut down.

Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?
Or did it get clean with the other scans previously run.

Thanks for helping get my computer back.
kronoz

[kronoz 365]

Hi mpascal,

The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says

918-Front USB Not Connected

Then it gives me a options to hit

Ctrl-S for configuration Menu
F1 to Boot

I just hit F1 and boots normally.

Other than that it seems OK.
I am able to connect to the internet now. (I am finally using my computer to reply to you) As soon as i connected, Windows began its updates and will install after i shut down.

Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?
Or did it get clean with the other scans previously run.

Thanks for helping get my computer back.
kronoz

[mpascal]

Hi,

The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says

I don't believe this is a problem with your USB ports, I believe this is the computer looking for a USB stick to boot off of but isn't finding one. Basically, I don't think it's a problem really at all, just the way your computer is set up.

Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?

Sure, we might as well just to make sure nothing else is there.

[kronoz 365]

Hi mpascal,

Thanks for the re-assuring message about the USB. Is there anyway to stop the beep at boot up from happening? It's pretty annoying. I had a wireless linksys stick connected in the front USB to connect to the internet. (thats what i was using when i got the virus) Now i use hardwire since i'm much closer to the router now.

Here are the logs from both Malwarebytes, and Kaspersky in that order. I am going to restart my computer with the Windows updates now.

Thanks again.
kronoz

.................................................................................

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 10:24:31 AM
mbam-log-2010-04-26 (10-24-31).txt

Scan type: Quick scan
Objects scanned: 109108
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.................................................................................

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 16:54:43
Records in database: 3981944
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 61054
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:50:13


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\Temp\yaaawu.dll.vir Infected: Trojan.Win32.Pincav.uye 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\system32\nynw.wmo Infected: Trojan.Win32.Agent.dmyq 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\temp\yaaawu.dll Infected: Trojan.Win32.Pincav.uye 1

Selected area has been scanned.

[kronoz 365]

Hi mpascal,

I noticed that some of my files in "My Document's" folder changed to a "blue" text instead of the normal black. Only some files "text" are like this. It also did the same with the text on some files in the "C" drive. (none of the titles of the folders but only the text of some files itself)


I also did a scan with SuperAntispyware Scan and it found a trojan. (posted log)

Thanks.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2010 at 02:31 PM

Application Version : 4.35.1002

Core Rules Database Version : 4853
Trace Rules Database Version: 2665

Scan type : Quick Scan
Total Scan Time : 00:15:37

Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 398
Registry threats detected : 0
File items scanned : 6524
File threats detected : 2

Trojan.Agent/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\TEMP\YAAAWU.DLL.VIR
C:\_OTL\MOVEDFILES\04232010_120400\C_WINDOWS\TEMP\YAAAWU.DLL

[mpascal]

Hi,

Both those trojans are in quarantine, so you're fine there. As for the USB thing, if you go to the configuration menu I'm sure you could change it so that it will boot to hard drive before it boots to USB.

[kronoz 365]

OK thanks. So is it pretty much clean now?

Any idea of why the text of some files are blue instead of the normal black? Or know of a way to resolve that?

kronoz

[mpascal]

I believe blue file names mean encrypted or compressed. I believe if you go Folder Options -> View -> Advanced Settings you should be able to shut it off there.

[kronoz 365]

Hi mpascal,

Thanks for showing me how to change that. I thought it was because of the virus.

I am still having problems with the front USB though. It still reads it's not connected when i tell it to boot from the hard drive. And when i try to put a memory stick in the front, it doesn't read it. It doesn't even show up under "My Computer"

Should i start another post in the forum under hardware?

Thanks again.
kronoz

[mpascal]

Might not be a bad idea to let one of the techies look at it, they'll probably have a much easier time figuring out what's going on. Create a new topic in the Hardware forums, let them know your computer is malware free and that I sent you there.

[kronoz 365]

Thanks again for all your help mpascal.
I appreciate all the help you have given me to get my computer back!
I will be posting a new topic to get this last issue resolved.
Thanks again.
All the best.
kronoz 365

[mpascal]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.