Trojan.gen and other virus/malware detected [Solved]
Started by
kronoz 365
, Apr 21 2010 11:00 PM
#16
Posted 26 April 2010 - 07:48 AM
#17
Posted 26 April 2010 - 11:07 AM
Hi mpascal,
The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says
918-Front USB Not Connected
Then it gives me a options to hit
Ctrl-S for configuration Menu
F1 to Boot
I just hit F1 and boots normally.
Other than that it seems OK.
I am able to connect to the internet now. (I am finally using my computer to reply to you) As soon as i connected, Windows began its updates and will install after i shut down.
Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?
Or did it get clean with the other scans previously run.
Thanks for helping get my computer back.
kronoz
The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says
918-Front USB Not Connected
Then it gives me a options to hit
Ctrl-S for configuration Menu
F1 to Boot
I just hit F1 and boots normally.
Other than that it seems OK.
I am able to connect to the internet now. (I am finally using my computer to reply to you) As soon as i connected, Windows began its updates and will install after i shut down.
Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?
Or did it get clean with the other scans previously run.
Thanks for helping get my computer back.
kronoz
#18
Posted 26 April 2010 - 11:11 AM
Hi,
I don't believe this is a problem with your USB ports, I believe this is the computer looking for a USB stick to boot off of but isn't finding one. Basically, I don't think it's a problem really at all, just the way your computer is set up.The only problem i seem to have is the front USB ports are still not reading.
When i boot up it beeps 1 time then it goes in to safe mode screen and says
Sure, we might as well just to make sure nothing else is there.Would it be OK now to try and run Malwarebytes ? and the Kapersky online scan ?
#19
Posted 26 April 2010 - 02:21 PM
Hi mpascal,
Thanks for the re-assuring message about the USB. Is there anyway to stop the beep at boot up from happening? It's pretty annoying. I had a wireless linksys stick connected in the front USB to connect to the internet. (thats what i was using when i got the virus) Now i use hardwire since i'm much closer to the router now.
Here are the logs from both Malwarebytes, and Kaspersky in that order. I am going to restart my computer with the Windows updates now.
Thanks again.
kronoz
.................................................................................
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/26/2010 10:24:31 AM
mbam-log-2010-04-26 (10-24-31).txt
Scan type: Quick scan
Objects scanned: 109108
Time elapsed: 4 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.................................................................................
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 16:54:43
Records in database: 3981944
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 61054
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:50:13
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\Temp\yaaawu.dll.vir Infected: Trojan.Win32.Pincav.uye 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\system32\nynw.wmo Infected: Trojan.Win32.Agent.dmyq 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\temp\yaaawu.dll Infected: Trojan.Win32.Pincav.uye 1
Selected area has been scanned.
Thanks for the re-assuring message about the USB. Is there anyway to stop the beep at boot up from happening? It's pretty annoying. I had a wireless linksys stick connected in the front USB to connect to the internet. (thats what i was using when i got the virus) Now i use hardwire since i'm much closer to the router now.
Here are the logs from both Malwarebytes, and Kaspersky in that order. I am going to restart my computer with the Windows updates now.
Thanks again.
kronoz
.................................................................................
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/26/2010 10:24:31 AM
mbam-log-2010-04-26 (10-24-31).txt
Scan type: Quick scan
Objects scanned: 109108
Time elapsed: 4 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.................................................................................
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 26, 2010 16:54:43
Records in database: 3981944
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 61054
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:50:13
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\Temp\yaaawu.dll.vir Infected: Trojan.Win32.Pincav.uye 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\system32\nynw.wmo Infected: Trojan.Win32.Agent.dmyq 1
C:\_OTL\MovedFiles\04232010_120400\C_WINDOWS\temp\yaaawu.dll Infected: Trojan.Win32.Pincav.uye 1
Selected area has been scanned.
#20
Posted 26 April 2010 - 05:38 PM
Hi mpascal,
I noticed that some of my files in "My Document's" folder changed to a "blue" text instead of the normal black. Only some files "text" are like this. It also did the same with the text on some files in the "C" drive. (none of the titles of the folders but only the text of some files itself)
I also did a scan with SuperAntispyware Scan and it found a trojan. (posted log)
Thanks.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/26/2010 at 02:31 PM
Application Version : 4.35.1002
Core Rules Database Version : 4853
Trace Rules Database Version: 2665
Scan type : Quick Scan
Total Scan Time : 00:15:37
Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 398
Registry threats detected : 0
File items scanned : 6524
File threats detected : 2
Trojan.Agent/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\TEMP\YAAAWU.DLL.VIR
C:\_OTL\MOVEDFILES\04232010_120400\C_WINDOWS\TEMP\YAAAWU.DLL
I noticed that some of my files in "My Document's" folder changed to a "blue" text instead of the normal black. Only some files "text" are like this. It also did the same with the text on some files in the "C" drive. (none of the titles of the folders but only the text of some files itself)
I also did a scan with SuperAntispyware Scan and it found a trojan. (posted log)
Thanks.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/26/2010 at 02:31 PM
Application Version : 4.35.1002
Core Rules Database Version : 4853
Trace Rules Database Version: 2665
Scan type : Quick Scan
Total Scan Time : 00:15:37
Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 398
Registry threats detected : 0
File items scanned : 6524
File threats detected : 2
Trojan.Agent/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\TEMP\YAAAWU.DLL.VIR
C:\_OTL\MOVEDFILES\04232010_120400\C_WINDOWS\TEMP\YAAAWU.DLL
#21
Posted 26 April 2010 - 05:52 PM
Hi,
Both those trojans are in quarantine, so you're fine there. As for the USB thing, if you go to the configuration menu I'm sure you could change it so that it will boot to hard drive before it boots to USB.
Both those trojans are in quarantine, so you're fine there. As for the USB thing, if you go to the configuration menu I'm sure you could change it so that it will boot to hard drive before it boots to USB.
#22
Posted 26 April 2010 - 06:20 PM
OK thanks. So is it pretty much clean now?
Any idea of why the text of some files are blue instead of the normal black? Or know of a way to resolve that?
kronoz
Any idea of why the text of some files are blue instead of the normal black? Or know of a way to resolve that?
kronoz
#23
Posted 26 April 2010 - 09:28 PM
I believe blue file names mean encrypted or compressed. I believe if you go Folder Options -> View -> Advanced Settings you should be able to shut it off there.
#24
Posted 27 April 2010 - 11:19 AM
Hi mpascal,
Thanks for showing me how to change that. I thought it was because of the virus.
I am still having problems with the front USB though. It still reads it's not connected when i tell it to boot from the hard drive. And when i try to put a memory stick in the front, it doesn't read it. It doesn't even show up under "My Computer"
Should i start another post in the forum under hardware?
Thanks again.
kronoz
Thanks for showing me how to change that. I thought it was because of the virus.
I am still having problems with the front USB though. It still reads it's not connected when i tell it to boot from the hard drive. And when i try to put a memory stick in the front, it doesn't read it. It doesn't even show up under "My Computer"
Should i start another post in the forum under hardware?
Thanks again.
kronoz
#25
Posted 27 April 2010 - 12:53 PM
Might not be a bad idea to let one of the techies look at it, they'll probably have a much easier time figuring out what's going on. Create a new topic in the Hardware forums, let them know your computer is malware free and that I sent you there.
#26
Posted 27 April 2010 - 01:34 PM
Thanks again for all your help mpascal.
I appreciate all the help you have given me to get my computer back!
I will be posting a new topic to get this last issue resolved.
Thanks again.
All the best.
kronoz 365
I appreciate all the help you have given me to get my computer back!
I will be posting a new topic to get this last issue resolved.
Thanks again.
All the best.
kronoz 365
#27
Posted 27 April 2010 - 04:00 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users