1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus/trojan took over!

Discussion in 'Windows - Virus and spyware problems' started by Mikeryan1, Jan 2, 2010.

  1. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    scanning...

    still scanning...80,000 files so far and nothing in the box next to the ticking counter...
     
    Last edited: Jan 2, 2010
  2. CNova

    CNova Member

    Joined:
    Dec 29, 2009
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Please remember that there is a Edit function for your posts. ;)

    [​IMG]
     
    Last edited: Jan 2, 2010
  3. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    100475 files scanned, no viruses found!

    It's not looking good...
     
  4. CNova

    CNova Member

    Joined:
    Dec 29, 2009
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Alright, lets try removing

    Code:
    C:\Users\Mike\AppData\Local\Temp\wscsvc32.exe
    and
    Code:
    C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
    If you aren't able to delete them, try KillBox - http://killbox.net/downloads/beta/KillBox.exe

    Open KillBox and paste the path to the files above into "Full Path of File to Delete" then click the red circle with the "X" in it.
     
    Last edited: Jan 2, 2010
  5. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Both files deleted....next step?

    There are 3 files in that directory that keep appearing as desktop Icons...youporn, naked tube and another porn site. Theres a very small thumbnail on the "browse for files or folders" directory. Should I delete those too? They aren't directory files, but single files.

    Also, is it possible to delete by date? Any file that was instaled after X time?
     
    Last edited: Jan 2, 2010
  6. CNova

    CNova Member

    Joined:
    Dec 29, 2009
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Try using KillBox's temp file cleaner, its under Tools > "Delete Temp Files"

    In the new window, check off Options > "Process all profiles" and make sure everything is checked off under Temp Locations for WinNT, ignore the greyed areas.
    Click "Delete Selected Temp Files"
     
  7. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,328
    Likes Received:
    120
    Trophy Points:
    143
  8. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Made some progress. Going to try the file hippo program. THIS SUCKS!
     
  9. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Heres's where I'm at so far

    HJK Log 2nd time after running Malware, Killbox, Clean it, CC cleaner...

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 2:09:56 AM, on 1/3/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
    C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wftv.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
    O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: RCA Detective.lnk = C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://125.206.34.117/cgi-bin/kxhcm10.ocx
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://76.108.199.199:1024/img/NetCamPlayerWeb11g.ocx
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JS...7/&filename=jinstall-6u12-windows-i586-jc.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://lts.maronda.com/dwa8W.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://63.165.41.9/JpegInst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
    O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14479 bytes



    Malware log:

    Malwarebytes' Anti-Malware 1.43
    Database version: 3458
    Windows 6.0.6001 Service Pack 1 (Safe Mode)
    Internet Explorer 8.0.6001.18865

    1/3/2010 1:25:54 AM
    mbam-log-2010-01-03 (01-25-54).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 341493
    Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

    Files Infected:
    C:\!KillBox\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\!KillBox\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Mike\AppData\Local\Temp\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Mike\AppData\Local\Temp\Installer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
     
  10. CNova

    CNova Member

    Joined:
    Dec 29, 2009
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Very nice! How did you get MalwareBytes to run? I'm just curious.

    The final tool I suggest that you run is ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    NOTE: Make sure you're in normal mode when you're running ComboFix and disable any AV that may be running.

    Save ComboFix to your desktop and run it
    Follow the prompts and it should produce a log at the end of the scan, post that here.

    You should be clean after that. ;)
     
    Last edited: Jan 3, 2010
  11. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    I dunno what I did to get Malwarebytes to run. I know I was in Safe mode, but I think it was blind luck.

    Looks like I'm back to square one. I cannot re-run Malwarebytes, cannot turn on Search and Destroy and can't connect to the internet.

    Besides starting over from the top of the thread, any other suggestions?
     
  12. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,328
    Likes Received:
    120
    Trophy Points:
    143
    have you tried system restore to before that problem?
     
  13. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Can I do that in safe mode? How would I go about that?
     
  14. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,328
    Likes Received:
    120
    Trophy Points:
    143
    yes it can be done in safemode. go into safemode & if administrator icon comes up besides your logon on icon then select that, if not then select yours. goto all programs\accessories\system tools & select system restore. click on select earlier time then next. a calender will appear & select a dark colored date before the problen then next. system will do a restart tho not right at that second as it has to do some stuff 1st. after it does the restart it will do some more stuff then will come up to say system restore complete(hopefully) or incomplete(hopefully not).
     
  15. Mikeryan1

    Mikeryan1 Member

    Joined:
    Jan 2, 2010
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    After I do a system restore, do I then try to run malwarebytes and see if it killed everything, or should I be good after that?

    Logged in it said the Windows Defender Interface has stopped working. This started to happen after I ran CC cleaner. "There was a disk failure during the restore"

    I'll try a different restore point.
     
  16. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,328
    Likes Received:
    120
    Trophy Points:
    143
    any programs instaaled after that restore date won't work so they need to be reloaded.
     
  17. infam0us

    infam0us Regular member

    Joined:
    Oct 23, 2005
    Messages:
    1,538
    Likes Received:
    0
    Trophy Points:
    46
    yup if your system doesnt restore to the earlier time your pc was safe,just do a clean install of your OS,back up everything and get a good antivirus program
     

Share This Page