Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sysprotect and WinAntivirus pop up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby cacauli » July 16th, 2006, 2:48 pm

ZoneAlarm shut down. Went back to ActiveScan. Pressed CTRL key while downloading files AND again when the scan window appeared. I don't know if you understand when I say that I can "hear" the scanning process... it does the same sound although the window shows 0 scanned files. :roll:

I'll let it finish (as last time) just to see if the Choose Profile option pops up again. If nothing new happens, I will be scanning with the other option you presented.

I'm just afraid that I'm taking too much of time. Afterall, you must be human and need to do basic things like... to sleep! Please, let me know if you need a break :)
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » July 16th, 2006, 2:52 pm

don't worry about it :D it's actually almost lunch time here (i kind of just woke up :P)


i get instant email notifications and i try to respond as fast as i can :).


having malware on the computer is very stressful for most people, so i do what i can to alleviate it :)



hope it works right this time, but don't worry, there are several other options if it doesn't.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby cacauli » July 16th, 2006, 3:29 pm

I think it will be time enough for you to have lunch until my next post! I have good news and bad news.

Panda ActiveScan won't show any results. After uninstalling zonealarm, restarting, trying again, restarting, bla bla bla... decided to go to Kaspersky. And so far, it is working (hoohay!).

That was the good news. The bad news is, it has found 1 virus/1 infected file so far (5% scanned). I will let it finish and post you the report.

I don't know and don't even want to think how it would be without your help and the help of all the team from Malware Remove Forum!
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm

Unread postby agrarianmonk » July 16th, 2006, 3:56 pm

Panda not working is quite strange. I've had several users that have not been able to run panda, but like you, had no problems running kaspersky.


don't be too alarmed at the stats of the kaspersky scan. often, kaspersky will detect infected files in the system volume information (in system restore files), which aren't active on the computer.


post the results when they are ready. as a warning: kaspersky may take a long time to scan (unfortunately, its one of the slower scanners out there :?), so I wouldn't sit in front of the computer waiting for it to finish ;)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby cacauli » July 16th, 2006, 4:20 pm

Thanks for what you said on the last post. I was starting to panic when I saw 7 infected files!

Here is kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 16, 2006 9:17:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/07/2006
Kaspersky Anti-Virus database records: 207763
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 95381
Number of viruses found: 6
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66BD2AD5.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Eli\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\cert8.db Object is locked skipped
C:\Documents and Settings\Eli\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\history.dat Object is locked skipped
C:\Documents and Settings\Eli\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\key3.db Object is locked skipped
C:\Documents and Settings\Eli\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\parent.lock Object is locked skipped
C:\Documents and Settings\Eli\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sufqb4c.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eli\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eli\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Eli\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP27\A0002825.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP27\A0002845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cd skipped
C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP32\A0008040.exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP32\A0008313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ct skipped
C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP32\change.log Object is locked skipped
C:\VundoFix Backups\pmnlj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ct skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0FBE3C40-57AE-40C2-97DC-E3075A11D530}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wexhfdub.dll Infected: Trojan-Spy.Win32.VBStat.d skipped
C:\WINDOWS\Temp\JETC592.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_298.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm

Unread postby agrarianmonk » July 16th, 2006, 4:29 pm

everything looks good!

There is one file I would like you to upload to a site to have our experts look at. Please go to http://uploadmalware.com/

Fill in the requested fields:

Username: cacauli

Topic Where File Was Requested: http://www.malwareremoval.com/forum/viewtopic.php?t=11568

File(s) To Submit: 1. C:\VundoFix Backups\pmnlj.dll

then click "send file"

****************************

you may then delete this folder: C:\VundoFix Backups\

and the vundofix program i had you download earlier.

****************************

Updating Java and Clearing Cache
  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:
  4. After the reboot, go back into the Control Panel and double-click the Java Icon.
  5. Under Temporary Internet Files, click the Delete Files button.
  6. There are three options in the window to clear the cache - Leave ALL 3 Checked
      Downloaded Applets
      Downloaded Applications
      Other Files

  7. Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  8. Click OK to leave the Java Control Panel.

*you'll want to remove all previous versions of Java using add/remove programs (the latest version is J2SE Runtime Environment 5.0 Update 7).

****************************

Congratulations, your log looks clean! Are you having any other problems?

If not, we have just a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    1. Turn off System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.

    2. Restart your computer.

    3. Turn ON System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      UN-Check Turn off System Restore.
      Click Apply, and then click OK.

System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!


(Please respond to this thread one more time so we can mark this thread as resolved.)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby cacauli » July 16th, 2006, 5:20 pm

You have no idea how relieved I am now! After so many nights worried about the implications these malwares would have on my machine! Thank you ever so much!

I have done your recomendations and will do my best to keep away from problems. So far (and hopefully from now on) my computer is back to normal.

Thank for your patience, your kindness and for being there, not only for me, but for all the people that faced the ordeal of having a computer infected with viruses and/or malwares.

I will sleep much better tonight. Keep up with the good work ;)

Thank you very very much!! Muito obrigada!!! :D
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm

Unread postby agrarianmonk » July 16th, 2006, 5:25 pm

ahh, drat.

someone reminded me of a file i missed:

We need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.


please delete this file:

C:\WINDOWS\system32\wexhfdub.dll


********************

then,
reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.


***********************

then you're good to go :)

muito obrigada...is that portuguese?
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby cacauli » July 16th, 2006, 5:54 pm

Sim senhor! Yes, Sir! It is Portuguese (Brazilian Portuguese, mind you).

I have deleted the file as requested. Should I make another system restore point?
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm

Unread postby agrarianmonk » July 16th, 2006, 5:58 pm

you can reset system restore again, though i wouldn't worry about it too much :)


a shame i only too spanish in high school, portuguese sounds so much cooler!


let me know if you have any other questions or concerns.

otherwise, just post back to say you're good to go!

thanks!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby cacauli » July 16th, 2006, 6:03 pm

Tudo beleza! (literally it means "all pretty") I'm good, thanks to you and the other guys. Please, pass my greetings to Amateur too for the help with activeScan.

As they say here in UK "I'm a happy bunny now" :D

Cheers!!!
cacauli
Regular Member
 
Posts: 22
Joined: July 13th, 2006, 8:43 pm

Unread postby NonSuch » July 17th, 2006, 12:33 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware