Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Infected, System files corrupted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Infected, System files corrupted

Unread postby TeKn1qu3z » April 30th, 2010, 10:15 pm

I was infected by this file.
http://www.virustotal.com/analisis/5f0c ... 1272676720
It ran unknowingly to me. As soon as it ran I got a BSOD. I restarted and kept getting a BSOD. I am still getting this.
I tried running in Safe Mod, Safe Mod Networking, Safe Mod Command Prompt, all 3 pause at "loading Mups.sys"

I am also running Dual Boot on my laptop. I was infected on my XP side, I was able to boot up my 7 partition and run MBAM and clean my XP partition.

Infected files were quarantined but I still cannot boot up XP, (BSOD and frozen at Mups.sys)
My guess is my system files are corrupted. Is there any way to fix this so I can boot up XP. My CD Drive is broken so I cannot use my CD.

This is my MBAM log.
Code: Select all
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/30/2010 9:56:57 PM
mbam-log-2010-04-30 (21-56-57).txt

Scan type: Full scan (D:\|)
Objects scanned: 202543
Time elapsed: 28 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
D:\$RECYCLE.BIN\S-1-5-21-1267294760-1216761272-471448178-1001\$RQDKE2C.45\update.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
D:\$RECYCLE.BIN\S-1-5-21-1267294760-1216761272-471448178-1001\$RQDKE2C.45\Keygen\mbam-keymaker.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jason\Desktop\3GP_Converter034\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jason\Desktop\wtf\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jason\Local Settings\Temp\0000774e (Rootkit.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jason\Local Settings\Temp\softplug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-1606980848-1993962763-1801674531-1004\Dc2275.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{117A0EAB-AD43-4CA2-A563-AC62AFA4C0A5}\RP38\A0019450.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{117A0EAB-AD43-4CA2-A563-AC62AFA4C0A5}\RP38\A0019518.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{117A0EAB-AD43-4CA2-A563-AC62AFA4C0A5}\RP51\A0021129.exe (Malware.Tool) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\spool\prtprocs\w32x86\b00006fb4.dll (Rootkit.Dropper) -> Quarantined and deleted successfully.


Forgot to add, this was on XP Professional SP3.
And I am currently using my Windows 7 to post this.
TeKn1qu3z
Active Member
 
Posts: 1
Joined: April 30th, 2010, 10:06 pm
Advertisement
Register to Remove

Re: Computer Infected, System files corrupted

Unread postby NonSuch » May 1st, 2010, 2:03 am

TeKn1qu3z wrote:I am also running Dual Boot on my laptop. I was infected on my XP side, I was able to boot up my 7 partition and run MBAM and clean my XP partition.

Infected files were quarantined but I still cannot boot up XP, (BSOD and frozen at Mups.sys)
My guess is my system files are corrupted. Is there any way to fix this so I can boot up XP. My CD Drive is broken so I cannot use my CD.

Online help forums depend on logs to guide helpers in the malware removal process, which also requires the use of certain software tools. Without logs and tools, we would be groping in the dark, and that is just too risky.

As you are unable to access this obviously badly infected operating system, nor are you able to use your CD drive, we're sorry but there's nothing we can do to assist you in an attempted clean up. Your best option is to reformat the infected partition.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware