Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with saving data in games

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Problem with saving data in games

Unread postby deltalima » November 28th, 2009, 3:56 pm

Hi josetto,


Please post the log from Malwarebytes in your next reply, you posted the RSIT info.txt last time.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Problem with saving data in games

Unread postby josetto » November 29th, 2009, 2:03 pm

malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database version: 3237
Windows 5.1.2600 Service Pack 3

26. 11. 2009 19:49:46
mbam-log-2009-11-26 (19-49-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 392405
Time elapsed: 1 hour(s), 37 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Infected:
D:\program files\mIRCczLite\sounds\mirc.VIRexe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\aawservice_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\ad-awareadmin_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\AdobeUpdater_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\askpartnercobrandingtool_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\AutoUpd91_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\backgrounddownloader_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\daoriginslauncher_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\daoriginslauncher_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\downloader_for_windows_7_pro_rtm_x86_cs_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\downloader_for_windows_7_pro_rtm_x86_cs_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\Explorer_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA68360E67557A_00005288_product.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA68360E75A396_00005288_update.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA683611BCDF56_00005288_update.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA683612BBFAF4_00005288_update.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA683760A693E0_00005288_update.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\FromJava01CA68499F04EA62_00005288_product.conf (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\game_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\iexplore_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\Installer_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\jucheck_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\jusched_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\launcher_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\launcher_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\launcher_UAs003.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\mbam_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\mplayerc_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\mshta_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\msimn_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@atdmt[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@casalemedia[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@eaeacom.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@ehg-techtarget.hitbox[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@hitbox[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.12.071746_josetto@xiti[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.13.111211_josetto@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.15.090805_josetto@atdmt[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.18.021647_josetto@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.18.090425_josetto@2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.23.090256_josetto@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.23.090556_josetto@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.11.24.010936_josetto@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\omnxcasrwe_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\rapgetrs_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\rapgetrs_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\repair_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\ssupdate_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\SUPERAntiSpyware_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\SUPERAntiSpyware_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\tortoiseproc_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\utorrent_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wgatray_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\winamp_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\windows_xp_professional_with_service_pack_2_(czech)_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wmplayer_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wmplayer_UAs002.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow-3.2.0-engb-downloader_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow-installer-2.x.x.x-to-3.0.1.8874-x86-win-engb_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wowiiaia_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\wow_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
josetto
Active Member
 
Posts: 12
Joined: November 18th, 2009, 7:17 am

Re: Problem with saving data in games

Unread postby deltalima » November 30th, 2009, 4:55 am

Hi josetto,

Remote Access Trojan (RAT) Warning
The Malwarebytes log indicates that there has been a Remote Access Trojan active on the computer.
Remote Access Trojans... are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms
and steal sensitive information like passwords, personal and financial data which they send back to the hacker.
Remote attackers use these Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
Please read the Danger: Remote Access Trojans.

If your computer is used for online banking, has credit card information or other sensitive data on it, you should:
  1. Immediately disconnect from the Internet until your system is cleaned.
  2. All passwords should be changed immediately, include those used for banking, email, eBay and forums.
    You should consider them to be compromised.
  3. Change these passwords by using a different computer and not the infected one.
    If not, an attacker may get the new passwords and transaction information.
  4. Banking and credit card institutions should be notified of the possible security breach.

Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

We can attempt to clean this machine but we will not guarantee that it won't still be compromised, afterwards.
Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with saving data in games

Unread postby josetto » November 30th, 2009, 9:00 am

I will reinstall it
josetto
Active Member
 
Posts: 12
Joined: November 18th, 2009, 7:17 am

Re: Problem with saving data in games

Unread postby deltalima » November 30th, 2009, 11:22 am

Hi josetto,

I will reinstall it


That is a wise choice.

Here are some ideas that will help you keep clean in the future.

The antivirus program you have been using is rather old and outdated.

Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors :

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Update your AntiVirus Software and keep your other programs up-to-date
It is vital that you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with saving data in games

Unread postby josetto » November 30th, 2009, 3:08 pm

THX for helping I have now clean and up to date system :D I ll check my comp with some soft like ad-aware. I installed Win patrol and spywareblaster too. thx and good luck with other *wares.
josetto
Active Member
 
Posts: 12
Joined: November 18th, 2009, 7:17 am

Re: Problem with saving data in games

Unread postby deltalima » November 30th, 2009, 3:13 pm

josetto wrote:thx and good luck with other *wares.


You're welcome.

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with saving data in games

Unread postby chryssi2001 » December 2nd, 2009, 1:04 pm

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware