Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have the right files this time

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I have the right files this time

Unread postby mrlawler46 » April 12th, 2011, 4:17 am

Hey Dakeyras,

Unfortunately still no change :o(
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am
Advertisement
Register to Remove

Re: I have the right files this time

Unread postby Dakeyras » April 12th, 2011, 6:42 am

Hi. :)

OK as it stands I no longer think Malware is a issue but rather the installed Anti-Virus Avast. It has a known history via its Guard Feature(specifically the Web Shield if memory serves correctly) of both aggressively and falsely blocking known safe sites.

So I had a look at the Avast Forum and it appears similar problems as yours have been reported of late....So please check for updates with Avast then try the sites being blocked again. If no luck still, temp disable Avast(specifically the WebShield) and try one or two of the sites you have problems with and see if working fine then re-enable Avast again etc.

Let myself know the outcome of the above and we will go from there, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 12th, 2011, 5:09 pm

Would I be better to remove Avast and install one of the other ones you suggested earlier and try again?
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 12th, 2011, 7:46 pm

Would I be better to remove Avast and install one of the other ones you suggested earlier and try again?
Just try what I advised for now and if the need we will consider that option, thank you. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 13th, 2011, 2:32 am

Ok I tried that all again :(

- Avast won't allow me to download updates (It starts updating then stops and says the process is complete in 2 sec when it obviously isn't).
- It still will not allow me to register the product (no matter how many times I press the register button, and even tried registering manually having the key sent to my email then input)

After disabling shields (all incl. web shield)
- Still no access to the already mentioned web pages on either Chrome or Explorer
- Any page that requires a security certificate says that the security certificate is out of date (ANY PAGE) on both
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 13th, 2011, 7:05 am

Hi. :)

OK, please carry out the following...

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 14th, 2011, 3:12 am

Hi Dakeyras.

CPU is performing the same now regarding websites and trying to update Avast and register it.... Still unable.
A new thing though is when I start up, the My Documents Folder opens automatically. Not sure if this is of any consequence but it new as of yesterday.

Here is the ComboFix Log:-



ComboFix 11-04-13.04 - Matt 14/08/2011 16:51:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.543 [GMT 10:00]
Running from: c:\documents and settings\Matt\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matt\Application Data\PriceGong
c:\documents and settings\Matt\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Matt\WINDOWS
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-11 07:14 . 2011-08-11 07:14 -------- d-----w- c:\program files\ESET
2011-08-09 00:17 . 2011-08-09 00:17 -------- d-----w- c:\windows\system32\LogFiles
2011-08-08 22:20 . 2011-03-12 14:29 4096 --sh--w- c:\windows\system32\wsrntfy.exe
2011-08-07 20:50 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-07 20:50 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-07 20:50 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-07 20:50 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-07 20:50 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-07 20:50 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-07 20:50 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-07 20:50 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-07 20:49 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-08-07 20:49 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-07 20:49 . 2011-08-07 20:49 -------- d-----w- c:\program files\AVAST Software
2011-08-07 20:49 . 2011-08-07 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-05 06:40 . 2011-08-05 06:40 -------- d-----w- C:\_OTL
2011-08-05 06:34 . 2011-08-05 06:35 -------- d-----w- c:\program files\ERUNT
2011-07-31 13:20 . 2011-07-31 13:20 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 13:20 . 2011-07-31 13:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2011-07-31 00:40 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 00:40 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 14:29 4096 --sh--w- c:\windows\system32\wsrntfy.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_13.01.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-06 18:27 . 2010-12-27 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-11 07:07 . 2011-08-11 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-06 18:27 . 2011-08-11 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-06 18:27 . 2010-12-27 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-08 22:20 . 2011-08-11 18:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-06 18:27 . 2010-12-27 00:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-05 21:22 . 2011-08-05 21:22 335872 c:\windows\ERDNT\mru-backup\Users\00000002\UsrClass.dat
+ 2011-08-05 21:22 . 2005-10-20 02:02 163328 c:\windows\ERDNT\mru-backup\ERDNT.EXE
+ 2011-08-05 06:36 . 2011-08-05 06:36 335872 c:\windows\ERDNT\5-08-2011\Users\00000002\UsrClass.dat
+ 2011-08-05 06:36 . 2005-10-20 02:02 163328 c:\windows\ERDNT\5-08-2011\ERDNT.EXE
+ 2011-07-31 13:20 . 2011-07-31 13:20 1094656 c:\windows\Installer\13d613.msi
+ 2011-08-05 21:22 . 2011-08-05 21:22 3985408 c:\windows\ERDNT\mru-backup\Users\00000001\NTUSER.DAT
+ 2011-08-05 06:36 . 2011-08-05 06:36 3985408 c:\windows\ERDNT\5-08-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"wsrntfy.exe"="c:\windows\system32\wsrntfy.exe" [2011-03-12 4096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"nwiz"="nwiz.exe" [2006-05-01 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TPSMain"="TPSMain.exe" [2005-05-31 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-27 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-3 1753088]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-7 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 07:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/08/2011 6:50 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/08/2011 6:50 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/08/2011 6:50 AM 19544]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/05/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/05/2006 5:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/05/2006 5:33 PM 3456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/12/2010 1:48 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 03:48]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 03:48]
.
2011-08-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 12:09]
.
2011-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 12:09]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
.
Completion time: 2011-08-14 17:01:05
ComboFix-quarantined-files.txt 2011-08-14 07:01
ComboFix2.txt 2011-07-31 13:07
.
Pre-Run: 18,785,947,648 bytes free
Post-Run: 18,777,735,168 bytes free
.
- - End Of File - - 928901F5B8EC4A44838A25E21060420C
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 14th, 2011, 5:30 am

Hi. :)

We are going to have to remove Avast and replace again, as it appears the application may be corrupted. Probably due to the malware that has been on-board. Now ComboFix has removed some quite serious infections that technically should warrant a reformat and reinstallation of the Windows Operating System...Which we may have to consider.

Now as to why these infections remained undetected until now is the concerning factor. One possibility is the installed Protector Suite QL may have hindered detection. So please uninstall this. You may download and reinstall from here when I give the all clear if you so wish but personally I would not want the dross on any of my machines but that is merely my humble opinion.

TFC(Temp File Cleaner):

  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Download the installer for one of the Anti-Virus applications below:-


Next:

Uninstall Avast then install whichever new Anti-Virus you chose....

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: If anything was removed by the AV you chose to install, please save a copy of the report created and post the contents in your next reply, thank you.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 15th, 2011, 8:16 pm

Hi there.

I uninstalled Protector Suite, ran Malwarebytes, uninstalled Avast and installed Microsoft Security Essentials and rebooted the system after each step.
Malwarebytes came up with some stuff this time!! But unfortunately after installing Microsoft Security Essentials it seems to be doing the same thing as Avast was. I updated the Virus definitions straight away and after the update the program states that the "Virus and Spyware definitions are Out of Date". I attempted to update another 2 times and it says the same thing. Microsoft Security Center still says my Virus definitions are out of date.

I am still having all of the same issues with the webpages.

Here is the Malwarebytes log report:-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/08/2011 8:45:13 AM
mbam-log-2011-08-16 (08-45-13).txt

Scan type: Quick scan
Objects scanned: 156690
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 16th, 2011, 6:20 am

Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 16th, 2011, 8:28 am

Ok so best course of action is a reformat and reinstall.... After the reinstall regarding the new antivirus what would you recommend?
Also with a reformat and reinstall would this then renew the integrity of the system or is this system forever compromised?

Thanks for the information also I will let you know how the reformat and reinstall goes.
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 16th, 2011, 8:48 am

Hi. :)

Ok so best course of action is a reformat and reinstall.... After the reinstall regarding the new antivirus what would you recommend?
Any of the three I have posted about prior are good...However for a XP machine Avira AntiVir Personal would be my personal preference.

Also with a reformat and reinstall would this then renew the integrity of the system or is this system forever compromised?
The former as in your machine will not be compromised as it is now.

Thanks for the information also I will let you know how the reformat and reinstall goes.
You're most welcome!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby Cypher » April 16th, 2011, 2:23 pm

As this issue will be resolved with a reformat, this topic is now closed, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 139 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware