Trojan has disabled desktop, start menu and all programs.

View previous topic View next topic Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 21st September 2009, 3:29 am

Acutally I just figured out how to do it. here they are

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

9/20/2009 11:27:50 PM
mbam-log-2009-09-20 (23-27-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162253
Time elapsed: 1 hour(s), 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\cleanup.exe.vir (Trojan.Banker) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Rogue.Installer) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir (Antivirus2009) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir (Antivirus2009) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir (Rogue.ASC-AntiSpyware) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uacbbr.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACntybopxvml.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxvkkymtnql.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACmpmbuetabr.sys.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{5BCEF8EE-F24B-4F19-A9D8-BC954DD9F7C9}\RP665\A0194184.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{5BCEF8EE-F24B-4F19-A9D8-BC954DD9F7C9}\RP665\A0194185.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{5BCEF8EE-F24B-4F19-A9D8-BC954DD9F7C9}\RP665\A0194187.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kbiwkmwkalxryu.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\kbiwkmlsbpjnbo.sys (Rootkit.TDSS) -> No action taken.
C:\Documents and Settings\Mark Carter\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.AntiVirus360) -> No action taken.
C:\WINDOWS\system32\kbiwkmmujuqoey.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmujcbklpn.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmxewyftmd.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmxrevmylt.dll (Rootkit.TDSS) -> No action taken.

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 21st September 2009, 4:21 am

Hi

Re-run Malwarebytes in a quick scan, please remove selected, then post a new Malwarebytes log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 21st September 2009, 11:41 am

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

9/21/2009 7:37:41 AM
mbam-log-2009-09-21 (07-37-41).txt

Scan type: Quick Scan
Objects scanned: 99143
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kbiwkmwkalxryu.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmlsbpjnbo.sys (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Mark Carter\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.AntiVirus360) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmmujuqoey.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmujcbklpn.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmxewyftmd.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmxrevmylt.dll (Rootkit.TDSS) -> Delete on reboot.

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 21st September 2009, 4:57 pm

Please download and unzip [You must be registered and logged in to see this link.]to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 22nd September 2009, 12:28 am

I downloaded icesword and when I tried to open it, the warning box popped open saying Initalize failed; error code 3

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 22nd September 2009, 2:27 am

Hi

Please download the [You must be registered and logged in to see this link.] and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 23rd September 2009, 2:10 am

Here is what it found: None of them had green check marks in the box.

Area: Local hard drives
Description: Unknown hidden file
Location: C:\Program Files\Microsoft Office\Office12\OART.DLL
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\WINDOWS\$hf_mig$\KB969898\spuninst.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

C:\WINDOWS\$hf_mig$\KB971961\update\updspapi.dll
C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe
C:\WINDOWS\system32\kbdhu.dll
C:\WINDOWS\system32\dllcache\dhcpmon.dll
C:\WINDOWS\system32\dllcache\multibox.dll
C:\WINDOWS\system32\dllcache\regedit.exe
C:\WINDOWS\system32\dllcache\unregmp2.exe
C:\Documents and Settings\Mark Carter\Local Settings\Application Data\Apple Computer\Safari\Webpage Previews\329B29EB1E8908C29FF877CDE624AEF0.jpeg
C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll
C:\Documents and Settings\Mark Carter\Local Settings\Application Data\Mozilla\Firefox\Profiles\rwmmucfs.default\Cache\E7F15ED2d01
C:\WINDOWS\$hf_mig$\KB911567\spuninst.exe
C:\Documents and Settings\Mark Carter\Local Settings\Application Data\Mozilla\Firefox\Profiles\rwmmucfs.default\Cache\8AEBF83Bd01
C:\Documents and Settings\Mark Carter\Application Data\Mozilla\Firefox\Profiles\rwmmucfs.default\cookies.sqlite-journal
C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
C:\Documents and Settings\Mark Carter\Local Settings\Temporary Internet Files\Content.IE5\E48HM4TR\click2,wNtKAG6sBwDyMS0AAAAAALDSDAAAAAAAAgAIAAYAAAAAAP8AAAAHCgwZEgAAAAAAAKINAAAAAACPJRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABR[1].com%2F,
C:\Program Files\Ahead\NeroVision\NeroFiles\UDFImporter.dll
C:\Program Files\Ahead\NeroMediaPlayer\API\newtrf.dll
C:\Documents and Settings\Mark Carter\Local Settings\Temporary Internet Files\Content.IE5\JHF7UC5K\ra=JCMG9J30I0YXH6KPQ4B0JFKW1LR0YZ4R&sessioncookie=&cookie=&b[1].html%3Fn%3D735%3Bc%3D1546%2F1274%3Bd%3D16%3Bw%3D800%3Bh%3D600&screen=1024x768&localtime=9%3A42
C:\WINDOWS\system32\S3Disply.dll
C:\Program Files\Common Files\System\Ole DB\MSMDCUBE.DLL
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\vso\CopyToDVD\CopyToCd.exe
C:\Program Files\EasyDVDConverter\dc.ocx
C:\Program Files\FinePixViewer\Upload.exe
C:\Program Files\PIXELA\ImageMixer\Pen.8bf
C:\Program Files\Lexmark X1100 Series\JetOCR.dll
C:\Program Files\Lexmark X1100 Series\lxbkaior.dll
C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x1100_seriesf27b\LXBKLPA.DLL
C:\WINDOWS\system32\LXBKGF.DLL
C:\Program Files\Webroot\Washer\wwDisp.exe0
C:\WINDOWS\Installer\{9E9AEBE7-58A9-11D8-80AE-00036D10F3B7}\NewShortcut3_1AF432C44D9B11D780A300036D10F3B7.exe
C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1\update.exe.ref
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
C:\WINDOWS\$hf_mig$\KB931768\update\updspapi.dll
C:\Program Files\XO Player\printplaybook.exe
C:\Documents and Settings\Mark Carter\Local Settings\Temporary Internet Files\Content.IE5\E48HM4TR\DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABZdwQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&r=0
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
C:\Program Files\Google\Google Earth\usp10.dll
C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB933566\spuninst.exe
C:\Program Files\Spyware Doctor\plugins\is-46ROT.tmp
Removable: Yes (but clean up not recommended for this file)
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mshtml.dll
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sqlqp20.dll
C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
C:\Program Files\Microsoft Office\Office12\GrooveDataViewerTool.dll
C:\Program Files\Microsoft Office\Office12\OART.DLL
C:\WINDOWS\$hf_mig$\KB969898\spuninst.exe
C:\WINDOWS\$hf_mig$\KB971961\update\updspapi.dll

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 23rd September 2009, 3:27 am

Please use the Internet Explorer and run a BitDefender Online scan from [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 24th September 2009, 12:32 am

Here is what was found:

BitDefender Online Scanner - Real Time Virus Report







Generated at: Wed, Sep 23, 2009 - 20:31:51









Scan Info







Scanned Files


236416

Infected Files


54















Virus Detected







Application.Generic.191750


2

Trojan.Generic.2229864


3

Trojan.Script.173274


1

Trojan.Downloader.Wma.Wimad.K


1

Trojan.Generic.2427128


4

Trojan.Generic.2370903


1

Adware.WinAntivirusPro.D


1

Gen:Trojan.Heur.GM.0400240408


1

Trojan.FakeAV.PZ


1

Trojan.Generic.2230880


1

Trojan.FakeAlert.BIZ


1

Trojan.Downloader.WMA.Wimad.N


1

Trojan.Wimad.Gen.1


15

Trojan.Downloader.Wimad.H


3

Rootkit.TDss.AA


2

Application.Generic.206633


1

Trojan.Generic.2373366


1

Trojan.FakeAlert.BJM


1

Application.Generic.201763


2

MemScan:Trojan.Clicker.MUC


1

Trojan.FakeAV.RP


1

Trojan.Generic.IS.574696


1

Trojan.FakeAntivirus.Gen


1

Adware.Generic.30374


2

Gen:Packed.juW@d0sXOch


1

Trojan.FakeAlert.BJA


1

Trojan.Generic.IS.520533


1

Trojan.Generic.IS.594511


2























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 24th September 2009, 1:05 am

Hi

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 24th September 2009, 11:43 am

Detected
--------
Status Object
------ ------
deleted: Trojan program Exploit.Java.Gimsh.b File: C:\Documents and Settings\Mark Carter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5404ed29-47a366bc.zip/vmain.class
deleted: Trojan program Trojan-Downloader.Java.OpenConnection.at File: C:\Documents and Settings\Mark Carter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-1fc6f268-155def0c.zip/vlocal.class
disinfected: Trojan program Trojan-Downloader.Java.OpenConnection.at File: C:\Documents and Settings\Mark Carter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-39536c18-59d1418a.zip
disinfected: Trojan program Trojan-Downloader.Java.OpenConnection.at File: C:\Documents and Settings\Mark Carter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-56150ada-1d0566f0.zip
deleted: Trojan program Trojan-Downloader.WMA.GetCodec.ae File: C:\Documents and Settings\Mark Carter\Shared\fortunate maxwel.wma
deleted: new threat not-a-virus:FraudTool.Win32.WinAntiVirus.kn File: C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\windows Police Pro.exe.vir

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 24th September 2009, 3:47 pm

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 24th September 2009, 11:03 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 2

9/24/2009 6:59:32 PM
mbam-log-2009-09-24 (18-59-27).txt

Scan type: Quick Scan
Objects scanned: 99642
Time elapsed: 22 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5172ec55-e786-48a9-8fd9-c27c6a99f249} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{5172ec55-e786-48a9-8fd9-c27c6a99f249} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{5172ec55-e786-48a9-8fd9-c27c6a99f249} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{5172ec55-e786-48a9-8fd9-c27c6a99f249} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmhylqgikc (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 25th September 2009, 1:26 am

Hi

Please remove those selected, then do the following:
Re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 25th September 2009, 2:28 am

Finished and said nothing was found.

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 25th September 2009, 2:28 am

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 2

9/24/2009 10:27:46 PM
mbam-log-2009-09-24 (22-27-46).txt

Scan type: Quick Scan
Objects scanned: 99664
Time elapsed: 16 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 25th September 2009, 2:36 am

Hi

Hooray! your computer is clean

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 25th September 2009, 2:51 am

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee VirusScan
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:

` of date Spybot installed!
Spybot - Search & Destroy 1.3
Spyware Doctor 6.1
Yahoo! Anti-Spy
Microsoft AntiSpyware
Spy Sweeper
Sophos Anti-Rootkit 1.5.0
CCleaner (remove only)
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 25th September 2009, 4:59 am

Hi

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by hbmark15 on 25th September 2009, 1:15 pm

awesome! thank you sooooo much!!!!!

hbmark15
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-09-17
OS OS : windows xp
Points Points : 26418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by Dr Jay on 25th September 2009, 5:57 pm

You are welcome. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan has disabled desktop, start menu and all programs.

Post by taniasaurous on 25th September 2009, 6:38 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic.

- Belahzur

taniasaurous
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-09-25
OS OS : xp
Points Points : 26315
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum