Antivirus System Pro

View previous topic View next topic Go down

Re: Antivirus System Pro

Post by artpassion on 24th October 2009, 12:59 am

SUCCESS!!!!

I disabled the Winpk Filter Miniport in my ethernet card's Property settings by unchecking the box and i was able to acquire an IP address, etc. I strongly suspect based on the description here: [You must be registered and logged in to see this link.] that whomever created Antivirus System Pro used this as part of the attack on my computer, at least that is how I read the implications in the language. I have not uninstalled this until getting your OK, but I think this is the at the core of my internet problem.

I finally then got into Jotti and acquired the URL you requested

JOTTI URL

[You must be registered and logged in to see this link.]


What is my next course of action?

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 24th October 2009, 1:00 am

GREAT!

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by artpassion on 24th October 2009, 1:31 am

GSI PARSER REPORT URL

[You must be registered and logged in to see this link.]

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 24th October 2009, 2:30 am

Please delete the following file:

C:\WINDOWS\meta4.exe

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please let me know how your computer is running. Also, are you having problems with Windows Updates?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by artpassion on 24th October 2009, 5:28 am

My computer seems to be running a lot better since I was infected by Antivirus System Pro. I haven't experienced any particular problems with Windows Update in the past, if there is something I should be aware of let me know. Thanks.

Here is the Malware log

MBAM LOG

Malwarebytes' Anti-Malware 1.41
Database version: 3022
Windows 5.1.2600 Service Pack 2

10/24/2009 1:12:58 AM
mbam-log-2009-10-24 (01-12-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 275517
Time elapsed: 2 hour(s), 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Maketorrent 2\uninstall.exe (Password.Stealer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Max Slobodin_2\Application Data\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\jccfry\vfvesysguard.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\syssvc.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir (Search.Hijacker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tftp.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.


---------
Also, should I get rid of this Winpk Filter Miniport nonsense? Its in both my device manager under Network Adapters and in the Properties of both my ethernet card and my wireless card. As I've said, I've never seen this stuff before the infection that brought me here. Let me know.

Thank you so much for your time.

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 24th October 2009, 8:54 pm

Don't delete those yet. That may not be safe.

Please run the [You must be registered and logged in to see this link.]

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by artpassion on 25th October 2009, 3:36 am

F-SECURE REPORT

Scanning Report
Saturday, October 24, 2009 17:34:46 - 23:34:01

Computer name: THEARTCHIVE
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ F:\
18 malware found
TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.Adinterax (spyware)

* System (Disinfected)

TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Adtech (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Zanox (spyware)

* System (Disinfected)

TrackingCookie.Adrevolver (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Tradedoubler (spyware)

* System (Disinfected)

TrackingCookie.Statcounter (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

TrackingCookie.Imrworldwide (spyware)

* System (Disinfected)

Trojan.Generic.2300830 (virus)

* C:\PROGRAM FILES\CDTREE\CDTREE.3.1.3.PRO-REGPATCH.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 128567
* System: 3691
* Not scanned: 8

Actions:

* Disinfected: 17
* Renamed: 1
* Deleted: 0
* Not cleaned: 0
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\HIBERFIL.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B73E0FC8D5BD7727E5AF3BCE1229DDDB_09618EAC-CEE0-4CA5-8DDA-2D51F6C50A7C

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Belahzur on 26th October 2009, 12:25 am

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by artpassion on 26th October 2009, 12:37 am

The machine seems to be running much better than it was when it was infected. I also took the steps to uninstalling the old and outdated antivirus program I got through my university years ago and replaced it with AVG9 and made sure it was up to date and did a scan and came up clean.

I also removed the Winpk Filter Miniport from my system and have had good internet service since.

Are there any further steps you or Jay would like me to do? I seem to have shaken a lot of garbage from my system, and this has seemed to save my laptop.

If there isn't anything in particular I need to do past what I have already done, I would like to thank you, and especially Jay, for helping me with this problem. You guys are patient and really care about working through people's computer problems. I am strapped for cash at the moment, but hopefully one day soon I can throw this site a small donation. You guys deserve it.

Also, can I remove all the programs I was told to download to the desktop? I plan on keeping the logs either way just in case.


Last edited by artpassion on 26th October 2009, 12:42 am; edited 1 time in total (Reason for editing : additional information)

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Belahzur on 26th October 2009, 6:05 pm

Hello.
You can remove everything we used now. Smile That should do it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by artpassion on 27th October 2009, 12:17 am

Thank you so much again. I guess this closes my case. Thank you.

artpassion
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-10-20
OS OS : Windows XP
Points Points : 26142
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum