Antivirus System Pro

View previous topic View next topic Go down

Antivirus System Pro

Post by KronesVT on 31st October 2009, 10:42 pm

I managed to to get the Antivirus System Pro Malware today. I can't run my McAfee or any other virus scan that I try to download.

I tried to run HijackThis and after it errored out a couple of times because the file was "infected" but it did start scanning, but crashed and when I tried to restart it again I received the following message: Windows cannot access the specified drive, path, or file. You may not have the appropriate permissions to access the item.

I tried to download "ComboFix", rename it to commy.exe and run it from Run. When I try to do this, a pop-up appears saying that commy.exe is infected. Any help would be greatly appreciated. Thanks,

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 1st November 2009, 2:26 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 1st November 2009, 5:38 am

Here is the report from the scan.

Sunday, November 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 01, 2009 01:35:59
Records in database: 3110269
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 201426
Threats found 8
Infected objects found 47
Suspicious objects found 4
Scan duration 01:54:33

File name Threat Threats count
svchost.exe\4D9AE3F8.x86.dll/svchost.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 4
globalroot\Device\__max++>\4D9AE3F8.x86.dll/globalroot\Device\__max++>\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 17
spoolsv.exe\4D9AE3F8.x86.dll/spoolsv.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
AppleMobileDeviceService.exe\4D9AE3F8.x86.dll/AppleMobileDeviceService.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
mDNSResponder.exe\4D9AE3F8.x86.dll/mDNSResponder.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
McNASvc.exe\4D9AE3F8.x86.dll/McNASvc.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
C:\DOCUME~1\MARKKR~1\LOCALS~1\Temp\b.exe/C:\DOCUME~1\MARKKR~1\LOCALS~1\Temp\b.exe Infected: Packed.Win32.Katusha.e 1
b.exe\4D9AE3F8.x86.dll/b.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
msb.exe\4D9AE3F8.x86.dll/msb.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
PMSHost.exe\4D9AE3F8.x86.dll/PMSHost.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
iTunesHelper.exe\4D9AE3F8.x86.dll/iTunesHelper.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
LogitechDesktopMessenger.exe\4D9AE3F8.x86.dll/LogitechDesktopMessenger.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
C:\Program Files\tjxswg\aixmsysguard.exe/C:\Program Files\tjxswg\aixmsysguard.exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.ayf 1
aixmsysguard.exe\4D9AE3F8.x86.dll/aixmsysguard.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
firefox.exe\4D9AE3F8.x86.dll/firefox.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
alg.exe\4D9AE3F8.x86.dll/alg.exe\4D9AE3F8.x86.dll Infected: Trojan-Spy.Win32.Agent.bahu 1
C:\Documents and Settings\Anna Castiglione\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\Mark Kroner\Application Data\Sun\Java\Deployment\cache\6.0\13\799a240d-78d773da Infected: Packed.Win32.Krap.w 1
C:\Documents and Settings\Mark Kroner\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Mark Kroner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ilqgmvbu.default\Cache\ED6CB606d01 Infected: Packed.Win32.Katusha.e 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\0.06686754581983523.exe Infected: Packed.Win32.Krap.w 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\a.exe Infected: Packed.Win32.Katusha.e 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\av.62.1.exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.ayf 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\b.exe Infected: Packed.Win32.Katusha.e 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\n.exn Infected: Packed.Win32.Katusha.g 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temp\y.exy Infected: Trojan.Win32.Vilsel.lit 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temporary Internet Files\Content.IE5\11M29EV7\news[1].php Infected: Exploit.JS.Agent.ato 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temporary Internet Files\Content.IE5\3PQRTIMW\amqrxz2[1].exe Infected: Packed.Win32.Krap.w 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temporary Internet Files\Content.IE5\CJRFY90F\load[1].php Infected: Packed.Win32.Katusha.g 1
C:\Documents and Settings\Mark Kroner\Local Settings\Temporary Internet Files\Content.IE5\EOWM9P85\av.62.1[1].exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.ayf 1
Selected area has been scanned.

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 1st November 2009, 6:23 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 1st November 2009, 6:58 pm

I was able to install Malwarebytes' Anti-Malware, but when I started the full scan it crashed soon after. When I tried to restart the program I received the following error: Windows cannot acces the specified device, path, or file. You may not have the appropriate peissions to access the item.

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 1st November 2009, 9:14 pm

Since this malware doesn't let me run executale files, would it be possible to run some sort of virus scan from a bootable disk?

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 2nd November 2009, 2:44 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 2nd November 2009, 3:04 am

Here is the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:56 on 01/11/2009 by Mark Kroner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [13:15 04/04/2009] [08:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [21:37 22/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [08:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [13:15 04/04/2009] [08:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [21:37 22/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [08:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [13:15 04/04/2009] [08:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [21:35 22/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [08:00 04/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "winlogon.exe"
C:\Documents and Settings\Mark Kroner\Desktop\Malwarebytes_Anti-Malware_1.41\winlogon.exe --a--- 4045528 bytes [02:37 16/09/2009] [02:37 16/09/2009] 866E72C78E98CA4919CD16724A3BD4C1
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [13:15 04/04/2009] [08:00 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [21:38 22/08/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--- 507904 bytes [08:00 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "comres.dll"
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [13:15 04/04/2009] [08:00 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [21:35 22/08/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [08:00 04/08/2004] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

Searching for "crypt32.dll"
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [13:15 04/04/2009] [08:00 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [21:35 22/08/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 599040 bytes [08:00 04/08/2004] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [13:15 04/04/2009] [08:00 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [21:37 22/08/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [08:00 04/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

Searching for "sfc.dll"
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [13:15 04/04/2009] [08:00 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [21:37 22/08/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [08:00 04/08/2004] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [13:15 04/04/2009] [08:00 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [21:38 22/08/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [08:00 04/08/2004] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [08:00 04/08/2004] [08:00 04/08/2004] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe -----c 13824 bytes [13:16 04/04/2009] [08:00 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe ------ 13824 bytes [21:38 22/08/2008] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\wscntfy.exe --a--- 13824 bytes [08:00 04/08/2004] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [13:15 04/04/2009] [00:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [21:34 22/08/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [00:59 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 2nd November 2009, 3:09 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.com before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.com" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 2nd November 2009, 3:39 am

I downloaded the file and renamed it, but when I try to run it the ComboFix progress bar pops up and starts. Sometimes it finishes, sometimes it doesn't, but it always pops up a message that commy.exe is infected and asks if I want to run my "virus" protection software.

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by KronesVT on 2nd November 2009, 3:57 am

I tried again and this time it popped up a message that some files could not be created, close all applications and reboot. Though after I reboot, it's back to my previous post saying commy.exe is infected.

KronesVT
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-10-31
OS OS : XP
Points Points : 25969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro

Post by Dr Jay on 2nd November 2009, 4:18 am

Your computer is infected with a dangerous infection:
[You must be registered and logged in to see this link.]

We have hit a dead end. Please tell me when you have completed a reformat and reinstall.

I am sorry for the bad news. I do not understand why these mean people make such harsh viruses, and I wish there was a way to clean your system without everything being damaged. But, the problem is, cleaning the system, most files will be damaged. It is like trying to clean up a city that just had a tornado or hurricane run through it. Takes rebuilding, and time to set back up.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum