have malware defense virus please help!

View previous topic View next topic Go down

have malware defense virus please help!

Post by ferris60435 on 23rd January 2010, 9:16 pm

i was finally able to get malwarebytes to run - and it said it needed me to restart to get rid of malware defense virus. after i did and returned to normal mode - the desktop icons were gone but slowly came back along with the virus. here is my latest malwarebytes scan :

Malwarebytes' Anti-Malware 1.44
Database version: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/23/2010 2:56:27 PM
mbam-log-2010-01-23 (14-56-27).txt

Scan type: Quick Scan
Objects scanned: 137067
Time elapsed: 30 minute(s), 44 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\extrac64_cab.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Delete on reboot.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTqumqsyngmm.dll (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\extrac64_cab.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
C:\WINNT\Temp\210.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\78.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINNT\Temp\8C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINNT\Temp\93.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\mdefense.exe (Rogue.MalwareDefense) -> Delete on reboot.
C:\Program Files\malware Defense\mdext.dll (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\uninstall.exe (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winhlp64.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.


please help - been trying for 2 days to fix this...

ferris60435
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-23
OS OS : XP
Points Points : 25191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: have malware defense virus please help!

Post by ferris60435 on 23rd January 2010, 11:21 pm

ok - it looks like it it is gone now after i ran malwarebytes a few more times. However after my desktop loads - now everything just freezes - any suggestions?

ferris60435
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-23
OS OS : XP
Points Points : 25191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: have malware defense virus please help!

Post by Belahzur on 23rd January 2010, 11:38 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum