Antivirus Software !!!

View previous topic View next topic Go down

Antivirus Software !!!

Post by arieldavid on Sun Feb 07, 2010 1:42 am

Hi there!

My PC is infected with this fake Antivirus Soft

I've been reading the posts on here and so far have done this:
- Installed OTL
- Cannot run it from my Desktop because malware blocks it
- Tried running it in SAFE MODE but I keep getting this error message:
Exception Processing Message c00000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Need help!! I will 'donate' if this virus is cleaned off my PC

Thanks!!

arieldavid
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-07
OS OS : Windows XP
Points Points : 24983
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by Belahzur on Sun Feb 07, 2010 11:48 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by arieldavid on Mon Feb 08, 2010 1:57 am

Yes, I was able to download in in XP, couldn't open it there, but were able to open it in SAFE MODE .. I see: process, port, kernel module, startup, win32services, registry .. what do I do next?

arieldavid
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-07
OS OS : Windows XP
Points Points : 24983
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by Belahzur on Mon Feb 08, 2010 8:28 pm


  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by arieldavid on Tue Feb 09, 2010 4:23 am

Process:

System Idle Process
System
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ariel\Desktop\IceSword122en\IceSword122en\IceSword.exe

arieldavid
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-07
OS OS : Windows XP
Points Points : 24983
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by arieldavid on Tue Feb 09, 2010 4:23 am

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
stsystra.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IAAnotif
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATICCC
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DMXLauncher
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MBMon
Rundll32 CTMBHA.DLL,MBMon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdReg
C:\WINDOWS\UpdReg.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DLA
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSDisp32
rundll32.exe C:\WINDOWS\system32\drvzom.dll,startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSDrive
rundll32.exe C:\WINDOWS\system32\drvcog.dll,startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Symantec PIF AlertEng
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG8_TRAY
C:\PROGRA~1\AVG\AVG8\avgtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Carbonite Backup
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
gfyxxlko
C:\Documents and Settings\Ariel\Local Settings\Application Data\oqxcax\jrstsftav.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SetDefaultMIDI
MIDIDef.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
gfyxxlko
C:\Documents and Settings\Ariel\Local Settings\Application Data\oqxcax\jrstsftav.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Remark��)

C:\Documents and Settings\Ariel\Start Menu\Programs\Startup
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark��)

C:\Documents and Settings\Ariel\Start Menu\Programs\Startup
desktop.ini

arieldavid
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-07
OS OS : Windows XP
Points Points : 24983
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by Belahzur on Tue Feb 09, 2010 7:15 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by arieldavid on Tue Feb 09, 2010 11:51 pm

Nothing. Back to square 1
When trying to launch Malware on desktop it won't let me.
When I try to do it from safe mode it can't update to latest database information (error: 732 (12029,0)
This is where I was at when I started this post 3 days ago ..

arieldavid
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-07
OS OS : Windows XP
Points Points : 24983
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Software !!!

Post by Belahzur on Wed Feb 10, 2010 12:36 am

Hello.
Try this.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum