Security Tool 2010 - Infected on Windows XP Home Edition SP3

View previous topic View next topic Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by MBanks on 24th September 2010, 11:15 pm

I thought as much.

Did the HijackThis log help on how I could fix the RunDDL files?

MBanks
Intermediate
Intermediate

Posts Posts : 92
Joined Joined : 2010-09-15
OS OS : Windows XP Home Edition SP3
Points Points : 24134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by Belahzur on 25th September 2010, 11:54 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [ocernwasxm.tmp] "C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp"
    O4 - HKLM\..\Run: [wupdate] %SystemRoot%\system32\wupdate.exe
    O4 - HKLM\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
    O4 - HKLM\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
    O4 - HKLM\..\Run: [Wmimefameteq] rundll32.exe "C:\WINDOWS\onuyohuy.dll",Startup
    O4 - HKCU\..\Run: [Wcoluj] rundll32.exe "C:\WINDOWS\wimgxft.dll",Startup
    O4 - HKCU\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
    O4 - HKCU\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
    O4 - HKCU\..\Run: [sdsetup_aff] C:\Documents and Settings\Web\Desktop\sdsetup_aff.exe -min


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
That should stop the error on startup.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by MBanks on 3rd October 2010, 1:28 am

Hey,

OK, so I made it up to Darwin in the Northern Territory, the closest city where I thought
I might be able to get windows reinstalled. Managed to get it reinstalled yesterday and
then went to an internet cafe to get MBAM installed. Downloaded it but have not yet
purchased it, is it an effective malware, virus and spyware protector that will stop me getting
attacked?

I ran a scan just to check and here is the log:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/3/2010 10:49:54 AM
mbam-log-2010-10-03 (10-49-54).txt

Scan type: Quick scan
Objects scanned: 124835
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



As you can see it found 3 infected registry data items were infected.

I clicked on the remove/fix infected items button and it said it had completed it successfully.

What steps can I now take. Do I need to do an OTL or Combo-fix run?

Which anti virus software would you recommend I purchase in order to stop getting attacked?
It's pretty frustrating! Thanks for all your help, once I'm fixed up and protected I'll
make a donation to the site for all your help.

Martin.

MBanks
Intermediate
Intermediate

Posts Posts : 92
Joined Joined : 2010-09-15
OS OS : Windows XP Home Edition SP3
Points Points : 24134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool 2010 - Infected on Windows XP Home Edition SP3

Post by Belahzur on 3rd October 2010, 11:08 pm

Please run Combofix and then post the Combofix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum