MSE and Mwbytes find nothing, but comp definitely still infected...

View previous topic View next topic Go down

MSE and Mwbytes find nothing, but comp definitely still infected...

Post by roseytaos on Tue 26 Oct 2010, 12:28 pm

Hi - Hoping you can help. My Del Vostro was very infected -- I removed a bunch of threats with Mic Sec Essentials and Malwarebytes scans - over 20 threats were identified and removed or disinfected - I will post the logs below. Since then I've run malwarebytes twice and a full mse scan once that have come up clean. But the computer is still acting weird.
For example, I've gotten a "generic host process for win32 has encountered a problem and needs to close" notice, I get pop-up ads on firefox, and other times, the whole system seems to just freeze.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4914

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2010 11:45:45 AM
mbam-log-2010-10-22 (11-45-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 174128
Time elapsed: 1 hour(s), 37 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmorphcl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\PXSYF9Y1\badoversion707001000lux[3].exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taskcgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\upd_debug.exe (Trojan.FakeAlert) -> Delete on reboot.



Windows Sec Essen

Trojan win32/jpgiframe.a
Exploit:java/CVE-2008-5353.LR
also that same prefix plus .JH, .GG, .EQ, .MW, .CG
Exploit:java/CVE2009-3867.DN
same with .CA, .EQ, .EH
Rogue:win32/fake yak
Trojan:Win32/Bamital
Virus:Win32/Bamital.G

and on previous scan:
Trojan:Win32/Adclicker.BB (two of these)
Virus:Win32/Bamital.G (two of these)
Another Virus:Win32/Bamital.G

Definitely still infected --- just got that "generic host problem for win32" notice again. Soon after that, my firefox tabs closed and were replaced with a scary virus alert window - at which point the bar on the bottom of the screen changed to a graphic style that I associate with safe mode. I had to shut the machine down manually. Yikes!
Please help!!

roseytaos

Rookie Surfer
Rookie Surfer

Posts : 120
Joined : 2009-12-12
Operating System : xp

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by Sir $wat on Tue 26 Oct 2010, 12:47 pm

hey, post this in virus removal section plz...

Sir $wat

Master Surfer
Master Surfer

Posts : 2078
Joined : 2008-08-17
Operating System : Windows XP Professional SP3

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by roseytaos on Tue 26 Oct 2010, 1:12 pm

Sorry - I did post it there and haven't heard a reply -- which made me think I had posted in the wrong place. If there's a way to delete this post, I'm happy to do that.
Thanks

roseytaos

Rookie Surfer
Rookie Surfer

Posts : 120
Joined : 2009-12-12
Operating System : xp

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by houndmom on Wed 27 Oct 2010, 1:06 am

Hello and welcome to GeekPolice!! We are glad you are here!
Please read this
Then you need to open a new topic here.

These guys will help you with your problem as soon as they can.

If it has been 48 hours or more since you posted, open your post and reply with the word "bump". This will send it back to the top so the guys will see it. It may have been missed since it has been pretty busy the last couple of days.
Thanks for choosing GeekPolice!!

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by Sponsored content Today at 2:41 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum