GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

MSE and Mwbytes find nothing, but comp definitely still infected...

View previous topic View next topic Go down

MSE and Mwbytes find nothing, but comp definitely still infected...

Post by roseytaos on Tue Oct 26, 2010 1:28 am

Hi - Hoping you can help. My Del Vostro was very infected -- I removed a bunch of threats with Mic Sec Essentials and Malwarebytes scans - over 20 threats were identified and removed or disinfected - I will post the logs below. Since then I've run malwarebytes twice and a full mse scan once that have come up clean. But the computer is still acting weird.
For example, I've gotten a "generic host process for win32 has encountered a problem and needs to close" notice, I get pop-up ads on firefox, and other times, the whole system seems to just freeze.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4914

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2010 11:45:45 AM
mbam-log-2010-10-22 (11-45-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 174128
Time elapsed: 1 hour(s), 37 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmorphcl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\badoversion707001000lux.exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\PXSYF9Y1\badoversion707001000lux[3].exe (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taskcgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy\Application Data\B28FEADB06C1B8984E847A259FEB2960\upd_debug.exe (Trojan.FakeAlert) -> Delete on reboot.



Windows Sec Essen

Trojan win32/jpgiframe.a
Exploit:java/CVE-2008-5353.LR
also that same prefix plus .JH, .GG, .EQ, .MW, .CG
Exploit:java/CVE2009-3867.DN
same with .CA, .EQ, .EH
Rogue:win32/fake yak
Trojan:Win32/Bamital
Virus:Win32/Bamital.G

and on previous scan:
Trojan:Win32/Adclicker.BB (two of these)
Virus:Win32/Bamital.G (two of these)
Another Virus:Win32/Bamital.G

Definitely still infected --- just got that "generic host problem for win32" notice again. Soon after that, my firefox tabs closed and were replaced with a scary virus alert window - at which point the bar on the bottom of the screen changed to a graphic style that I associate with safe mode. I had to shut the machine down manually. Yikes!
Please help!!

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by Sir $wat on Tue Oct 26, 2010 1:47 am

hey, post this in virus removal section plz...




Sir $wat
Top Dog
Top Dog

Status :
Online
Offline

Posts : 2078
Joined : 2008-08-16
Gender : Male
OS : Windows XP Professional SP3

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by roseytaos on Tue Oct 26, 2010 2:12 am

Sorry - I did post it there and haven't heard a reply -- which made me think I had posted in the wrong place. If there's a way to delete this post, I'm happy to do that.
Thanks

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp

View user profile

Back to top Go down

Re: MSE and Mwbytes find nothing, but comp definitely still infected...

Post by houndmom on Tue Oct 26, 2010 2:06 pm

Hello and welcome to GeekPolice!! Hooray! We are glad you are here!
Please read this
Then you need to open a new topic here.

These guys will help you with your problem as soon as they can.

If it has been 48 hours or more since you posted, open your post and reply with the word "bump". This will send it back to the top so the guys will see it. It may have been missed since it has been pretty busy the last couple of days.
Thanks for choosing GeekPolice!!



If we have helped you, Please consider helping us,  make a donation.

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Status :
Online
Offline

Posts : 1053
Joined : 2010-04-27
Gender : Female
OS : Windows 7 ultimate

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum