XP home security 2012 virus

View previous topic View next topic Go down

XP home security 2012 virus

Post by Omnioshi on Wed Jan 18, 2012 10:29 pm

I need help, my parents computer has the rouge anti-virus program "xp home security 2012 virus" and needs help to get rid of it and fix the system asap.

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu Jan 19, 2012 2:31 am

Hi.Welcome to the forum





Please download Malwarebytes' Anti-Malware from one of these places:

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu Jan 19, 2012 3:17 am

I downloaded both programs onto a flash drive and put them on the infected computer but a pop up window says they are infected with "trojan-BNK.win32.keylogger.gen" and won't run. Need more help Sad tearing

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu Jan 19, 2012 4:39 am

Run them in safe mode.That should fix it.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu Jan 19, 2012 4:46 am

Which safe mode should I run
Safe mode
Safe mode with networking
Or
Safe mode with command prompt?

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu Jan 19, 2012 6:24 am

Safe mode with networking






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu Jan 19, 2012 7:46 pm

I was able to run combofix in safe mode and then ran Malwarebytes' Anti-Malware in regular mode heres both logs, also i can't seem to connect to the internet now.

ComboFix 12-01-18.04 - Owner 01/18/2012 23:04:05.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.383 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Local Settings\Application Data\qkm.exe
c:\documents and settings\Owner\Local Settings\Application Data\wtcryfg.exe
c:\documents and settings\Owner\My Documents\~WRL1438.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\cmman
c:\program files\cmman\hf.txt
c:\program files\cmman\sf.txt
c:\program files\Common Files\fqzu
c:\program files\Common Files\fqzu\fqzua.lck
c:\program files\Common Files\fqzu\fqzud\class-barrel
c:\program files\Common Files\fqzu\fqzuh
c:\program files\Common Files\fqzu\fqzul.lck
c:\program files\Common Files\fqzu\fqzum.lck
c:\program files\Common Files\fqzu\fqzup.lck
c:\program files\UNWISE.EXE
c:\windows\$NtUninstallKB59261$\1088464797\@
c:\windows\$NtUninstallKB59261$\1088464797\bckfg.tmp
c:\windows\$NtUninstallKB59261$\1088464797\cfg.ini
c:\windows\$NtUninstallKB59261$\1088464797\Desktop.ini
c:\windows\$NtUninstallKB59261$\1088464797\keywords
c:\windows\$NtUninstallKB59261$\1088464797\kwrd.dll
c:\windows\$NtUninstallKB59261$\1088464797\L\akygdmgo
c:\windows\$NtUninstallKB59261$\1088464797\lsflt7.ver
c:\windows\$NtUninstallKB59261$\1088464797\U\00000001.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000002.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000000.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000032.@
c:\windows\$NtUninstallKB59261$\2815913818
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~YDKJ4.tmp
c:\windows\desktop
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\OOL80811.ocx
c:\windows\system32\~GLH0003.TMP
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6rcoa4j3.dat
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\inf
c:\windows\system32\inf\hpqps2kb.inf
c:\windows\system32\keep in touch with HP.htm
c:\windows\system32\OLD29A.tmp
c:\windows\system32\ps2.bat
c:\windows\system32\service
c:\windows\system32\service\09092011_TIS17_SfFniAU.log
c:\windows\system32\SET2099.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
c:\windows\$NtUninstallKB59261$ . . . . Failed to delete
.
c:\windows\system32\drivers\afd.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:37 . 2011-12-01 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-12-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-4-20 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-4-20 16384]
HP OfficeJet Series 500 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2011-2-7 1175552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-3-13 40960]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^POWERR~1.EXE]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\POWERR~1.EXE
backup=c:\windows\pss\POWERR~1.EXEStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
2001-12-13 04:59 98304 ----a-w- c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
2001-12-13 04:52 155648 ----a-w- c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10/24/2010 10:38 AM 20328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/18/2009 7:08 PM 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/18/2009 5:53 PM 36432]
S0 dptrlq;dptrlq;c:\windows\system32\drivers\ldnmlqnd.sys --> c:\windows\system32\drivers\ldnmlqnd.sys [?]
S0 uagy;uagy;c:\windows\system32\drivers\flswa.sys --> c:\windows\system32\drivers\flswa.sys [?]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/18/2009 7:09 PM 677128]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/20/2002 9:35 PM 144860]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 19:15]
.
2012-01-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
2012-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\clnzcqfx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: [You must be registered and logged in to see this link.] - %profile%\extensions\toolbar@ask.com
FF - Ext: Add to Amazon Wish List Button: [You must be registered and logged in to see this link.] - %profile%\extensions\amznUWL2@amazon.com
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-18 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2346936418-2607014498-1974565712-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\S3apphk.exe
c:\progra~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-18 23:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 07:59
.
Pre-Run: 34,645,467,136 bytes free
Post-Run: 36,415,332,352 bytes free
.
- - End Of File - - C42D30B26CD69C28D2B690DF68843572

Malwarebytes Anti-Malware 1.60.0.1800
[You must be registered and logged in to see this link.]

Database version: v2011.12.24.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILY [administrator]

1/19/2012 12:31:00 AM
mbam-log-2012-01-19 (00-31-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353451
Time elapsed: 2 hour(s), 50 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu Jan 19, 2012 9:46 pm

You will need to replace this file as it is contaminated c:\windows\system32\drivers\afd.sys Do you have a Windows disc.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu Jan 19, 2012 10:24 pm

Im not sure if they still have the windows disc still but I'll try looking for it.

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Fri Jan 20, 2012 10:46 pm

I can't find the cd but we have the 8 disc system recovery CDs that came with the desktop. Would they work?

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Fri Jan 20, 2012 11:24 pm

I doubt if it will find that file so you will have to remove it first so that the recovery CD can replace. Failing that you could download it from someones computer and then replace it.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Fri Jan 20, 2012 11:47 pm

Where should I download it from, or do you mean copy the file from another computer and transfer it onto the infected computer?

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Sat Jan 21, 2012 1:20 am

Yes.Copy it from another computer.Remove the old file and replace it.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Mon Jan 23, 2012 6:31 pm

Ok I won't be able to get to a working computer till tomorrow so I may not reply till after tuesday. Is there any other file that I need to replace besides c:\windows\system32\drivers\afd.sys

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Mon Jan 23, 2012 9:23 pm

Just that one file to replace.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Wed Jan 25, 2012 6:41 am

I have successfully replaced the file from a working computer to the infected one and i'm now able to connect to the internet again as well.

Omnioshi
Novice
Novice

Posts Posts : 42
Joined Joined : 2009-12-06
Gender Gender : Male
OS OS : sony windows xp laptop
Points Points : 26130
# Likes # Likes : 0

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Wed Jan 25, 2012 6:58 am

Ok.All done. All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall





(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.



Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download [You must be registered and logged in to see this link.] to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

=============================








[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Posts Posts : 222
Joined Joined : 2010-03-06
Gender Gender : Male
OS OS : Windows 7
Points Points : 28148
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum