Jump to content

Change Mode

Virus wont allow Task Manager to Open


Recommended Posts

I checked into a hotel and got the wireless internet. Almost immediately I got messages from Antimalware Doctor that Iam infected. I know this is the virus but want to stop it. It seems as though there is an endless loop where I cannot open Firefox either. I tried to open Task Manager or to look at the Hidden Files but both options seem to be blocked. I find Packed.Mystic!gen3 is found by Symantec Endpoint which it says is quarantined. How can I get rid of this bug?

Link to post
Share on other sites

Try rebootin into Safe Mode with networking then try this.

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Link to post
Share on other sites

Here are the results of the scan.

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Database version: 4021

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

4/22/2010 8:38:59 AM

mbam-log-2010-04-22 (08-38-59).txt

 

Scan type: Quick scan

Objects scanned: 113818

Time elapsed: 8 minute(s), 41 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 8

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 7

 

Memory Processes Infected:

C:\Documents and Settings\MYNAME\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Unloaded process successfully.

 

Memory Modules Infected:

c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{252e4288-fd55-4506-a456-9208c6be7cc8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c6bef952-dc8f-4435-8004-795aa3183414}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.

C:\Program Files\Internet Explorer\ws2_32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\scsichk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Jpadia.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\MYNAME\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by kensob
Link to post
Share on other sites

Hello kensob

 

You had some very nasty stuff on your machine (Backdoors and Rootkits). It may be the case that there are still a few things that need to be taken care of.

 

If I were you I would create a thread in the HJT forum and ask the good people there to check your system:

 

http://forums.pcpitstop.com/index.php?showforum=25

 

Include a link to this thread or alternatively post the MBAM log in the new thread.

 

Then wait for a Trusted HJT Advisor to get in touch. They will ask you to perform some system scans and then advise you if anything else needs to be done.

 

JonTom

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...