kensob Posted April 20, 2010 Share Posted April 20, 2010 I checked into a hotel and got the wireless internet. Almost immediately I got messages from Antimalware Doctor that Iam infected. I know this is the virus but want to stop it. It seems as though there is an endless loop where I cannot open Firefox either. I tried to open Task Manager or to look at the Hidden Files but both options seem to be blocked. I find Packed.Mystic!gen3 is found by Symantec Endpoint which it says is quarantined. How can I get rid of this bug? Link to post Share on other sites
Tx Redneck Posted April 21, 2010 Share Posted April 21, 2010 Try rebootin into Safe Mode with networking then try this. Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Link to post Share on other sites
kensob Posted April 22, 2010 Author Share Posted April 22, 2010 (edited) Here are the results of the scan. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4021 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/22/2010 8:38:59 AM mbam-log-2010-04-22 (08-38-59).txt Scan type: Quick scan Objects scanned: 113818 Time elapsed: 8 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\Documents and Settings\MYNAME\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Unloaded process successfully. Memory Modules Infected: c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{252e4288-fd55-4506-a456-9208c6be7cc8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c6bef952-dc8f-4435-8004-795aa3183414}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.185,93.188.161.153 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot. C:\Program Files\Internet Explorer\ws2_32.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\scsichk.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Jpadia.exe (Trojan.CodecPack) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\MYNAME\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. Edited April 22, 2010 by kensob Link to post Share on other sites
JonTom Posted April 22, 2010 Share Posted April 22, 2010 Hello kensob You had some very nasty stuff on your machine (Backdoors and Rootkits). It may be the case that there are still a few things that need to be taken care of. If I were you I would create a thread in the HJT forum and ask the good people there to check your system: http://forums.pcpitstop.com/index.php?showforum=25 Include a link to this thread or alternatively post the MBAM log in the new thread. Then wait for a Trusted HJT Advisor to get in touch. They will ask you to perform some system scans and then advise you if anything else needs to be done. JonTom Link to post Share on other sites
Tx Redneck Posted April 22, 2010 Share Posted April 22, 2010 I'll second what Jon Tom said. That would be your best approach after seeing the results of Malwarebytes. Tx Link to post Share on other sites
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now