Jump to content

Change Mode

A Virus, Trojan And Malware


heaven
 Share

Recommended Posts

Hello, sure hoping i can find some help on this. On the 23rd, had a virus come into this pc, which i think now is a worm to get into my pc. All this is my fault cause i took the chancing it without proper virus protection. Was only using Spyware Terminator. At that time any virus protection i tried using, slowed this pc down to almost nothing, it was taking up to 5 to 7 minutes to just get a internet page up. So did away temporarily with virus protection. After the virus jumped in, 'Win32:Crypt-HQJ[Drp]' It immediately started doing damage. I ran Spyware terminator and it supposedly took out the virus. But it was steadily trying to come in and my spyware was trying to block it, but then i had trouble no matter what i tried doing online. My son suggested using a different explorer, thinking Internet Explorer itself being the potential hole this thing was coming through. So we downloaded Mozilla Firefox and disabled Internet Explorer. It ran and still running great. Much better then Internet Explorer. I went in and downloaded Avast virus protection, ran it and it took out again the virus i mentioned above. For some reason and not sure why but seems Internet Explorer was having some kind of conflict with virus protections i tried using. Not having this problem now with Mozilla Firefox.

 

Avast has been blocking tons and tons of stuff. Was blocking up to 20 virus's and stuff within an hours time. What keeps trying to come in on me is mainly three different things. "Win32:Crypt-HQJ[Drp], Win32:Rootkit-gen[Rtk], Win32:Malware-gen". To me, i keep thinking the hole is still there somewhere in my pc but i don't know how to find it and fix it. Know whenever these three would try coming in it would give the addy to where it was going. There are tons of places like

 

C:\DOCUME~1\1\LOCALS~1\Temp\win.eve

 

C:\WINDOWS\winamp.exe

 

C:\WINDOWS\Explorer.exe

 

C:\WINDOWS\taskmgr.exe

 

Just a few there as an example. Avast is doing a good job not letting these things in.

 

All this together has left me with damage now and i haven't a clue how to fix those problems. Don't have a restoration disk to this pc. This pc given to my daughter a year ago. Can't do a system restore, the virus has seems to disabled it, and haven't had no luck fixing it yet. Can't get into my registry, Msconfig. can't get into to see if my windows firewall is on or off. but then it may be off and might be what was causing any virus protection from working properly. I run an online forum, a much different set as this forum, but when i go to post. I'm not able to use any of the features like posting a link, or putting something in bold, can't use the front or anything. So know now my abode reader is not working correctly, and i've tried fixing it and can't. When restarting my computer, 7 little boxes comes up every time. saying

Error loading C:\WINDOWS\system32\aju7s2.dll - this one comes up twice

The specified module could not be found.

 

The other ones are....

 

C:\WINDOWS\system32\v2sq9mkjy5.dll - this one comes up twice

C:\WINDOWS\system32\z4tjb0ntj.dll - this one comes up twice

C:\WINDOWS\system32\beortmd.dll

 

at the top of all these says RUNDLL

 

Also, the room on this pc has dropped a great deal. to me is great, but then it may be some of my files are now missing or something.

 

One more thing, for the first time yesterday avast did not have to block nothing from trying to come in. This seems good.

 

Please, pleaseeeee help if you can!!!

 

Thank you.

heaven

 

Sorry this was so long.

Edited by heaven
Link to comment
Share on other sites

Hi and welcome

 

 

The error messages are coming from those infected files being temporarily deleted, and I'm assuming being recreated and possibly under different bogus file names.

 

I think eventually we'll have to move you over to a different sub forum that handles infections specifically.

 

For now let's see if we can download and run a tool that might help us out a bit.

 

~~~~~~~~~~~~~~~~~~~~~~`

 

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program

as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

========================

 

Please download Malwarebytes' Anti-Malware to your desktop.....Posted Image

 

Additional Link

Here also

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

Tutorial if needed

http://thespykiller.co.uk/index.php/topic,5946.0.html

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

 

 

In your next reply post:

Malwarebytes' Anti-Malware log

Link to comment
Share on other sites

Hi and Thank you for the Welcome and ty so much for helping me out.

 

Here's the log, was surprised to see all it cleared out.

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4052

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

11/28/2010 11:18:48 AM

mbam-log-2010-11-28 (11-18-48).txt

 

Scan type: Quick scan

Objects scanned: 117526

Time elapsed: 15 minute(s), 21 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 21

Registry Values Infected: 5

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\system32\npqss.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\npqss.ini2 (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

BYW...as the scan was running, my avast virus blocker thingy popped you least 6 or 7 times as it was scanning. First time doing that in the past 30 hours maybe, but not since removing these things. Plus there were a few files or folders that could not be removed.

Link to comment
Share on other sites

BYW...as the scan was running, my avast virus blocker thingy popped you least 6 or 7 times as it was scanning. First time doing that in the past 30 hours maybe, but not since removing these things. Plus there were a few files or folders that could not be removed.

 

Avast saw the files it was after, my first thought.

 

MBAM couldn't remove a few files or folders or Avast couldn't remove?

Have you rebooted your computer since running the Malwarebytes' Anti-Malware scan?

How is your computer at the moment?

 

Tell ya what, let's ensure it collected it all.

 

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Link to comment
Share on other sites

Yes i rebooted after the first scan was done. PC seems to be running good for the most part and running faster. Though when i first try opening up a webpage it takes a while to open, once opened its running fast as it should be. Though this is a problem i was having before the virus 's begin coming in on me.

 

The first reboot after scanning the first time, once restarting all 7 of those 'Error loading' meassges popped up as usual. After this last scan and the pc restarting, only one 'Error loading' message popped up. This one > C:\WINDOWS\system32\beortmd.dll

 

Outside of that, all seems great.

 

Here is the Log of previous scan, this time it took out 59 infections. Are these infections missed from first scan or new ones that come in?

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 5207

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

11/28/2010 2:48:35 PM

mbam-log-2010-11-28 (14-48-35).txt

 

Scan type: Quick scan

Objects scanned: 144120

Time elapsed: 15 minute(s), 33 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 50

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\UO8KTAT1GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uo8ktat1gy (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvc.0 (windows; u; windows nt 6.0; en-us; rv:1.9.0.3) gecko/2008092417 firefox/3.0.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnoc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnb (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnfq (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnsd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnep (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvz.0 (windows; u; windows nt 6.0; en-us; rv:1.9.1.1) gecko/20090715 firefox/3.5.1 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf5.0 (windows; u; windows nt 5.1; en-us) applewebkit/534.0 (khtml, like gecko) chrome/6.0.408.1 safari/534.0 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnfq.0 (windows; u; windows nt 6.0; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf5.0 (windows; u; windows nt 5.1; en-us) applewebkit/533.9 (khtml, like gecko) chrome/6.0.401.1 safari/533.9 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf5.0 (windows; u; windows nt 6.0; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf5.0 (windows; u; windows nt 5.1; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf5.0 (windows; u; windows nt 5.1; en-us; rv:1.9.0.1) gecko/2008070208 firefox/3.0.1 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnb5.0 (windows; u; windows nt 5.1; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvc.0 (windows; u; windows nt 5.1; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnb5.0 (windows; u; windows nt 5.1; en-us; rv:1.9) gecko/2008052906 firefox/3.0 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvc.0 (windows; u; windows nt 6.0; en-us; rv:1.9.2.3) gecko/20100401 firefox/3.6.3 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnfq.0 (windows; u; windows nt 5.1; en-us) applewebkit/534.0 (khtml, like gecko) chrome/6.0.408.1 safari/534.0 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbmc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcrc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpe (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nfacjsiv (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0ndgraxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nncaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnf (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnb (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnsd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnvc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnep (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnfq (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukixnoc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbmc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcrc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpc (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpe (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0ndgraxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nncaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nfacjsiv (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\1\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\1\Local Settings\Application Data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\1\Application Data\skvkfd.bat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

Truly appreciate your help!

Link to comment
Share on other sites

'Error loading' message popped up. This one > C:\WINDOWS\system32\beortmd.dll

There must be a left over registry entry loading at boot up....The malicious file has been removed but not the reg entry to throw that error message.

 

Here is the Log of previous scan, this time it took out 59 infections. Are these infections missed from first scan or new ones that come in?

I think your still infected. Without me or a different advisor being able to see specific logs, wont be able to tell if it's regenerating or not.

 

Glad it's better but I really don't think we're there yet.

 

From here we need to get you over to the HJT forum.

 

http://forums.pcpitstop.com/index.php?/forum/25-hijackthis-logs/

The above link is for the HJT forum. I'll need you to create a new Topic with the requested info from below.

Myself or another Trusted Advisor will assist.

 

 

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.

No need for that though ..... just post it as you would any other log.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...