Jump to content

maj

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Haha I will do that. Unfortunately I knew how to prevent, my first virus in 5 years . Also I know how I got it too, I downloaded Avi2Dvd, which is freeware, and had some adware on it, and I let it install. My own stupidity, so I hope it helps to tell people to watch out when downloading that program! Thanks tons for the help! Also great program you guys made, and the trial or free version, EXCELLENT! Thanks
  2. Sorry for doing a double post, but I thought about the location of that and I disabled system restore and rebooted, rescanned and got this. Malwarebytes' Anti-Malware 1.43 Database version: 3554 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/14/2010 1:11:11 PM mbam-log-2010-01-14 (13-11-11).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 184840 Time elapsed: 23 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) So I think its clean now? I think disabling the system restore worked I dont know, but it seems like it?
  3. I rescanned after I did the deletion and reboot of the former log results, and I got this. Malwarebytes' Anti-Malware 1.43 Database version: 3554 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/13/2010 7:19:01 PM mbam-log-2010-01-13 (19-19-01).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 191484 Time elapsed: 32 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP105\A0021863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  4. Hello I followed your instructions as you said. I dont know if this makes a difference, the first reboot was successful, I rescanned deleted rebooted, on the second time to start up it wouldnt load windows, it went to a black screen I had to manually turn it off and start back up, but here is the results. Malwarebytes' Anti-Malware 1.43 Database version: 3554 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/13/2010 5:36:58 PM mbam-log-2010-01-13 (17-36-58).txt Scan type: Quick Scan Objects scanned: 120258 Time elapsed: 6 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\H8SRTmwpawktetj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTpoaqjnbkpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTskakboirrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\H8SRTlhlsmlgibq.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\123\Local Settings\Temp\H8SRT1ded.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\H8SRTkvkqlxrhcj.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. s
  5. Hey everyone a few days ago, I got this Malware Defense virus, and all the lovely trojans along with it. After finding a guide using malwarebytes and studying on this thing, I removed it and all. And Malwarebytes said my pc was clean yet after the restart, Firefox wont work, just gives Drwatson error when I try to open. So I run this program called rkill from the guide to kill the rootkit and open new explorer.exe, and all is fine, I scan with Malwarebytes again and it shows Rootkit.TDSS is hiding in registry HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT. Yet when I go into the registry in normal or safe mode the registry key is not there?! This is a repeated process every time I turn my computer on. I have included the log here from safe mode, I have other from regular if its wanted. Some help on how to finally get rid of this is really appreciated! Thanks. Malwarebytes' Anti-Malware 1.44 Database version: 3458 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 1/12/2010 1:02:21 PM mbam-log-2010-01-12 (13-02-21).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 189841 Time elapsed: 19 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.