Sander

I have this too. It detected my Regcure autoupdate.dll as malicious, my Symantec, and EVERYOTHER thing. I firstly clicked "terminate" but after clicking terminate a good 10 times, and finding many things "infected" i realised it was acting weird. And then my whole pc froze, and i had to do a hard restart, by holding down the off button. What exactly is going on. I just ran a scan and it has found nothing. I hope a fix is made soon, as i enjoy using MBAM.

Ok, heres the Panda 2.0 scan results. ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-10-14 20:02:48 PROTECTIONS: 3 MALWARE: 5 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.4005.0 No Yes Norton 360 8.2.0.81 No No Norton Antivirus Internet Security 2008 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Lysander\AppData\Roaming\Microsoft\Windows\Cookies\lysander@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Lysander\AppData\Roaming\Microsoft\Windows\Cookies\Low\lysander@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Lysander\AppData\Roaming\Microsoft\Windows\Cookies\lysander@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Lysander\AppData\Roaming\Microsoft\Windows\Cookies\lysander@tradedoubler[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Lysander\AppData\Roaming\Microsoft\Windows\Cookies\lysander@ads.pointroll[2].txt 03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\Lysander\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0929c254\Report.cab[jndvpafb.dll.xor] 03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\Lysander\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report089d387d\Report.cab[jndvpafb.dll.xor] ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ��O� ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ��O� ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== This is whatit said about the virus Common name: Xor-encoded.A Technical name: W32/Xor-encoded.A Threat level: Medium Type: Virus Effects: It carries out damaging actions on the affected computer. It does not spread automatically using its own means. Affected platforms: Windows 2003/XP/2000/NT/ME/98/95 First detected on: June 2, 2008 Detection updated on: July 9, 2008 Statistics Yes Proactive protection: Yes, using TruPrevent Technologies Brief Description Xor-encoded.A is a virus that spreads to other computers by copying its code to other files or programs. Xor-encoded.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Thanks for the advise i ran a 'Quick Scan' and these are the results: Malwarebytes' Anti-Malware 1.25 Database version: 1062 Windows 6.0.6001 Service Pack 1 16:49:30 14/10/2008 mbam-log-10-14-2008 (16-49-30).txt Scan type: Quick Scan Objects scanned: 41767 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And my HijackThis results: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:32, on 14/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\Windows\vVX1000.exe C:\Windows\system32\schtasks.exe C:\Windows\RtHDVCpl.exe C:\hp\support\hpsysdrv.exe C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\jusched.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\hp\kbd\kbd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [LifeChat] "c:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 11034 bytes I will post the panda scan once its done Thanks for the help. EDIT: Seems to have found 7 infected items with the Panda scan, but its only 13% through the scan. Weird how Notron 360 2.0 found NOTHING...

Well my main question is, What should i do with the things in my virus vault? My computer has been acting up recently. I was doing a malware bytes scan which found nothing and a norton scan which, again found nothing. But i just saw in my malware bytes quarantine zone there are 4 things: Malware.Trace (category) registry key Trojan.Vundo (category) registry key Rogue.SystemErrorFixer (category) reegistry key Trojan.Vundo (category) registry key They've been there since the 26/8/08 What i want to know is should i delete them all? Or should i leave them there incase theres a back door trojan that will just make another? And does Norton 360 2.0 remove backdoor trojans? Many thanks. My next question is something i have had a serious problem with and just need to know what it is, or hopefully, how i can fix it. A while ago, lets say 1 month ago, my pc started acting odd. When i would go to download from Internet Explorer, the download would finish but JUST as itdid, Internet Explorer has stopped working would pop up. EVERY TIME And also if i try to download something a friend would send me from MSN it would suddenly crash, saying it had stopped working. I finally found a way to download FireFox, somehow. That lets me download, but MSN is still not letting me and neither does IE. So does anyone have any idea what the problem might be? Many thanks