brent701
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 Neutral-
Right now I do not have a AV program installed. What is a good low resource AV program that I can use.
-
Both my flash drives, along with my external hard drive are infected with the virus. I have a lot of important data on external drive that I would like to be able to use. I was able to do a online scan using ESET and it said I had a Win32 Sality variance. I did some research on this virus http://www.ca.com/us/securityadvisor/virus...s.aspx?id=52797 My computer exhibits all of those behaviors. I would like to remove the virus from my external drive if possible, it appears that all PE Executable files on the external drive have been infected. I am hesitant to even try to remove the files as every time i plug in my external drive or flash drives my computer is reinfected and I have to load a restore point for it to fix the problem. Any help on how to clean my external and flash drives would be appreciated.
-
Computer appears to be working correctly. Below are my complete HJT and MBAM logs. I reformatted my hard drive and did a reinstall of windows. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:47 PM, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -- End of file - 1129 bytes Malwarebytes' Anti-Malware 1.30 Database version: 1366 Windows 5.1.2600 Service Pack 2 11/4/2008 10:24:39 PM mbam-log-2008-11-04 (22-24-39).txt Scan type: Full Scan (C:\|) Objects scanned: 43154 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
sorry i have no been able to post the log I have been very busy. Some updated details. I am just about positive that I have Win32 sality or one of its variants. The virus has infected my flash drives, I know this because when i plugged in the flash drive into this computer the virus infected this computer. Fortunately I immediately did a system restore point on this computer and unplugged the flush drive and now this computer is clean. This really sucks because I also have an external hard drive with all my important data on it and I fear that it too is probably infected. I will try to post the logs tonight if I can.
-
I didnt edit the logs I just cut and pasted from the notepad. I did a reformat of the hard drive and reinstall of windows and the problem is still there. I have done further research and I believe I have a win32 Sality variant. Please advise.
-
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:26 AM, on 11/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe Scan type: Quick Scan Objects scanned: 38392 Time elapsed: 1 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Guys I cannot believe I am posting this I am totally befuddled by this. It appears that I have some sort of virus/trojan on my computer called hijack.taskmanager. I am unable to access my task manager nor my registry. In addition I am unable to access the trend micro housecall scan or panda scan. The good news is my computer is basically clean right now with no programs installed on it yet so I would like to get this fixed asap. Will post logs below.