Jump to content

brent701

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Right now I do not have a AV program installed. What is a good low resource AV program that I can use.
  2. Both my flash drives, along with my external hard drive are infected with the virus. I have a lot of important data on external drive that I would like to be able to use. I was able to do a online scan using ESET and it said I had a Win32 Sality variance. I did some research on this virus http://www.ca.com/us/securityadvisor/virus...s.aspx?id=52797 My computer exhibits all of those behaviors. I would like to remove the virus from my external drive if possible, it appears that all PE Executable files on the external drive have been infected. I am hesitant to even try to remove the files as every time i plug in my external drive or flash drives my computer is reinfected and I have to load a restore point for it to fix the problem. Any help on how to clean my external and flash drives would be appreciated.
  3. Computer appears to be working correctly. Below are my complete HJT and MBAM logs. I reformatted my hard drive and did a reinstall of windows. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:47 PM, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -- End of file - 1129 bytes Malwarebytes' Anti-Malware 1.30 Database version: 1366 Windows 5.1.2600 Service Pack 2 11/4/2008 10:24:39 PM mbam-log-2008-11-04 (22-24-39).txt Scan type: Full Scan (C:\|) Objects scanned: 43154 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. sorry i have no been able to post the log I have been very busy. Some updated details. I am just about positive that I have Win32 sality or one of its variants. The virus has infected my flash drives, I know this because when i plugged in the flash drive into this computer the virus infected this computer. Fortunately I immediately did a system restore point on this computer and unplugged the flush drive and now this computer is clean. This really sucks because I also have an external hard drive with all my important data on it and I fear that it too is probably infected. I will try to post the logs tonight if I can.
  5. I didnt edit the logs I just cut and pasted from the notepad. I did a reformat of the hard drive and reinstall of windows and the problem is still there. I have done further research and I believe I have a win32 Sality variant. Please advise.
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:26 AM, on 11/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe Scan type: Quick Scan Objects scanned: 38392 Time elapsed: 1 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Guys I cannot believe I am posting this I am totally befuddled by this. It appears that I have some sort of virus/trojan on my computer called hijack.taskmanager. I am unable to access my task manager nor my registry. In addition I am unable to access the trend micro housecall scan or panda scan. The good news is my computer is basically clean right now with no programs installed on it yet so I would like to get this fixed asap. Will post logs below.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.