Demosai

noknojon, thank you very much. I will do those steps. Oh and one thing by the way. I found out what this thing is.... Its WIN32.Sality Maybe Malware Bytes alone is not build for this coz its a multi purpose virus I guess? It has malwares, worms, dirty scripts, injectors and works as a team. O_O Gosh. ------------------------------------------------------- Haider, I did a quick scan and a full scan too. Here is a log of a quick scan. If I do another quick scan, it pops the same thing. Its like self reviving. ^^ Scan type: Quick scan Objects scanned: 117686 Time elapsed: 10 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 18 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\jfjwnk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\jqlhyt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\autorun.inf (Malware.Packer.Gen) -> Delete on reboot. C:\kveg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\pjwy.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa1499468.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa1499656.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41967328.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa4982562.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa4982750.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41967140.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41348687.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41348890.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41925671.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41925875.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41956281.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa41956468.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\WINDOWS\system32IISW.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.

Sorry for not responding on former thread. I was so busy and in a hury to finish my job that time so I go PLAN B and work temporarily on my brother's PC. Now I am back on my own PC that have very very sensitive files including my video, which I am not yet finish editing. I did everything I possibly can. I installed an anti virus, guess what? This malware is fighting back and closing the installer + in the same time corrupting the anti virus installer. So what I did, I switch my OS to safe mode.. Oh.. Guess what? The malware corrupted my OS's safe mode. So what I did, I installed temporarily Sigwa Antiviral Tool kit which is a restriction remover and scanner. I removed the restrictions caused by the malware (regedit,firewall, taskmanager etc...). This tool even restores my OS's corrupted safe mode. But guess what? After 2 seconds Aprox... Its back... I can't access anything! So I used sigwa rrt again and once it restored my safe mode I immediately pull the plug out. Ok now I am in safe mode. Installed Avira... Guess what happen when I am in OS normal mode again? It corrupted the anti virus. I even fought it by using the cacls + attrib command to totally lock the autorun.ini of my 5 drives... Guess what after 15 mins aprox? It self unlocked. WoW! Hahaha. Installing MalwareBytes is flawless... Its like the malware can't recognize this software as a threat. I scanned at first and it saw 14 malwares if I am not mistaken. Then I scanned again and it detected 5.... I request me to restart the PC... next time again.. 5 detected + required restart... Never ending. --------------------------------------------------------------- Scan type: Flash scan Objects scanned: 86990 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\xml2u (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (TAGA LIPA ARE!) Good: (Internet Explorer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Glenn\Application Data\svighost.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\com.run (Trojan.Banker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\Systemprofile\Application Data\inst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32AKV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. ------------------------------ Scan type: Flash scan Objects scanned: 86716 Time elapsed: 1 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------ Scan type: Flash scan Objects scanned: 86932 Time elapsed: 4 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------- Scan type: Flash scan Objects scanned: 86772 Time elapsed: 1 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------ 00:06:04 Glenn MESSAGE Protection started successfully 00:07:50 Glenn MESSAGE IP Protection started successfully 00:12:34 Glenn DETECTION D:\emuih.exe Malware.Packer.Morphine QUARANTINE 00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader QUARANTINE 00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader DENY 00:21:05 Glenn DETECTION D:\Program Files\Cheat Engine\Systemcallretriever.exe Trojan.Downloader DENY 01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine QUARANTINE 01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY 01:01:51 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY 01:04:08 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY 01:04:16 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY 01:04:21 Glenn DETECTION D:\fwnaok.exe Malware.Packer.Morphine DENY 01:06:29 Glenn DETECTION F:\vklso.exe Malware.Packer.Morphine QUARANTINE 01:08:22 Glenn DETECTION H:\dvfibt.exe Malware.Packer.Morphine ALLOW 02:47:30 Glenn MESSAGE Protection started successfully 02:47:38 Glenn MESSAGE IP Protection started successfully 02:58:05 Glenn MESSAGE Protection started successfully 02:58:10 Glenn MESSAGE IP Protection started successfully 03:10:41 Glenn MESSAGE Protection started successfully 03:11:59 Glenn MESSAGE IP Protection started successfully 03:26:57 Glenn MESSAGE IP Protection stopped 15:13:59 Glenn MESSAGE Protection started successfully 15:15:06 Glenn MESSAGE IP Protection started successfully ------------------------------------------- Please help me... If anyone can. I did use Combo fix but its NO USE on my situation. NOTE: Even I did a full scan. Still the same 5 malwares.

As the title states. I hope your team will make this option available.

I have a problem. I thought I already got rid of this Malware but it seems that it won't disappear. Malwarebytes requires me to restart time after time but still the malware remains solid. O_o How to fix this?