Jump to content

Recommended Posts

This is a cleaner and hopefully better formatted thread than my previous one, shown here: http://forums.malwarebytes.org/index.php?showtopic=100137. Sorry for the inconvenience. This contains my MalwareBytes scan and the attached document is the requested DDS log

Last night, I encountered the virus AV Protection 2011. Terminated the process, ran TDSS Killer and rkill followed by a MalwareBytes scan. Deleted several items, which can be seen in the log posted below. Also attempted to use a program called FixExe from BleepingComputer, which only registered itself within my computer and did nothing else. Restarted the computer, AV Protection acted up again and I terminated it and located it in my system32 folder and deleted it. Ran a scan again, deleted several more items. Rebooted again, and no virus appears to be operating. However, my computer cannot connect to the Internet and it appears that my anti-malware (avast!) is not operating. Files concerning my printer also seem to be malfunctioning, as everything I try to print is canceled. A screenshot of the provided error messages from the the printer and Avast! are attached. Also, when I woke up this morning, I found that all other devices that were uninfected could not access the Internet, with the exception of a few sites I have bookmarked that receive less traffic than sites such as Yahoo and Facebook. Could this be a coincidence? Full connection was restored after unplugging and replugging the Internet in. It would be greatly appreciated if someone can explain if my computer can possibly possess traces of the AV Protection 2011 and the rootkit.TDSS and also if these viruses may have complicated other programs such as seemingly disable my anti-malware, printer, and Internet connection. Also, it would be nice to receive thoughts on how and why my other uninfected devices were unable to connect until the Internet was reset. Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

19/11/2011 2:26:14

mbam-log-2011-11-19 (02-26-14).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 409699

Time elapsed: 4 hour(s), 20 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\616r (Trojan.Agent) -> Value: 616r -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\sephiroth_2\local settings\temp\avf.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temp\avg.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temp\avj.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temp\avk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temp\raexcsomwn.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temp\29.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\Temp\Addons\0EE3D03F\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\Temp\Addons\4996A54B\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\local settings\temporary internet files\Content.IE5\93IS8VQ5\indy-indyesigns-dtx[1].exe (PUP.Zugo) -> Quarantined and deleted successfully.

c:\program files\red alert 2 yuri's revenge\Ra2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\stephhaneey\local settings\Temp\0.4289667982725375.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

c:\documents and settings\sephiroth_2\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.

attach.txt

dds.txt

Error Messages Screenshot.bmp

Link to post
Share on other sites

My parents have decided to replace the infected XPSP2 computer with an old XPSP1 that has been updated to SP2. We still have the infected computer, but it is not hooked up with any wires. Perhaps one day I will attempt to use Combofix on it and see report back to you guys and ask questions.

Thanks for the help, though!

Link to post
Share on other sites

  • Staff

Bane,

Please try to get it up and running. It is important because if you forget about it in the future and hook it up again, you may infect your entire network.

For this newer computer, it is absolutely essential that you upgrade to Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates.

Let me know if the update was successful.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.