i am infected.. help needed.. threats come back when i restart the system.

[arvindh]

Help needed,

My system has been infected. Whenever mbam scans it detects 7 threats and when i try to remove them these appear back when i restart the system.

i've include the following logs: DDS.txt and Attach.txt and the mbam log

Thanks in advance

mbam-log-2012-05-07 (12-25-30).txt

attach.txt

dds.txt

[Maurice Naggar]

Hello arvindh.

When you ran MBAM, you did NOT have it remove what it detected !!!

see

Registry Keys Detected: 2

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Why is that ??

Also, be extremely aware that indication is you may have a "sality" infection !

Has this pc always had McAfee AntiVirus Plus ? and is it fully up-to-date ?

You just added MBAM & McAfee today, May 7. What antivirus program was installed before ?

If (a) you did NOT have an anti-virus application installed before, or (b) you didn't have an anti-virus application installed when the machine got infected, and/or © you've neglected to keep the machine fully patched at Windows Update....

The best and only thing to do in a case like this is to wipe the system in total and do a clean install of Windows.

See Malware Removal: When to Flatten and Reinstall

do a clean (new) Windows Install:

Before you do that, make sure you have at hand the Windows XP CD (or else you will have to use the pc-manufacturer factory restore procedure) and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, sice they will be outdated & of no use. Install your antvirus immediately after.

Other security references at Microsoft

4 steps to protect your computer

How to boost your malware defense and protect your PC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!