Jump to content

i think im infected


Recommended Posts

i followed the advise from this link

http://forums.malwarebytes.org/index.php?showtopic=9573 and attach dds and attach.txt files.

my problem is that I ran a scan using malwarebytes and trojan,ransom came up. However, although I click on delete each time I scan malwarebytes, there it is again. I havent noticed any real problems with my laptop and I think this may be b/cos I have adblock plus, java script blocker and ad sweep as my extensions on google chrome. This means i havent seen any ads that have told me I need to pay £200 etc to secure my laptop.

I'm worried though, how long this virus may have been lurking on my laptop and has anyone hacked into my emails etc.

also i have C:\Users\tasha\LOCALS~1\Temp\misqepzd.scr in my registry Editor and from some of the things ive seen online this is part of the trojan ransom file. I am unable to delete this file, I just get an error message.

Please help me sort out my laptop.

Natasha

dds.txt

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Can you post the log from Malwarebytes.

and.................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

hi

heres my log from malwarebytes

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.10.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

tash :: TASH-PC [administrator]

11/11/2012 07:04:11

mbam-log-2012-11-11 (07-04-11).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 396929

Time elapsed: 2 hour(s), 32 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr -> Delete on reboot.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

norton quarantined RK and i cant turn off the anti virus as i dont remember the password. despite me changing it, norton internet secruity still says its wrong, so looks like ill have to wait util the subscription ends, which is in 24 days to handle this. just hope i have a laptop left because either the virus gets it or ill be smashing it against the wall as im so frustrated right now with

trying to fix this problem.

Link to post
Share on other sites

thanks Mr C. Safemode worked a treat!

Here's the rogue killer report:

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Safe mode with network support

User : tash [Admin rights]

Mode : Scan -- Date : 11/12/2012 00:22:26

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] HelpPane.exe -- C:\Windows\HelpPane.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr) -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-1318478840-3371492657-2732113864-1000[...]\Windows : Load (C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-60UST0 +++++

--- User ---

[MBR] ea0a514a8d2e1f7ccdd7223ab51be50a

[bSP] 9b9bda5795e7c8c3cca819057b684259 : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102908 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210756735 | Size: 11562 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11122012_02d0022.txt >>

RKreport[1]_S_11122012_02d0022.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr) -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-1318478840-3371492657-2732113864-1000[...]\Windows : Load (C:\Users\tash\LOCALS~1\Temp\msiqepzd.scr) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next..............

Please create a new system restore point before running Malwarebytes Anti-Malware.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.