Jump to content

Malware trace recurring


Recommended Posts

hi there,

First of all, I want to thank you all for Malwarebytes, this is an excellent software that saved my computer twice this year alone. It's great work you do here!

Second of all, I am still having a recurring trace of one malware being found everytime I run a scan. I'll appreciate your help. :D

Here is what happened:

About a week ago my computer was infected with (what I believe) the
TDSSserv.sys
virus. My computer became unboot-able. I can't even boot to Safe mode. The only resolution was to do a
repair install
on Windows.
After windows returned I found both Malwarebytes and Spybot S&D (both had been on my computer) unloadable. My browser was hijacked to re-direct to sites like "ToSeeka". Luckily the address bar was still usable so I combed the internet for a solution and eventually found it
http://*.kingstonbooks.com

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

------------------------------------------------------

Last MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 2

3/28/2009 8:40:20 PM

mbam-log-2009-03-28 (20-40-20).txt

Scan type: Quick Scan

Objects scanned: 96053

Time elapsed: 14 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------

I appreciate if someone can take a look.

Thanks!

:D

Link to post
Share on other sites

Sorry for the double post. Just want to add an additional note that, Spybot S&D reports the same trace as 3x files of the Win32.agent.pz. They are in the same registry category "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID" as Malwarebytes reported above.

Link to post
Share on other sites

  • Staff

Hi,

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Since Malwarebytes itself is outdated (it's now 1.35 version) and the Database version is WAY outdated, I suggest you redownload/update it and perform a new scan.

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.